Invalid User Name/Password"; }else{ if($row['STATUS'] ==0 || $row['USER_STATS'] !='ACTIVE'){ $ret = "Please Activate Your Account"; } else{ $pass_sql="SELECT PASSWORD, PIN_TRIES FROM PIN_MASTER WHERE USER_ID = '".$login."'"; $pass_res = mysql_query($pass_sql); $pass_row=mysql_fetch_array($pass_res); $pass_count = mysql_num_rows($pass_res); if($password!=$pass_row['PASSWORD']){ $pass_up_sql="UPDATE PIN_MASTER SET PIN_TRIES=PIN_TRIES+1 WHERE USER_ID = '".$login."'";; $pass_up_res = mysql_query($pass_up_sql); if($pass_row['PIN_TRIES']<3) { $log_sql="insert into user_login_hist (user_name,time_of_login,status) values ('".$login."',CURRENT_TIMESTAMP,'Password Not Matched')"; $log_res=mysql_query($log_sql); } if($pass_row['PIN_TRIES']==2) { $user_up_sql="UPDATE USER_MASTER SET USER_STATS='Blocked', REASON='Pin Tries Exceed' WHERE USER_ID = '".$login."'";; $user_up_res = mysql_query($user_up_sql); $log_sql="insert into user_login_hist (user_name,time_of_login,status) values ('".$login."',CURRENT_TIMESTAMP,'Blocking User')"; $log_res=mysql_query($log_sql); $ret = "User Blocked"; } else if($pass_row['PIN_TRIES']>2) { $user_up_sql="UPDATE USER_MASTER SET USER_STATS='Blocked', REASON='Pin Tries Exceed' WHERE USER_ID = '".$login."'";; $user_up_res = mysql_query($user_up_sql); $log_sql="insert into user_login_hist (user_name,time_of_login,status) values ('".$login."',CURRENT_TIMESTAMP,'Blocked User')"; $log_res=mysql_query($log_sql); $ret = "User Blocked"; } else { $ret = "Invalid User Name/Password"; } } else{ if($pass_row['PIN_TRIES']>=3) { $log_sql="insert into user_login_hist (user_name,time_of_login,status) values ('".$login."',CURRENT_TIMESTAMP,'Blocked User')"; $log_res=mysql_query($log_sql); $ret = "User Blocked"; }else{ $_SESSION['user']=$row['USER_ID']; $_SESSION['pass']=$pass_row['PASSWORD']; $log_sql="insert into user_login_hist (user_name,time_of_login,status) values ('".$login."',CURRENT_TIMESTAMP,'Success')"; $log_res=mysql_query($log_sql); $log_sql1="update pin_master set pin_tries=0 where user_id = '".$login."'"; $log_res1=mysql_query($log_sql1); $ret = 'Login Sucess'; } } } } echo $ret; ?>