<?php
function login($username,$password) {
		session_start();
		$q = "SELECT * FROM ".TB_PREFIX."users where username = '$username'";
		$result = mysql_query($q);
		$dbarray = mysql_fetch_array($result);
		if($dbarray['banned'] == 1) { header ("Location: index.php?err=ban"); }
		else {
		if($dbarray['password'] == md5($password)) {
			$id=$dbarray['id'];
			$_SESSION['nik']=$dbarray['username'];
			$_SESSION['log']="y";
			$_SESSION['id']=$id;
			//registra sul db la nuova date
			$mtimet=mtimetn();
			mysql_query("UPDATE `users` SET `last_log` =  NOW( ) WHERE `id` =$id LIMIT 1 ;");
			header ("Location: main.php");
		}
		else {
			header ("Location: index.php?err=log");
		}}
}
// Admin Login
function admlog($ausername,$apassword) {
		session_start();
		$q = "SELECT * FROM ".TB_PREFIX."users where username = '$ausername'";
		$result = mysql_query($q);
		$dbarray = mysql_fetch_array($result);
		if($dbarray['password'] == md5($apassword) and $dbarray['rank'] > 0) {
			$_SESSION['anik']=$dbarray['username'];
			$_SESSION['alog']="y";
			$_SESSION['aid']=$dbarray['id'];;
			header ("Location: main.php");
		}
		else {
			return false;
		}
}

function register() {
	$nik=$_POST['rnik'];
	$pass=md5($_POST['rpass']);
	$mail=$_POST['email'];

	if ($nik=="" or $pass=="" or $mail=="") { echo "Registration  is not valid! go back and fill all the form!"; }
	else {
	
	Conect(); 
	//verifica se esiste un nome uguale
	$veryf="SELECT * FROM ".TB_PREFIX."users WHERE username='$nik'";
	$q_ver=mysql_query($veryf);
	$ck_ver=mysql_num_rows($q_ver);
	//genera l'id utente
	$qnu="SELECT * FROM ".TB_PREFIX."users";
	$qns=mysql_query($qnu);
	$nur=mysql_num_rows($qns);
	$id=$nur+1;

	$mtimet=mtimetn();

	if ($ck_ver==1) {
	echo "username or password already exist(s)!"; }
	else {
	$reg="INSERT INTO `".TB_PREFIX."users` (`id`, `username`, `password`, `email`, `timestamp_reg` ) VALUES ($id, 	'$nik', '$pass', '$mail', '$mtimet')";
	$q_reg=mysql_query($reg); 
	
	header("Location: index.php"); }

} }
?>