back'; } else { // login was successful, now delete old sessions and create a new one mysql_query('delete from sessions where lower(userid) = lower("'.$username.'")'); $ip = $_SERVER["REMOTE_ADDR"]; // get the ip number of the user $port = $_SERVER["REMOTE_PORT"]; // get the port of the user // setup session $sessid = create_sessid(); $res = mysql_query('insert into sessions (userid,ip,port,sessid,lastlogin) values(lower("'.$username.'"),"'.$ip.'","'.$port.'","'.$sessid.'",now())'); if(!$res) $login_result = 'Login successful. Session creation failed.
Back to menu'; else $login_result = 'Login successful.
Enter lobbies'; } } else if ($_POST["login"] == 'newaccount') { // kind of sanitizing $username = substr(preg_replace("/[^A-Za-z0-9 _]/", "", $_POST["username"]), 0, 14); $password = substr(preg_replace("/[^A-Za-z0-9 _]/", "", $_POST["password"]), 0, 14); // no password entered, return to login page if($password == "" || $username=="") { header('Location: CRS-top.jsp'); exit(); } // add new user $res2 = mysql_query('insert into users (userid, passwd) values("'.$username.'","'.$password.'")'); if($res2) { $ip = $_SERVER["REMOTE_ADDR"]; // get the ip number of the user $port = $_SERVER["REMOTE_PORT"]; // get the port of the user // setup session $sessid = create_sessid(); $res = mysql_query('insert into sessions (userid,ip,port,sessid,lastlogin) values(lower("'.$username.'"),"'.$ip.'","'.$port.'","'.$sessid.'",now())'); if(!$res) $login_result = 'Login successful. Session creation failed.
Back to menu'; else $login_result = 'Login successful.
Enter lobbies'; } else { $login_result = 'Login failed. User already exists.
back'; } } else { $login_result = 'Login failed.
back'; } include('header.php'); ?>