Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include_once('config.php');
- // Reset errors and success messages
- $errors = array();
- $success = array();
- // Login attempt
- if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true'){
- $loginEmail = trim($_POST['email']);
- $loginPassword = trim($_POST['password']);
- if (!eregi("^[^@]{1,64}@[^@]{1,255}$", $loginEmail))
- $errors['loginEmail'] = 'Your email address is invalid.';
- if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12)
- $errors['loginPassword'] = 'Your password must be between 6-12 characters.';
- if(!$errors){
- $query = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($loginEmail) . '" AND password = MD5("' . $loginPassword . '") LIMIT 1';
- $result = mysql_query($query);
- if(mysql_num_rows($result) == 1){
- $user = mysql_fetch_assoc($result);
- $query = 'UPDATE users SET session_id = "' . session_id() . '" WHERE id = ' . $user['id'] . ' LIMIT 1';
- mysql_query($query);
- header('Location: index.php');
- exit;
- }else{
- $errors['login'] = 'No user was found with the details provided.';
- }
- }
- }
- // Register attempt
- if(isset($_POST['registerSubmit']) && $_POST['registerSubmit'] == 'true'){
- $registerEmail = trim($_POST['email']);
- $registerPassword = trim($_POST['password']);
- $registerConfirmPassword = trim($_POST['confirmPassword']);
- if (!eregi("^[^@]{1,64}@[^@]{1,255}$", $registerEmail))
- $errors['registerEmail'] = 'Your email address is invalid.';
- if(strlen($registerPassword) < 6 || strlen($registerPassword) > 12)
- $errors['registerPassword'] = 'Your password must be between 6-12 characters.';
- if($registerPassword != $registerConfirmPassword)
- $errors['registerConfirmPassword'] = 'Your passwords did not match.';
- // Check to see if we have a user registered with this email address already
- $query = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($registerEmail) . '" LIMIT 1';
- $result = mysql_query($query);
- if(mysql_num_rows($result) == 1)
- $errors['registerEmail'] = 'This email address already exists.';
- if(!$errors){
- $query = 'INSERT INTO users SET email = "' . mysql_real_escape_string($registerEmail) . '",
- password = MD5("' . mysql_real_escape_string($registerPassword) . '"),
- date_registered = "' . date('Y-m-d H:i:s') . '"';
- if(mysql_query($query)){
- $success['register'] = 'Thank you for registering. You can now log in on the left.';
- }else{
- $errors['register'] = 'There was a problem registering you. Please check your details and try again.';
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement