Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <div class="loginlogout">
- <?php
- //include ("includes/audit.php");
- if (!isset($_SESSION['username']) and (isset($_POST['username']))) {
- $username = $_POST['username'];
- $password = hash("sha512", $_POST['password']);
- $uname = mysql_real_escape_string($username);
- $upass = mysql_real_escape_string($password);
- if ((!empty($uname)) or (!empty($upass))) {
- $login = mysql_query("SELECT * FROM `users` WHERE `username` = '".$uname."' AND `password` = '".$upass."'");
- $bancheck = mysql_fetch_array($login);
- if ($bancheck['banned'] == '1') {
- echo '<p>Your account has been banned.</p>';
- }
- else {
- if (mysql_num_rows($login)) {
- $user = mysql_fetch_assoc($login);
- //extract($user, EXTR_PREFIX_ALL, "users"); // this sets all fields in the mysql database to variables like $user_id for the field "id" in mysql
- $_SESSION['username'] = $user_name;
- echo '
- <p>Thank you for logging in ' . $_POST['username'] . ' click <a href="index.php?page=usercp">here</a>
- if your browser does not automatically re-direct you.</p>';
- $useridquery = mysql_query("SELECT * FROM users WHERE `username` = '" . $uname . "'");
- $userid = mysql_fetch_array($useridquery);
- mysql_query("DELETE FROM loggedin WHERE userid = '" . $userid['userid'] . "'");
- mysql_query("INSERT INTO loggedin (`userid`, `username`, `timestamp`, `ip`, `date`) VALUES ('" . $userid['userid'] . "', '" . $converter->userIDToUserName($userid['userid']) . "', '" . date("H:i:s") . "', '" . $visitor . "', '" . date("Y-m-d") . "')");
- $queryForID = mysql_query("SELECT * FROM loggedin");
- $getSessionID = mysql_fetch_array($queryForID);
- while ($audit = mysql_fetch_array($queryForID)) {
- /*Auditing Begins*/
- if ($audit['date'] != date("Y-m-d")) {
- mysql_query("DELETE FROM loggedin WHERE userid = '" . $audit['userid'] . "'");
- }
- /*Auditing Ends*/
- }
- $_SESSION['sessionid'] = $getSessionID['loginid'];
- $_SESSION['userid'] = $userid['userid'];
- echo '
- <script type="text/javascript">
- alert("Welcome ' . $uname . ' please note we will shortly be phasing out support for non gravatar.com avatars. Ask lenwipe for more details")
- </script>';
- }
- else {
- echo "<p>Invalid Login or Password.</p>";
- }
- }
- }
- else {
- echo "<p>Login Failed</p>";
- }
- }
- ?>
- </div>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement