<?php
function c($str) {
return mysql_real_escape_string($str);
}
if ($_SESSION['loggedin']) {
echo 'You are logged in. <a href="logged.html">Go home</a>';
}else{
if (isset($_POST['submit'])) {
$name = c($_POST['name']);
$email = c($_POST['email']);
$password = c($_POST['password']);
$checkuser = mysql_query("SELECT * FROM `users` WHERE `name` = '{$name}' AND `email` = '{$email}'");
if (mysql_num_rows($checkuser) == 1) {
$r = mysql_fetch_assoc($checkuser);
if ($r["password"] == $password) {
//check ban
$bannedq = mysql_query("SELECT * FROM `bans` WHERE `user_id` = '{$r["id"]}'");
if (mysql_num_rows($bannedq) == 1) {
$bannedr = mysql_fetch_assoc($bannedq);
echo 'You are banned.<br /><br /><strong>Reason:</strong> ' . $bannedr["reason"];
}else{
$_SESSION['loggedin'] = 'YES';
$_SESSION['email'] = $email;
$_SESSION['name'] = $name;
echo 'You are now logged in! <a href="logged.html">Go home</a>';
}
//check ban
}
}else{
echo 'This user does not exist.';
}
}else{
?>
<form method="post">
<label for="name">Name</label><br />
<input type="text" name="name" id="name" /><br /><br />
<label for="email">Email</label><br />
<input type="text" name="email" id="email" /><br /><br />
<label for="password">Password</label><br />
<input type="password" name="password" id="password" /><br /><br />
<input type="submit" name="submit" value="Log in" />
</form>
<?php
}
}
?> echo 'You are banned.<br /><br><br /><strong>Reason:</strong> ( . $bannedr["reason"])<br>
<strong>Banned By:</strong>' . $bannedr["banner"];
