A Login Script

<html>
<head><title>LOGIN</title></head>
<body bgcolor=#333333>
<form method="POST" action="logincheck.php">
<table width=50% bgcolor=#666666 border=1 bordercolor=black cellpadding=0 cellspacing=0 frame=box rules=all>
<tr><td>
<font color=red><div align=center>USERNAME: <input style="background-color:#222222; font: 10pt verdana; color:#ffffff; border: 1px solid #555555;" type=text id="username" name="username" size="24">
<br>
PASSWORD: <input type="password" style="background-color:#222222; font: 10pt verdana; color:#ffffff; border: 1px solid #555555;" id=password name="password" size="24">
<br>
<input style="background-color:#CD8500; color:#000000; border: 1px solid #555555;" type="submit" name="Submit" value="Login"></div>
<br>
<a href=register.php>Register</a>
</td></tr>
<td>
<div align="center">
NEW
<br>
Welcome To Your Site!
</div>
</td>
</table>
</form>
</body>
</html>

<?php
include_once"includes/db_connect.php";
$ud=mysql_num_rows(mysql_query("SELECT * FROM users"));
?>

<?

session_start();

header("Cache-control: private");

include 'includes/db_connect.php';



if ($_SESSION['username']){

echo "

<SCRIPT LANGUAGE='JavaScript'>

window.location='logged_in.php'; /// When they are logged in already redirect them here.



</script>

";

exit();

}


if (!$_SESSION['username'] || !$_SESSION['email']){

$username = $_POST['username']; /// What the user put in the username box.

$password = $_POST['password']; /// What the user put in the password box.

$username = strip_tags($username);

$password = strip_tags($password);

$ip = $REMOTE_ADDR; /// The users IP address

$domain = $_SERVER['REMOTE_ADDR'];



$username=strtolower($username); /// Put the username in lower case letters.



if((!$username) || (!$password)){

echo "Please Enter All Necessary Fields.<br />"; /// If the username or
password are empty then echo this.

}else{


///check INFO

$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");

/// This line above checks if there is anyone in the database with that username and password.

$login_check = mysql_num_rows($sql);

/// This checks how many people are on that database.

$ban = mysql_fetch_object($sql);

if ($ban->banned = "1"){
echo "This user has been banned, please contact admin via email to find out why.";
exit();

/// If the user is banned echo saying that he is banned and exit the session.

}else{

///other

if ($login_check > '0'){



ini_set(session.cookie_lifetime, "3600");

session_register('username');

$_SESSION['username'] = $username;

session_register('email_address');

$_SESSION['email_address'] = $email_address;

/// security measures


$timestamp = time();

$timeout = $timestamp-$timeoutseconds;

$cool = gmdate('Y-m-d h:i:s');

mysql_query("UPDATE users SET online='$timestamp' WHERE username='$username'");



mysql_query("UPDATE users SET ip='$domain' WHERE username='$username'");







?>

<meta http-equiv="Refresh" content=0;url="logged_in.php"> /// redirect them to the logged in page.

<?



} else {

echo "Please Make Sure You Have Entered To Right Password/Username Combination. If You Have, Your Account May Not Be Activated<br />

<br />";

include 'login.php'; /// If their details are wrong echo the above and below that show login.php

}}}

?>