part 2 becuase so long
PHP Code:
if($user && $pass){
$sql = "SELECT id FROM `f1` WHERE `username`='".$user."'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res) > 0){
$sql2 = "SELECT id FROM `f1` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";
$res2 = mysql_query($sql2) or die(mysql_error());
if(mysql_num_rows($res2) > 0){
$row = mysql_fetch_assoc($res2);
$_SESSION['uid'] = $row['id'];
$row = mysql_fetch_assoc($res);
if(!$_POST['logout']) {
$sql8 = "SELECT * FROM `f1` WHERE `id`='".$_SESSION['uid']."'";
$res8 = mysql_query($sql8) or die(mysql_error());
$row8 = mysql_fetch_assoc($res8);
echo "<form method=\"post\" action=\"./index.php\">
Welcome back, <a href=\"./index.php?act=profile&id=".$row8['id']."\">".$row8['username']."</a>! |
<input type=\"submit\" name=\"logout\" value=\"Logout\" onClick=\"return confirmLogout()\">";
echo "<br>\n";
echo "<a href=\"./index.php\">Forum Index</a>\n";
if($row8['admin'] == '1'){
echo " | <a href=\"./admin.php\">Administrative Section</a>\n";
}
echo "</form>";
}else {
session_destroy();
if (!$_POST['submit']) {
echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
echo "<form method=\"post\" action=\"./index.php\">\n";
echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"Login\"></td></tr>\n";
echo "</form></table>\n";
}else {
$user = mss($_POST['username']);
$pass = $_POST['password'];
if($user && $pass){
$sql = "SELECT id FROM `f1` WHERE `username`='".$user."'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res) > 0){
$sql2 = "SELECT id FROM `f1` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";
$res2 = mysql_query($sql2) or die(mysql_error());
if(mysql_num_rows($res2) > 0){
$row = mysql_fetch_assoc($res2);
$_SESSION['uid'] = $row['id'];
$sql9 = "SELECT * FROM `f1` WHERE `id`='".$_SESSION['uid']."'";
$res9 = mysql_query($sql9) or die(mysql_error());
$row9 = mysql_fetch_assoc($res9);
echo "Welcome back, <a href=\"./index.php?act=profile&id=".$row9['id']."\">".$row9['username']."</a>! <a href=\"./logout.php\" onClick=\"return confirmLogout()\">Logout</a>\n";
echo "<br>\n";
echo "<a href=\"./index.php\">Forum Index</a>\n";
if($row9['admin'] == '1'){
echo " | <a href=\"./admin.php\">Administrative Section</a>\n";
}
}else {
echo "Username and password combination are incorrect!\n";
}
}else {
echo "The username you supplied does not exist!\n";
}
}else {
echo "You must supply both the username and password field!\n";
}
}
echo "<br>\n";
echo "<a href=\"./index.php\">Forum Index</a>\n";