A Login Script

<html>
<head><title>LOGIN</title></head>
<body bgcolor=#333333>
<form method="POST" action="logincheck.php">
<table width=50% bgcolor=#666666 border=1 bordercolor=black cellpadding=0 cellspacing=0 frame=box rules=all>
<tr><td>
<font color=red><div align=center>USERNAME: <input style="background-color:#222222; font: 10pt verdana; color:#ffffff; border: 1px solid #555555;" type=text id="username" name="username" size="24">
<br>
PASSWORD: <input type="password" style="background-color:#222222; font: 10pt verdana; color:#ffffff; border: 1px solid #555555;" id=password name="password" size="24">
<br>
<input style="background-color:#CD8500; color:#000000; border: 1px solid #555555;" type="submit" name="Submit" value="Login"></div>
<br>
<a href=register.php>Register</a>
</td></tr>
<td>
<div align="center">
NEW
<br>
Welcome To Your Site!
</div>
</td>
</table>
</form>
</body>
</html>

<?php 
include_once"includes/db_connect.php";
$ud=mysql_num_rows(mysql_query("SELECT * FROM users"));
?>

<?
 
session_start();
 
header("Cache-control: private");
 
include 'includes/db_connect.php';
 
 
 
if ($_SESSION['username']){
 
echo "
 
<SCRIPT LANGUAGE='JavaScript'>
 
window.location='logged_in.php';   /// When they are logged in already redirect them here.
 
 
 
</script>
 
";
 
exit();
 
}
 
 
if (!$_SESSION['username'] || !$_SESSION['email']){  
 
$username = $_POST['username'];   /// What the user put in the username box.
 
$password = $_POST['password'];   /// What the user put in the password box.
 
$username = strip_tags($username);   
 
$password = strip_tags($password);
 
$ip = $REMOTE_ADDR;               /// The users IP address
 
$domain = $_SERVER['REMOTE_ADDR'];
 
 
 
$username=strtolower($username);   /// Put the username in lower case letters.
 
 
 
if((!$username) || (!$password)){
 
    echo "Please Enter All Necessary Fields.";   /// If the username or 
password are empty then echo this.
 
}else{
 
 
///check INFO
 
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
 
/// This line above checks if there is anyone in the database with that username and password.
 
$login_check = mysql_num_rows($sql);   
 
/// This checks how many people are on that database.
 
$ban = mysql_fetch_object($sql);
 
if ($ban->banned = "1"){
echo "This user has been banned, please contact admin via email to find out why.";
exit();
 
/// If the user is banned echo saying that he is banned and exit the session.
 
}else{
 
///other
 
if ($login_check > '0'){
 
 
 
        ini_set(session.cookie_lifetime, "3600");
 
        session_register('username');
 
        $_SESSION['username'] = $username;
 
        session_register('email_address');
 
        $_SESSION['email_address'] = $email_address;
 
/// security measures
 
 
         $timestamp = time();
 
$timeout = $timestamp-$timeoutseconds;
 
$cool = gmdate('Y-m-d h:i:s');
 
mysql_query("UPDATE users SET online='$timestamp' WHERE username='$username'");
 
 
 
mysql_query("UPDATE users SET ip='$domain' WHERE username='$username'");
 
 
 
 
 
 
 
        ?>
 
<meta http-equiv="Refresh" content=0;url="logged_in.php">  /// redirect them to the logged in page.
 
<?
 
 
 
} else {
 
    echo "Please Make Sure You Have Entered To Right Password/Username Combination. If You Have, Your Account May Not Be Activated
 
    ";
 
    include 'login.php';   /// If their details are wrong echo the above and below that show login.php
 
}}}
 
?>