get_ip(); /* |------------------------------------------------------------- | Login |------------------------------------------------------------- | This is annoying because I want to keep the website secure | but I have no clue how to keep things secure with HTML, PHP | or JS. So I hope seperating the scripts and putting all this | into a PHP file is a good secutiry mesure |------------------------------------------------------------- */ if (isset($_POST['submit_login'])) { $error = 0; $ban_query = mysqli_query($conn, "SELECT * FROM bans WHERE ipaddress = '$user_ip' ORDER BY id DESC LIMIT 1"); while ($ban_check = mysqli_fetch_assoc($ban_query)) { $ban_time = $ban_check['time']; $ban_perm = $ban_check['permanent']; } $ban_diff = time() - strtotime($ban_time); if ($ban_perm) { ?> = 5) { mysqli_query($conn,"INSERT INTO bans (ipaddress, reason, length, permanent) VALUES('$user_ip','Attempted password too many times', '60', '0')"); } } if ($error <= 0) { // Checking if Username is empty if (empty(trim($_POST["username"]))) { ?> is_admin($conn, $id) == false) { mysqli_query($conn,"UPDATE users SET admin = 1 WHERE id = 1"); } } else { ?> = 5) { mysqli_query($conn,"INSERT INTO bans (ipaddress, reason, length, permanent) VALUES('$user_ip','Attempted password too many times', '60', '0')"); } } if ($error <= 0) { if (empty(trim($_POST["username"]))) { // Username not entered ?> is_admin($conn, $_SESSION['id'])) { $is_admin = mysqli_query($conn, "SELECT * FROM users WHERE id = " . $_POST['id'] . " ORDER BY id DESC LIMIT 1"); while ($user_info = mysqli_fetch_assoc($is_admin)) { $admin_status = $user_info['admin']; $username = $user_info['username']; } $sql = "UPDATE users SET admin = ? WHERE id = ?"; if ($stmt = mysqli_prepare($conn, $sql)) { // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "ii", $param_admin_status, $param_user_id); // Set parameters if ($admin_status) { $param_admin_status = 0; $admin_update_message = "removed from the admins list"; } elseif (!$admin_status) { $param_admin_status = 1; $admin_update_message = "added to the admins list"; } $param_user_id = $_POST['id']; // Attempt to execute the prepared statement if (mysqli_stmt_execute($stmt)) { ?> is_admin($conn, $_SESSION["id"])) { $user_id = $_POST['id']; } elseif (empty($_POST['id'])) { $user_id = $_SESSION["id"]; } else { ?> thumbnail($image_path, $image_path, 300) != "success") { ?>