Untitled

	<?php
if (!($user -> LoggedIn()))
{
	if (isset($_POST['loginBtn']))
	{
		$username = $_POST['username'];
		$password = $_POST['password'];
		if (!empty($username) && !empty($password))
		{
			if (!ctype_alnum($username) || strlen($username) < 4 || strlen($username) > 15)
			{
				echo '<div class="g_12"><div class="alert alert-danger"><strong>ERROR</strong>:Invalid username format</div></div>';
			}
			else
			{
				$SQLCheckLogin = $odb -> prepare("SELECT COUNT(*) FROM `users` WHERE `username` = :username AND `password` = :password");
				$SQLCheckLogin -> execute(array(':username' => $username, ':password' => SHA1($password)));
				$countLogin = $SQLCheckLogin -> fetchColumn(0);
				if ($countLogin == 1)
				{
					$SQLGetInfo = $odb -> prepare("SELECT `username`, `ID`,`status` FROM `users` WHERE `username` = :username AND `password` = :password");
					$SQLGetInfo -> execute(array(':username' => $username, ':password' => SHA1($password)));
					$userInfo = $SQLGetInfo -> fetch(PDO::FETCH_ASSOC);
					if ($userInfo['status'] == 0)
					{
						$_SESSION['username'] = $userInfo['username'];
						$_SESSION['ID'] = $userInfo['ID'];
						$Query = $odb-> query("INSERT INTO `logins` VALUES ('$username','$ip','$newcount','$time')");
						echo '<div class="g_12"><div class="alert alert-success"><strong>Success</strong>: You are now being redirected to Dashboard</div></div><meta http-equiv="refresh" content="2;url=index.php">';
					}
					else
					{
						echo '<div class="g_12"><div class="alert alert-danger"><strong>ERROR</strong>: Your user was banned</div></div>';
					}
				}
				else
				{
					echo '<div class="g_12"><div class="alert alert-danger"><strong>ERROR</strong>: Login Failed</div></div>';
				}
			}
		}
		else
		{
			echo '<div class="g_12"><div class="alert alert-danger"><strong>ERROR</strong>: Please fill in all fields</div></div>';
		}
	}
}
else
{
	header('location: index.php');
}
?>