Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <div class="loginlogout">
- <?php
- if (!isset($_SESSION['username']) and (isset($_POST['username']))) {
- $username = $_POST['username'];
- $password = hash("sha512", $_POST['password']);
- $uname = mysql_real_escape_string($username);
- $upass = mysql_real_escape_string($password);
- if ((!empty($uname)) or (!empty($upass))) {
- $login = mysql_query("SELECT * FROM `users` WHERE `username` = '" . $uname . "' AND `password` = '" . $upass . "'");
- $bancheck = mysql_fetch_array($login);
- if ($bancheck['banned'] == '1') {
- echo '<p>Your account has been banned.</p>';
- }
- else {
- if (mysql_num_rows($login)) {
- $user = mysql_fetch_assoc($login);
- //extract($user, EXTR_PREFIX_ALL, "users"); // this sets all fields in the mysql database to variables like $user_id for the field "id" in mysql
- $_SESSION['username'] = $user_name;
- $getRealName = mysql_query("SELECT title, forename, surname FROM users WHERE username = '" . $_POST['username'] . "' ");
- $userDetails = mysql_fetch_array($getRealName);
- $useridquery = mysql_query("SELECT * FROM users WHERE `username` = '" . $uname . "'");
- $userid = mysql_fetch_array($useridquery);
- $_SESSION['userid'] = $userid['uid'];
- echo '
- <ul class="pageitem">
- <li class="textbox">
- <h2>Login Accepted</h2>
- <p class="confirmation center">Thank you for logging in ' . $userDetails['forename'] . ' click <a href="index.php">here</a>
- if your browser does not automatically re-direct you.</p>
- </li>';
- }
- else {
- echo "<h2>Error 1</h2>
- <p>Invalid Login or Password.</p>";
- }
- }
- }
- else {
- echo "<h2>Error 2</h2>
- <p>Login Failed - Please Enter Both A Username And Password</p>";
- }
- }
- else{
- echo '<h2>Error 3</h2>
- <p>You Are Already Logged In!</p>';
- }
- ?>
- </div>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement