<?php//allow sessions to be passed so we can see if the user is logged in

1. <?php
2. //allow sessions to be passed so we can see if the user is logged in
3.  
4. $connection_string = "DRIVER={SQL Server};SERVER=Heather-desktop\Lumia;DATABASE=Account";
5. $query .= "FROM Account ";
6. {
7. echo "<li>" . $row["id"] . $row["name"] . $row["year"] . "</li>";
8. mssql_close($dbhandle);
9. ?>
10.  
11. //include out functions file giving us access to the protect() function made earlier
12. include "./functions.php";
13.  
14. ?>
15. <html>
16. <head>
17. <title>Login with Users Online Tutorial</title>
18. <link rel="stylesheet" type="text/css" href="style.css" />
19. </head>
20. <body>
21. <?php
22.  
23. //If the user has submitted the form
24. if($_POST['submit']){
25. //protect the posted value then store them to variables
26. $username = protect($_POST['username']);
27. $password = protect($_POST['password']);
28.  
29. //Check if the username or password boxes were not filled in
30. if(!$username || !$password){
31. //if not display an error message
32. echo "<center>You need to fill in a <b>Username</b> and a <b>Password</b>!</center>";
33. }else{
34. //if the were continue checking
35.  
36. //select all rows from the table where the username matches the one entered by the user
37. $res = mssql_query("SELECT * FROM `Account dbo.tuser` WHERE `username` = '".$username."'");
38. $num = mssql_num_rows($res);
39.  
40. //check if there was not a match
41. if($num == 0){
42. //if not display an error message
43. echo "<center>The <b>Username</b> you supplied does not exist!</center>";
44. }else{
45. //if there was a match continue checking
46.  
47. //select all rows where the username and password match the ones submitted by the user
48. $res = mssql_query("SELECT * FROM `Account dbo.tuser` WHERE `username` = '".$username."' AND `password` =
49.  
50. '".$password."'");
51. $num = mssql_num_rows($res);
52.  
53. //check if there was not a match
54. if($num == 0){
55. //if not display error message
56. echo "<center>The <b>Password</b> you supplied does not match the one for that username!</center>";
57. }else{
58. //if there was continue checking
59.  
60. //split all fields fom the correct row into an associative array
61. $row = mssql_fetch_assoc($res);
62.  
63. //check to see if the user has not activated their account yet
64. if($row['active'] != 1){
65. //if not display error message
66. echo "<center>You have not yet <b>Activated</b> your account!</center>";
67. }else{
68. //if they have log them in
69.  
70. //set the login session storing there id - we use this to see if they are logged in or not
71. $_SESSION['uid'] = $row['id'];
72. //show message
73. echo "<center>You have successfully logged in!</center>";
74.  
75. //update the online field to 50 seconds into the future
76. $time = date('U')+50;
77. mssql_query("UPDATE `users` SET `online` = '".$time."' WHERE `id` = '".$_SESSION
78.  
79. ['uid']."'");
80.  
81. //redirect them to the usersonline page
82. header('Location: logout.php');
83. }
84. }
85. }
86. }
87. }
88.  
89. ?>
90. <form action="index.php" method="post">
91. <div id="border">
92. <table cellpadding="2" cellspacing="0" border="0">
93. <tr>
94. <td>Username:</td>
95. <td><input type="text" name="username" /></td>
96. </tr>
97. <tr>
98. <td>Password:</td>
99. <td><input type="password" name="password" /></td>
100. </tr>
101. <tr>
102. <td colspan="2" align="center"><input type="submit" name="submit" value="Login" /></td>
103. </tr>
104. <tr>
105. <td align="center" colspan="2"><a href="register.php">Register</a> | <a href="forgot.php">Forgot
106.  
107. Pass</a></td>
108. </tr>
109. </table>
110. </form>