Ben m'n IQ kwijt

<?php
error_reporting(E_ALL);
session_start();

include("config.php");
include("functions.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title></title>
<style type="text/css">
body {
	background-color: yellow; 
	color: (red);
}

</style>

</head>

<body>
<?php

if(!isset($_COOKIE['last_active']))
{
    if(isset($_SESSION['user_id']))
    {
        mysql_query("UPDATE tbl_users SET user_lastactive = NOW() WHERE user_id = '" . $_SESSION['user_id'] . "'") or die(mysql_error());
        setcookie("last_active",true,time()+5);
    }
}

if(!isset($_SESSION['user_id']))
{
    if(isset($_POST['login']))
    {
        $query = mysql_query("SELECT * FROM tbl_users WHERE user_name = '" . $_POST['user'] . "' AND user_pass = '" . md5($_POST['pass']) . "'");
        $result = mysql_num_rows($query);

        if(empty($result))
        {
            echo "<script>alert('Login Incorrect.'); document.location.href=('index.php')</script>";
        }
        else
        {
            while($row = mysql_fetch_assoc($query))
            {
                $user_id = $row['user_id'];
            }

            header("Location: index.php");
            $_SESSION['user_id'] = $user_id;
        }
    }
    else
    {
?>
<h1>Log In</h1>
<form method="POST">
<input type="hidden" value="1" name="login">
Username : <input type="text" name="user" maxlength="15"><br>
Password : <input type="password" name="pass" maxlength="15"><br><br>

<input type="Submit" value="Login"><br><br>
<img src="icons/register.gif"> <a href="register.php">Register</a><br>
<img src="icons/memberlist.gif"> <a href="memberlist.php">Memberlist</a><br>
<img src="icons/admin.gif"> <a href="admin.php">admin</a>
<?
    }
}
else
{
    $query = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $_SESSION['user_id'] . "'");

    while($row = mysql_fetch_assoc($query))
    {
        echo "Username : <b>" . $row['user_name']. "</b>";

        if($row['user_pm'])
        {
            $msg = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'"),0);

            if(empty($msg))
            {
                $msg = "<font color=\"#008000\">Empty</font>";
            }
            elseif($msg >= $cfg['max_msg'])
            {
                $msg = "<font color=\"#FF0000\">FULL</font>";
            }
            else
            {
                $msg = $msg . " / " . $cfg['max_msg'];
            }

            echo "<br>\n";
            echo "Inbox : <b>". $msg ."</b> ( <a href=\"msg.php?act=inbox\">Open</a> )";
        }
    }

    echo "<br>\n<br>\n";

    if(isset($_SESSION['admin_login']))
    {
        
        echo "<img src=\"icons/admin.gif\"> <a href=\"admin.php\">Admin Page</a>";
        echo "<br>\n";
    }

    echo "<img src=\"icons/memberlist.gif\"> <a href=\"memberlist.php\">Memberlist</a>";
    echo "<br>\n";
    echo "<img src=\"icons/profile.gif\"> <a href=\"profile.php?act=edit_profile\">Change Profile</a>";
    echo "<br>\n";
    echo "<img src=\"icons/profile.gif\"> <a href=\"profile.php?act=view&user_id=" . $_SESSION['user_id'] . "\">My Profile</a>";
    echo "<br>\n";
    echo "<img src=\"icons/logoff.gif\"> <a href=\"logoff.php\">Log Off</a>";
}
?> 
</body>
</html>