<?phpsession_start();function login(){ ?> <html> <center

1. <?php
2.  
3. session_start();
4.  
5. function login()
6.  
7. {
8.  
9.     ?>
10.  
11.     <html>
12.  
13.     <center>
14.  
15.     <u><h1>Login</h1></u>
16.  
17. <br />
18.  
19.     <form name = "login" action = "" method = "POST" />
20.  
21.             Username :
22. <br />
23.         <input type = "text" name = "username" />
24. <br />
25.             Password :
26. <br />
27.         <input type = "password" name = "password" />
28. <br />
29.         <input type = "submit" value = "Login" />
30. <br />
31. <br />
32.  
33.  
34.  
35.         Would you like to be a user?
36. <br />
37.         Check the box below to sign up.
38. <br />
39.  
40.  
41.         <input type = "checkbox" name = "register" value = "true" />
42.  
43.     </form>
44.  
45.     </center>
46.  
47.     </form>
48.     </html>
49.  
50.     <?php
51.  
52. }
53.  
54.  
55. if(!isset($_COOKIE['SkipAlert']))
56.  
57. {
58.  
59. echo '<script language = "javascript">alert("Please, When Finished Viewing This Site Use The Logout Button. Thank You - Admin. P.S - This Will Be And Is The Only Alert Box On This Site, If You See Another, Exit And Notify Me Immediately.");</script>';
60.  
61. }
62.  
63. $numberset = range(1, 1000);
64.  
65. $rand_key = array_rand($numberset, 3);
66.  
67. $numberONE = $numberset[$rand_key[0]];
68. $numberTWO = $numberset[$rand_key[1]];
69. $numberTHREE =  $numberset[$rand_key[2]];
70.  
71. $random_number = $numberONE.$numberTWO.$numberTHREE;
72.  
73.  
74. $stringset1 = range('A', 'Z');
75.  
76.  
77. $stringset = $stringset1;
78.  
79. $rand_key = array_rand($stringset, 10);
80.  
81. $letterONE = $stringset[$rand_key[0]];
82. $letterTWO = $stringset[$rand_key[1]];
83. $letterTHREE = $stringset[$rand_key[2]];
84. $letterFOUR = $stringset[$rand_key[3]];
85. $letterFIVE = $stringset[$rand_key[4]];
86.  
87. $letterSIX = $stringset[$rand_key[5]];
88. $letterSEVEN = $stringset[$rand_key[6]];
89. $letterEIGHT = $stringset[$rand_key[7]];
90. $letterNINE = $stringset[$rand_key[8]];
91. $letterTEN = $stringset[$rand_key[9]];
92.  
93. $random_string = $letterONE.$letterTWO.$letterFIVE.$letterFOUR.$letterTHREE.$letterSEVEN.$letterSIX.$letterEIGHT.$letterNINE.$letterTEN;
94.  
95. $random = md5($random_number.$random_string);
96.  
97.  if(isset($_POST['username']) && isset($_POST['password']) && isset($_POST['register']))
98.  
99.  {
100.  
101.  $con = mysql_connect('localhost', 'root', 'MY_PASS');
102.  
103.  mysql_select_db('database1', $con);
104.  
105.  $query = mysql_query("SELECT * FROM users");
106.  
107.  $flag = false;
108.  
109.   while($rows = mysql_fetch_array($query))
110.  
111.    {
112.  
113.     $user = $rows['username'];
114.  
115.      if($user == $_POST['username'])
116.  
117.       {
118.  
119.        $flag = true;
120.  
121.        }
122.  
123. // ok the above isn't good i should have done it the way i have below.
124.  
125.    }
126.  
127.  
128.   if(!$flag)
129.  
130.   {
131.  
132. // this is what i'm working on now, trying to sanitize input
133.  
134.    $_POST['username'] = str_replace("'", "", $_POST['username']);
135.    $_POST['password'] = str_replace("'", "", $_POST['password']);
136.  
137.    mysql_query("INSERT INTO users (username, password) VALUES ('$_POST[username])', '$_POST[password])')");
138.  
139.    $_SESSION['username'] = htmlentities($_POST['username']);
140.    $_SESSION['fingerprint'] = $random . $_SESSION['username'];
141.    $_SESSION['login'] = $_SESSION['fingerprint'] . $_SERVER['REMOTE_ADDR'];
142.    
143.   }
144.  
145.   else
146.  
147.   {
148.  
149.   login();
150.  
151.    echo 'Sorry username is already taken';
152.  
153.   }
154.  
155.  }
156.  
157.  elseif(isset($_POST['username']) && isset($_POST['password']) && !isset($_POST['register']))
158.  
159.  {
160.  
161. // this is the better way of doing it, i'll add it to the top soon
162.  
163.   $con = mysql_connect('localhost', 'root', 'MY_PASSWORD') or die(mysql_error());
164.   mysql_select_db('database1');
165.  
166.   $checkONE = mysql_query("SELECT * FROM users WHERE username = '$_POST[username]'") or die(mysql_error());
167.  
168.   $checkTWO = mysql_num_rows($checkONE);
169.  
170.     if($checkTWO == 0)
171.  
172.     {
173.  
174.       login();
175.  
176.           die('Sorry, The User/Pass Cobonation Was Incorrect, Please Try Again');
177.  
178.     }
179.  
180.    while($info = mysql_fetch_array($checkONE))
181.  
182.      {
183.  
184.        if($_POST['password'] != $info['password'])
185.  
186.          {
187.  
188.        login();
189.  
190.            die('Sorry, The User/Pass Cobonation Was Incorrect, Please Try Again');
191.  
192.           }  
193.    
194.     else
195.  
196.       {
197.  
198.         $_SESSION['username'] = htmlentities($_POST['username']);
199.         $_SESSION['fingerprint'] = $random . $_SESSION['username'];
200.         $_SESSION['login'] = $_SESSION['fingerprint'] . $_SERVER['REMOTE_ADDR'];
201.  
202.       }
203.  
204.     }
205.  
206.   }
207.  
208.  else
209.  
210.  {
211.  
212.  login();
213.  
214.  }
215.  
216. ?>