<?phprequire_once('config/config.php');
session_start();
if($_POST["txtUsername"] != "" && $_POST["txtPassword"] != "") {
$loginusername = str_replace("'", "''", $_POST["txtUsername"]); //anti sql injections para nws
$loginusername = str_replace("</", "</", $_POST["txtUsername"]);
$loginusername = str_replace("#", "#", $_POST["txtUsername"]);
$loginusername = str_replace("'", "'", $_POST["txtUsername"]);
$loginpassword = str_replace("'", "''", $_POST["txtPassword"]);
$loginpassword = str_replace("</", "</", $_POST["txtPassword"]);
$loginpassword = str_replace("#", "#", $_POST["txtPassword"]);
$loginpassword = str_replace("'", "'", $_POST["txtPassword"]);
if(isset($loginusername) && isset($loginpassword)){
$result2=mssql_query("select * from Account
where UserID='" . $loginusername . "' and Password='" . $loginpassword . "'");
$num2=mssql_num_rows($result2);
}
if($num2 = 1){
$_SESSION['username']= $loginusername;
$_SESSION['password']= $loginpassword;
}
}
if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
$result=mssql_query("select * from Account
where UserID='" . $_SESSION['username'] . "' and Password='" . $_SESSION['password'] . "'");
$num=mssql_num_rows($result);
}
$IP = $_SERVER['REMOTE_ADDR'];
$select = mssql_query("SELECT * FROM LoginAttempts WHERE IP = '$IP'");
$selectrow = mssql_fetch_array($select);
$LastLogin = $selectrow["IP"];
$Attempts = $selectrow["Attempts"];
$selectdiff = mssql_query("SELECT DATEDIFF(n,LastLogin,getdate()) FROM LoginAttempts WHERE IP = '$IP'");
$selecteddiff = mssql_fetch_array($selectdiff);
if($num < 1 && $_POST["txtUsername"] != "" && $_POST["txtPassword"] != ""){
if($LastLogin == ''){
mssql_query("INSERT INTO LoginAttempts VALUES('$IP', '1', getdate())");
}
elseif($LastLogin != ''){
if($Attempts >= '1' && $Attempts <= '4' && $selecteddiff[0] < '5')
{
$Attemps1 = $Attempts + 1;
mssql_query("UPDATE LoginAttempts SET Attempts='$Attemps1', LastLogin=getdate() WHERE IP='$IP'");
}
elseif($Attempts >= '1' && $Attempts <= '4' && $selecteddiff[0] >= '5'){
mssql_query("UPDATE LoginAttempts SET Attempts='1', LastLogin = getdate() WHERE IP='$IP'");
}
}
$logeado = 2;
}
elseif ($num < 1) {
if($LastLogin == ''){
$logeado = 0;
}
elseif($LastLogin != '' && $Attempts >= '1' && $Attempts <= '4' && $selecteddiff[0] < '5'){
$logeado = 2;
}
elseif($LastLogin != '' && $Attempts >= '1' && $Attempts <= '4' && $selecteddiff[0] >= '5'){
$logeado = 0;
mssql_query("DELETE From LoginAttempts WHERE IP='$IP' ");
}
elseif($LastLogin != '' && $Attempts == '5'){
$logeado = 2;
}
elseif($LastLogin != '' && $Attempts == '5' && $selecteddiff[0] < '15'){
$logeado = 0;
mssql_query("DELETE From LoginAttempts WHERE IP='$IP' ");
}
}
else {
if($Attempts < '5'){
$logeado = 1;
mssql_query("DELETE From LoginAttempts WHERE IP='$IP' ");
}
elseif($Attempts == '5' && $selecteddiff[0] >= '15'){
$logeado = 1;
$delete = mssql_query("DELETE From LoginAttempts WHERE IP='$IP' ");
}
elseif($Attempts == '5' && $selecteddiff[0] < '15'){
$logeado = 2;
}
}
?>