function login(){
switch($_GET['op']){
case 'submit':
$clean = array();
$mysql = array();
$now = time();
$max = $now - 30;
$salt = $sitekey;
if (ctype_alnum($_POST['username'])){
$clean['username'] = $_POST['username'];
}else{
echo $loginform;
}
$clean['password'] = md5($salt . md5($_POST['password'] . $salt));
$mysql['username'] = mysql_real_escape_string($clean['username']);
$sql = "SELECT last_failure, password, access_level
FROM users
WHERE username = '{$mysql['username']}'";
if ($result = mysql_query($sql)){
if (mysql_num_rows($result)){
$record = mysql_fetch_assoc($result);
$access = $record['access_level'];
if ($record['last_failure']> $max){
/* Less than 15 seconds since last failure */
echo "Less than 30 seconds since last failure";
}elseif ($record['password'] == $clean['password']){
$user = $mysql['username'];
session_start();
$_SESSION['access_level'] = $access;
$_SESSION['username'] = $user;
echo "<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=index.php\">";
}else{
/* Failed Login */
$sql = "UPDATE users
SET last_failure = '$now'
WHERE username = '{$mysql['username']}'";
mysql_query($sql);
echo "Login Failed Username Not Found or Wrong Password";
}
}else{
/* Invalid Username */
echo "Invalid Username!!";
}
}else{
/* Error */
echo "System Error!!";
}
break;
default:
echo "<blockquote><form action=\"login.php?action=login&op=submit\" method=\"post\" enctype=\"application/x-www-form-urlencoded\">
<label>Username<br>
<input type=\"text\" name=\"username\">
</label>
<br>
<label>Password<br>
<input type=\"password\" name=\"password\">
</label>
<br>
<label>
<input type=\"submit\" name=\"Submit\" value=\"Login\">
</label>
</form></blockquote>";
break;
}
}
]]>