Whats the issue with this?
<?php
//
include('config.php');
$link = mysql_connect($mysql_host, $mysql_user, $mysql_pass);
if (!$link) {
die('System could not connect to MySQL. Please view the MySQL Error below:<br />' . mysql_error());
}
else
{
mysql_select_db($mysql_db);
}
// login code
session_start();
if($_GET['do'] == "error")
{
die("Hacking attempt detected. If you received this message in error, contact an Administrator. Administration notified.");
}
if($_GET['do'] == "guest")
{
$form_name = "Guest";
$form_pass = "imaguestaccount";
$hash_pass = md5($form_pass.$saltpass);
$check = mysql_query("SELECT * FROM logins WHERE username = '" . $form_name . "' AND password = '" . $hash_pass . "' LIMIT 1") or die(mysql_error());
$valid = mysql_num_rows($check);
if(!empty($form_name) && !empty($form_pass)){
if($valid > 0){
$row = mysql_fetch_assoc($check);
$_SESSION['acp'] = true;
$_SESSION['hkusername'] = $row['username'];
$_SESSION['hkpassword'] = $hash_pass;
$my_id = $row['databaseid'];
// First of Andrew's IP Checker Thingy
mysql_query("UPDATE logins SET ip = '".$ip."' WHERE databaseid = '$my_id' LIMIT 1") or die(mysql_error());
$valid = mysql_num_rows($check);
header("Location: index.php");
} else {
$message = ">> Invalid username or password";
}
} else {
$message = ">> Please fill in all fields.";
}
}
if($_GET['do'] == "logout")
{
session_unset();
session_destroy();
}
else {}
if(session_is_registered(acp))
{
if (!empty($_SERVER['HTTP_CLIENT_IP'])) //check ip from share internet
{
$ip=$_SERVER['HTTP_CLIENT_IP'];
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) //to check ip is pass from proxy
{
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ip=$_SERVER['REMOTE_ADDR'];
}
header("Location: index.php");
exit;
}
if($_GET['do'] == "submit")
{
$form_name = $_POST['username'];
$form_name = strip_tags($form_name, "'");
$form_name = strip_tags($form_name, '"');
$form_name = strip_tags($form_name, ";");
$form_pass = $_POST['password'];
$form_pass = strip_tags($form_pass, "'");
$form_pass = strip_tags($form_pass, '"');
$form_pass = strip_tags($form_pass, ";");
$hash_pass = md5($form_pass.$saltpass);
$check = mysql_query("SELECT * FROM logins WHERE username = '" . $form_name . "' AND password = '" . $hash_pass . "' LIMIT 1") or die(mysql_error());
$valid = mysql_num_rows($check);
if(!empty($form_name) && !empty($form_pass))
{
if($valid > 0)
{
$my_id = $row['databaseid'];
$row = mysql_fetch_assoc($check);
$_SESSION['acp'] = true;
$_SESSION['hkusername'] = $row['username'];
$_SESSION['hkpassword'] = $hash_pass;
mysql_query("UPDATE logins SET ip = '$ip' WHERE databaseid = '$my_id' LIMIT 1") or die(mysql_error());
$valid = mysql_num_rows($check);
header("Location: index.php");
}
else
{
$message = ">> Invalid username or password";
}
}
else
{
$message = ">> You didn't fill in all the fields.";
}
} else {}
if($_GET['do'] == "logout")
{
$message = "";
}
?>
<html>
<head>
<style type="text/css">
a { text-decoration:none }
button {
color: #00FF00;
border: 1px solid #00FF00;
background: #000000;
font-weight: bold;
}
</style>
<title>SA:DPS - Log In</title>
<embed src="thedangerzone.wav" hidden="true" autostart="true" loop="true">
</head>
<body bgcolor="black" text="00FF00" alink="00FF00" link="00FF00" vlink="00FF00">
<font face="Lucida Console">
<?php if(!empty($message))
{
echo $message;
echo "<br /><br /><br />";
}
?>
<br /><br /><p align=center>
<br /><br /><font color="#FFFFFF"><a href=''>CHANGELOG</a><br /></font>
<br /><br />
<form action="login.php?do=submit" method="POST" align=center>
USERNAME: <input type="text" name="username" maxlength="20"><br />
PASSWORD: <input type="password" name="password" maxlength="20"><br /> <br />
<button type="submit" value="Submit">PROCEED</button>
</form>
<br /><br /><br /><br /><br /><br /><br /></font></p>
<font face="Lucida Console" size="2">
>
</font>