<div class="loginlogout"> <?php //include ("includes/audit.php");

1. <div class="loginlogout">
2.     <?php
3.     //include ("includes/audit.php");
4.  
5.     if (!isset($_SESSION['username']) and (isset($_POST['username']))) {
6.     $username = $_POST['username'];
7.     $password = hash("sha512", $_POST['password']);
8.     $uname = mysql_real_escape_string($username);
9.     $upass = mysql_real_escape_string($password);
10.  
11.     if ((!empty($uname)) or (!empty($upass))) {
12.         $login = mysql_query("SELECT * FROM `users` WHERE `username` = '".$uname."' AND `password` = '".$upass."'");
13.         $bancheck = mysql_fetch_array($login);
14.        
15.         if ($bancheck['banned'] == '1') {
16.         echo '<p>Your account has been banned.</p>';
17.         }
18.        
19.         else {
20.  
21.         if (mysql_num_rows($login)) {
22.             $user = mysql_fetch_assoc($login);
23.             //extract($user, EXTR_PREFIX_ALL, "users"); // this sets all fields in the mysql database to variables like $user_id for the field "id" in mysql
24.             $_SESSION['username'] = $user_name;
25.             echo '
26.                                             <p>Thank you for logging in ' . $_POST['username'] . ' click <a href="index.php?page=usercp">here</a>
27.                                             if your browser does not automatically re-direct you.</p>';
28.             $useridquery = mysql_query("SELECT * FROM users WHERE `username` = '" . $uname . "'");
29.             $userid = mysql_fetch_array($useridquery);
30.             mysql_query("DELETE FROM loggedin WHERE userid = '" . $userid['userid'] . "'");
31.             mysql_query("INSERT INTO loggedin (`userid`, `username`, `timestamp`, `ip`, `date`) VALUES ('" . $userid['userid'] . "', '" . $converter->userIDToUserName($userid['userid']) . "', '" . date("H:i:s") . "', '" . $visitor . "', '" . date("Y-m-d") . "')");
32.  
33.             $queryForID = mysql_query("SELECT * FROM loggedin");
34.             $getSessionID = mysql_fetch_array($queryForID);
35.             while ($audit = mysql_fetch_array($queryForID)) {
36.             /*Auditing Begins*/
37.             if ($audit['date'] != date("Y-m-d")) {
38.                 mysql_query("DELETE FROM loggedin WHERE userid = '" . $audit['userid'] . "'");
39.             }
40.  
41.             /*Auditing Ends*/
42.             }
43.  
44.             $_SESSION['sessionid'] = $getSessionID['loginid'];
45.             $_SESSION['userid'] = $userid['userid'];
46.  
47.             echo '
48.                                             <script type="text/javascript">
49.                                                 alert("Welcome  ' . $uname . ' please note we will shortly be phasing out support for non gravatar.com avatars. Ask lenwipe for more details")
50.                                             </script>';
51.         }
52.  
53.  
54.         else {
55.             echo "<p>Invalid Login or Password.</p>";
56.         }
57.         }
58.     }
59.  
60.     else {
61.         echo "<p>Login Failed</p>";
62.     }
63.  
64.     }
65.     ?>
66. </div>