<?phpinclude_once('config.php');// Reset errors and success messages$e

1. <?php
2.  
3. include_once('config.php');
4.  
5. // Reset errors and success messages
6. $errors = array();
7. $success = array();
8.  
9. // Login attempt
10. if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true'){
11.     $loginEmail = trim($_POST['email']);
12.     $loginPassword  = trim($_POST['password']);
13.  
14.     if (!eregi("^[^@]{1,64}@[^@]{1,255}$", $loginEmail))
15.         $errors['loginEmail'] = 'Your email address is invalid.';
16.  
17.     if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12)
18.         $errors['loginPassword'] = 'Your password must be between 6-12 characters.';
19.  
20.     if(!$errors){
21.         $query  = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($loginEmail) . '" AND password = MD5("' . $loginPassword . '") LIMIT 1';
22.         $result = mysql_query($query);
23.         if(mysql_num_rows($result) == 1){
24.             $user = mysql_fetch_assoc($result);
25.             $query = 'UPDATE users SET session_id = "' . session_id() . '" WHERE id = ' . $user['id'] . ' LIMIT 1';
26.             mysql_query($query);
27.             header('Location: index.php');
28.             exit;
29.         }else{
30.             $errors['login'] = 'No user was found with the details provided.';
31.         }
32.     }
33. }
34.  
35. // Register attempt
36. if(isset($_POST['registerSubmit']) && $_POST['registerSubmit'] == 'true'){
37.     $registerEmail = trim($_POST['email']);
38.     $registerPassword = trim($_POST['password']);
39.     $registerConfirmPassword    = trim($_POST['confirmPassword']);
40.  
41.     if (!eregi("^[^@]{1,64}@[^@]{1,255}$", $registerEmail))
42.         $errors['registerEmail'] = 'Your email address is invalid.';
43.  
44.     if(strlen($registerPassword) < 6 || strlen($registerPassword) > 12)
45.         $errors['registerPassword'] = 'Your password must be between 6-12 characters.';
46.  
47.     if($registerPassword != $registerConfirmPassword)
48.         $errors['registerConfirmPassword'] = 'Your passwords did not match.';
49.  
50.     // Check to see if we have a user registered with this email address already
51.     $query = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($registerEmail) . '" LIMIT 1';
52.     $result = mysql_query($query);
53.     if(mysql_num_rows($result) == 1)
54.         $errors['registerEmail'] = 'This email address already exists.';
55.  
56.     if(!$errors){
57.         $query = 'INSERT INTO users SET email = "' . mysql_real_escape_string($registerEmail) . '",
58.                                                                         password = MD5("' . mysql_real_escape_string($registerPassword) . '"),
59.                                                                         date_registered = "' . date('Y-m-d H:i:s') . '"';
60.  
61.         if(mysql_query($query)){
62.             $success['register'] = 'Thank you for registering. You can now log in on the left.';
63.         }else{
64.             $errors['register'] = 'There was a problem registering you. Please check your details and try again.';
65.         }
66.     }
67.  
68. }
69. ?>