<?php$page_title = 'Log In';require_once('dbc.php');require_once('startses

1. <?php
2. $page_title = 'Log In';
3. require_once('dbc.php');
4. require_once('startsession.php');
5. require_once('header.php');
6. require_once('navmenu.php');
7.  
8. // Clear the error message
9. $error_msg = "";
10.  
11. if (!isset($_SESSION['ID']))
12. {
13.     if (isset($_COOKIE['ID']) && isset($_COOKIE['username']))
14.     {
15.         $_SESSION['ID'] = $_COOKIE['ID'];
16.         $_SESSION['username'] = $_COOKIE['username'];
17.     }
18.     if (isset($_POST['submit']))
19.     {
20.         // Connect to the database
21.         $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
22.  
23.         // Grab the user-entered log-in data
24.         $username = mysqli_real_escape_string($dbc, trim($_POST['username']));
25.         $password = mysqli_real_escape_string($dbc, trim($_POST['password']));
26.  
27.         if (!empty($username) && !empty($password))
28.         {
29.             // Look up the username and password in the database
30.             $query = "SELECT ID, username FROM users WHERE username = '$username' AND password = SHA('$password')";
31.             $data = mysqli_query($dbc, $query)
32.                     or die(mysqli_error($dbc));
33.  
34.             if (mysqli_num_rows($data) == 1)
35.             {
36.                 // The log-in is OK so set the user ID and username session vars (and cookies), and redirect to the home page
37.                 $row = mysqli_fetch_array($data);
38.                 $_SESSION['ID'] = $row['ID'];
39.                 $_SESSION['username'] = $row['username'];
40.                 setcookie('ID', $row['ID'], time() + (60 * 60 * 24 * 30));    // expires in 30 days
41.                 setcookie('username', $row['username'], time() + (60 * 60 * 24 * 30));  // expires in 30 days
42.                 $home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php';
43.                 header('Location: ' . $home_url);
44.             }
45.             else
46.             {
47.                 // The username/password are incorrect so set an error message
48.                 $error_msg = 'Sorry, you must enter a valid username and password to log in.';
49.             }
50.         }
51.         else
52.         {
53.             // The username/password weren't entered so set an error message
54.             $error_msg = 'Sorry, you must enter your username and password to log in.';
55.         }
56.     }
57. }
58.  
59. // Insert the page header
60. $page_title = 'Log In';
61. require_once('header.php');
62.  
63. // If the session var is empty, show any error message and the log-in form; otherwise confirm the log-in
64. if (empty($_SESSION['ID']))
65. {
66.     echo '<p class="error">' . $error_msg . '</p>';
67. ?>
68.  
69. <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
70. <fieldset>
71.   <legend>Log In</legend>
72.   <label for="username">Username:</label>
73.   <input type="text" name="username" value="<?php if (!empty($username)) echo $username; ?>" /><br />
74.   <label for="password">Password:</label>
75.   <input type="text" name="password" />
76. </fieldset>
77. <input type="submit" value="Log In" name="submit" />
78. </form>
79.  
80. <?php
81. }
82. else
83. {
84.     // Confirm the successful log-in
85.     echo('<p class="login">You are logged in as ' . $_SESSION['username'] . '.</p>');
86. }
87. ?>
88.  
89. <?php
90. // Insert the page footer
91. require_once('footer.php');
92. ?>