if (!($user -> LoggedIn())){if (isset($_POST['logINBoss'])){ $username =

1. if (!($user -> LoggedIn()))
2. {
3. if (isset($_POST['logINBoss']))
4. {
5. $username = htmlspecialchars($_POST['username']);
6. $password = htmlspecialchars($_POST['password']);
7. $errors = array();
8. if (!ctype_alnum($username) || strlen($username) < 3 || strlen($username) > 15)
9. {
10. //$errors[] = 'Username Must Be Alphanumberic And 4-15 characters in length';
11. }
12.  
13. if (empty($username) || empty($password))
14. {
15. $errors[] = '<center><div class="sufee-alert alert with-close alert-danger alert-dismissible fade show" role="alert"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><i class="mdi mdi-check-all"></i>Fill in all fields.</div></center>">';
16. }
17. $SQL = $odb->prepare("SELECT `status` FROM `users` WHERE `username` = :username");
18. $SQL->execute(array(':username' => $username));
19. $status = $SQL->fetchColumn(0);
20. if($status == 1)
21. {
22. $SQL = $odb->prepare("SELECT `reason` FROM `bans` WHERE `username` = :username");
23. $SQL->execute(array(':username' => $username));
24. $ban = $SQL->fetchColumn(0);
25. header('location: banned.php');
26. }
27. if (empty($errors))
28. {
29. $SQLCheckLogin = $odb -> prepare("SELECT COUNT(*) FROM `users` WHERE `username` = :username AND `password` = :password");
30. $SQLCheckLogin -> execute(array(':username' => $username, ':password' => password_hash($password, PASSWORD_DEFAULT)));
31. $countLogin = $SQLCheckLogin -> fetchColumn(0);
32. if ($countLogin == 1)
33. {
34. $SQLGetInfo = $odb -> prepare("SELECT `username`, `ID`, `status` FROM `users` WHERE `username` = :username AND `password` = :password");
35. $SQLGetInfo -> execute(array(':username' => $username, ':password' => password_hash($password, PASSWORD_DEFAULT)));
36. $userInfo = $SQLGetInfo -> fetch(PDO::FETCH_ASSOC);
37. if ($countLogin == 1)
38. {
39. $logAddr = $odb->prepare("INSERT INTO `login_history` (`username`,`ip`,`date`,`http_agent`) VALUES (:user, :ip, UNIX_TIMESTAMP(NOW()), :agent);");
40. $logAddr->execute(array( ":user" => $username, ":ip" => $_SERVER['REMOTE_ADDR'], ":agent" => $_SERVER['HTTP_USER_AGENT']));
41. htmlspecialchars($_SESSION['username'] = $userInfo['username']);
42. htmlspecialchars($_SESSION['ID'] = $userInfo['ID']);
43. echo '<center><div class="sufee-alert alert with-close alert-success alert-dismissible fade show" role="alert"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><i class="mdi mdi-check-all"></i>Login Successful!</div></center><meta http-equiv="refresh" content="1;url=index.php">';
44. }
45. else
46. {
47. echo '<center><div class="sufee-alert alert with-close alert-danger alert-dismissible fade show" role="alert"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><i class="mdi mdi-check-all"></i>You are Banned!</div></center>';
48. }
49. }
50. else
51. {
52. echo '<center><div class="sufee-alert alert with-close alert-warning alert-dismissible fade show" role="alert"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><i class="mdi mdi-check-all"></i>Login Failed!</div></center>';
53. }
54. }
55. else
56. {
57. echo '<div class="alert alert-danger"><p><strong>ERROR:</strong><br />';
58. foreach($errors as $error)
59. {
60. echo '-'.htmlspecialchars_decode($error).'<br />';
61. }
62. echo '</div>';
63. }
64. }