<?/** * Checks whether or not the given username is in the * database, i

1. <?
2.  
3. /**
4.  * Checks whether or not the given username is in the
5.  * database, if so it checks if the given password is
6.  * the same password in the database for that user.
7.  * If the user doesn't exist or if the passwords don't
8.  * match up, it returns an error code (1 or 2).
9.  * On success it returns 0.
10.  */
11. function confirmUser($username, $password){
12.    global $conn;
13.    /* Add slashes if necessary (for query) */
14.    if(!get_magic_quotes_gpc()) {
15.     $username = addslashes($username);
16.    }
17.  
18.    /* Verify that user is in database */
19.    $q = "select password from users where username = '$username'";
20.    $result = mysql_query($q,$conn);
21.    if(!$result || (mysql_numrows($result) < 1)){
22.       return 1; //Indicates username failure
23.    }
24.  
25.    /* Retrieve password from result, strip slashes */
26.    $dbarray = mysql_fetch_array($result);
27.    $dbarray['password']  = stripslashes($dbarray['password']);
28.    $password = stripslashes($password);
29.  
30.    /* Validate that password is correct */
31.    if($password == $dbarray['password']){
32.       return 0; //Success! Username and password confirmed
33.    }
34.    else{
35.       return 2; //Indicates password failure
36.    }
37. }
38.  
39. /**
40.  * checkLogin - Checks if the user has already previously
41.  * logged in, and a session with the user has already been
42.  * established. Also checks to see if user has been remembered.
43.  * If so, the database is queried to make sure of the user's
44.  * authenticity. Returns true if the user has logged in.
45.  */
46. function checkLogin(){
47.    /* Check if user has been remembered */
48.    if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
49.       $_SESSION['username'] = $_COOKIE['cookname'];
50.       $_SESSION['password'] = $_COOKIE['cookpass'];
51.    }
52.  
53.    /* Username and password have been set */
54.    if(isset($_SESSION['username']) && isset($_SESSION['password'])){
55.       /* Confirm that username and password are valid */
56.       if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
57.          /* Variables are incorrect, user not logged in */
58.          unset($_SESSION['username']);
59.          unset($_SESSION['password']);
60.          return false;
61.       }
62.       return true;
63.    }
64.    /* User not logged in */
65.    else{
66.       return false;
67.    }
68. }
69.  
70. /**
71.  * Determines whether or not to display the login
72.  * form or to show the user that he is logged in
73.  * based on if the session variables are set.
74.  */
75. function displayLogin(){
76.    global $logged_in;
77.    if($logged_in){
78.       echo "<h1>Logged In!</h1>";
79.       echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>";
80.    }
81.    else{
82. ?>
83.  
84. <h1>Login</h1>
85. <form action="" method="post">
86. <table align="left" border="0" cellspacing="0" cellpadding="3">
87. <tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr>
88. <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr>
89. <tr><td colspan="2" align="left"><input type="checkbox" name="remember">
90. <font size="2">Remember me next time</td></tr>
91. <tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr>
92. <tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr>
93. </table>
94. </form>
95.  
96. <?
97.    }
98. }
99.  
100.  
101. /**
102.  * Checks to see if the user has submitted his
103.  * username and password through the login form,
104.  * if so, checks authenticity in database and
105.  * creates session.
106.  */
107. if(isset($_POST['sublogin'])){
108.    /* Check that all fields were typed in */
109.    if(!$_POST['user'] || !$_POST['pass']){
110.       die('You didn\'t fill in a required field.');
111.    }
112.    /* Spruce up username, check length */
113.    $_POST['user'] = trim($_POST['user']);
114.    if(strlen($_POST['user']) > 30){
115.       die("Sorry, the username is longer than 30 characters, please shorten it.");
116.    }
117.  
118.    /* Checks that username is in database and password is correct */
119.    $md5pass = md5($_POST['pass']);
120.    $result = confirmUser($_POST['user'], $md5pass);
121.  
122.    /* Check error codes */
123.    if($result == 1){
124.       die('That username doesn\'t exist in our database.');
125.    }
126.    else if($result == 2){
127.       die('Incorrect password, please try again.');
128.    }
129.  
130.    /* Username and password correct, register session variables */
131.    $_POST['user'] = stripslashes($_POST['user']);
132.    $_SESSION['username'] = $_POST['user'];
133.    $_SESSION['password'] = $md5pass;
134.  
135.    /**
136.     * This is the cool part: the user has requested that we remember that
137.     * he's logged in, so we set two cookies. One to hold his username,
138.     * and one to hold his md5 encrypted password. We set them both to
139.     * expire in 100 days. Now, next time he comes to our site, we will
140.     * log him in automatically.
141.     */
142.    if(isset($_POST['remember'])){
143.       setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
144.       setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
145.    }
146.  
147.    /* Quick self-redirect to avoid resending data on refresh */
148.    echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
149.    return;
150. }
151.  
152. /* Sets the value of the logged_in variable, which can be used in your code */
153. $logged_in = checkLogin();
154.  
155. ?>