1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184
| <?
include ('includes/header.html');
include ('includes/config.inc.php');
function confirmUser($username, $password){
global $dbc;
require_once (MYSQL);
if ($username && $password) { // If everything's OK.
// Query the database:
$q = "SELECT Email, Username, User_level FROM users WHERE (email='$e' AND Pass=SHA1('$p'))";
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
if (@mysqli_num_rows($r) == 1) { // A match was made.
return 0;
} else { // No match was made.
return 2;
}
} else { // If everything wasn't OK.
return 1;
}
}
/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's
* authenticity. Returns true if the user has logged in.
*/
function checkLogin(){
/* Check if user has been remembered */
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass']) && ($_COOKIE['cookuserlevel']) && ($_COOKIE['cookemail'])){
$_SESSION['Username'] = $_COOKIE['cookname'];
$_SESSION['Password'] = $_COOKIE['cookpass'];
$_SESSION['Email'] = $_COOKIE['cookemail'];
$_SESSION['User_lavel'] = $_COOKIE['cookuserlevel'];
}
/* Username and password have been set */
else if(isset($_SESSION['Username']) && isset($_SESSION['Password']) && isset($_SESSION['Email']) && isset($_SESSION['User_lavel'])){
/* Confirm that username and password are valid */
if(confirmUser($_SESSION['Username'], $_SESSION['Password']) != 0){
/* Variables are incorrect, user not logged in */
unset($_SESSION['Username']);
unset($_SESSION['Password']);
unset($_SESSION['Email']);
unset($_SESSION['User_lavel']);
return false;
} else {
return true;
}
/* User not logged in */
else{
return false;
}
}
/**
* Determines whether or not to display the login
* form or to show the user that he is logged in
* based on if the session variables are set.
*/
function displayLogin(){
global $logged_in;
if($logged_in){
echo "<h1>Logged In!</h1>";
echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>";
}
else{
?>
<h2>Login</h2>
<form action="main.php" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td class="label">Username :</td><td><div class="field_container"><input type="text" class="inputtext" id="username" name="username" value="" style="background:#FFFFCC" size="30" maxlength="30"/></div></td></tr>
<tr><td class="label">Password :</td><td><div class="field_container"><input type="password" class="inputpassword" id="password" name="password" value="" style="background:#FFFFCC" size="30" maxlength="30" /></div></td></tr>
<tr><td colspan="2" align="left"><input type="checkbox" name="remember">
<font size="2">Remember me next time</td><td colspan="2" align="right"><input type="submit" name="submit" value="Login"></td></tr>
<tr><td><input type="hidden" name="submitted" value="TRUE"></td></tr>
<tr></tr>
<tr></tr>
<tr></tr>
<tr></tr>
<tr></tr>
<tr></tr>
<tr></tr>
<tr><td colspan="2" align="left"><font size="2"><a href="forgot_password.php">[Forgot Password?]</a></td></tr>
<tr></tr>
<tr></tr>
<tr></tr>
<tr></tr>
<tr></tr>
<tr></tr>
<tr></tr>
<tr><td colspan="2" align="left"><font size="2"> Not registered? <a href="register.php">Sign-Up!</a></td></tr>
</table>
</form>
<?
}
}
/**
* Checks to see if the user has submitted his
* username and password through the login form,
* if so, checks authenticity in database and
* creates session.
*/
if(isset($_POST['submitted'])){
$password=$_POST['password']);
$username = trim($_POST['username']);
/* Check that all fields were typed in */
if(!($username) || !($password)){
echo '<p class="error">You didn\'t fill in a required field.</p>';
}
/* Spruce up username, check length */
if(strlen($username) > 30){
echo '<p class="error">Sorry, the username is longer than 30 characters, please shorten it. </p>';
}
// Validate the email address:
if (!empty($username)) {
$username = mysqli_real_escape_string ($dbc, $username);
} else {
echo '<p class="error">You forgot to enter your email address!</p>';
}
// Validate the password:
if (!empty($password)) {
$password = mysqli_real_escape_string ($dbc, $_POST['password']);
} else {
echo '<p class="error">You forgot to enter your password!</p>';
}
$result = confirmUser($username, $password);
/* Check error codes */
if($result == 1){
echo '<p class="error"> Either the email address and password entered do not match those on file;</p>'
}
else if($result == 2){
echo '<p class="error">please try again.</p>';
}
/* Username and password correct, register session variables */
$_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC);
$_SESSION['Password']=$password;
mysqli_free_result($r);
mysqli_close($dbc);
/**
* This is the cool part: the user has requested that we remember that
* he's logged in, so we set two cookies. One to hold his username,
* and one to hold his md5 encrypted password. We set them both to
* expire in 100 days. Now, next time he comes to our site, we will
* log him in automatically.
*/
if(isset($_POST['remember'])){
setcookie("cookname", $_SESSION['Username'], time()+60*60*24*100, "/");
setcookie("cookpass", $_SESSION['Password'], time()+60*60*24*100, "/");
setcookie("cookpass", $_SESSION['Email'], time()+60*60*24*100, "/");
setcookie("cookpass", $_SESSION['User_level'], time()+60*60*24*100, "/");
}
$logged_in = checkLogin();
/* Quick self-redirect to avoid resending data on refresh */
/*echo "<meta http-equiv=\"Refresh\" content=\"0;url=$_SERVER[PHP_SELF]\">";*/
}
/* Sets the value of the logged_in variable, which can be used in your code */
include ('includes/footer.html');
?> |
Partager