database.php:<?/** * Connect to the mysql database. */$conn = mysql_

1. database.php:
2. <?
3.  
4. /**
5. * Connect to the mysql database.
6. */
7. $conn = mysql_connect("localhost", "your_username", "your_password") or die(mysql_error());
8. mysql_select_db('your_database', $conn) or die(mysql_error());
9.  
10. ?>
11.  
12. register.php:
13. <?
14. session_start();
15. include("database.php");
16.  
17. /**
18. * Returns true if the username has been taken
19. * by another user, false otherwise.
20. */
21. function usernameTaken($username){
22. global $conn;
23. if(!get_magic_quotes_gpc()){
24. $username = addslashes($username);
25. }
26. $q = "select username from users where username = '$username'";
27. $result = mysql_query($q,$conn);
28. return (mysql_numrows($result) > 0);
29. }
30.  
31. /**
32. * Inserts the given (username, password) pair
33. * into the database. Returns true on success,
34. * false otherwise.
35. */
36. function addNewUser($username, $password){
37. global $conn;
38. $q = "INSERT INTO users VALUES ('$username', '$password')";
39. return mysql_query($q,$conn);
40. }
41.  
42. /**
43. * Displays the appropriate message to the user
44. * after the registration attempt. It displays a
45. * success or failure status depending on a
46. * session variable set during registration.
47. */
48. function displayStatus(){
49. $uname = $_SESSION['reguname'];
50. if($_SESSION['regresult']){
51. ?>
52.  
53. <h1>Registered!</h1>
54. <p>Thank you <b><? echo $uname; ?></b>, your information has been added to the database, you may now <a href="main.php" title="Login">log in</a>.</p>
55.  
56. <?
57. }
58. else{
59. ?>
60.  
61. <h1>Registration Failed</h1>
62. <p>We're sorry, but an error has occurred and your registration for the username <b><? echo $uname; ?></b>, could not be completed.<br>
63. Please try again at a later time.</p>
64.  
65. <?
66. }
67. unset($_SESSION['reguname']);
68. unset($_SESSION['registered']);
69. unset($_SESSION['regresult']);
70. }
71.  
72. if(isset($_SESSION['registered'])){
73. /**
74. * This is the page that will be displayed after the
75. * registration has been attempted.
76. */
77. ?>
78.  
79. <html>
80. <title>Registration Page</title>
81. <body>
82.  
83. <? displayStatus(); ?>
84.  
85. </body>
86. </html>
87.  
88. <?
89. return;
90. }
91.  
92. /**
93. * Determines whether or not to show to sign-up form
94. * based on whether the form has been submitted, if it
95. * has, check the database for consistency and create
96. * the new account.
97. */
98. if(isset($_POST['subjoin'])){
99. /* Make sure all fields were entered */
100. if(!$_POST['user'] || !$_POST['pass']){
101. die('You didn\'t fill in a required field.');
102. }
103.  
104. /* Spruce up username, check length */
105. $_POST['user'] = trim($_POST['user']);
106. if(strlen($_POST['user']) > 30){
107. die("Sorry, the username is longer than 30 characters, please shorten it.");
108. }
109.  
110. /* Check if username is already in use */
111. if(usernameTaken($_POST['user'])){
112. $use = $_POST['user'];
113. die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one.");
114. }
115.  
116. /* Add the new account to the database */
117. $md5pass = md5($_POST['pass']);
118. $_SESSION['reguname'] = $_POST['user'];
119. $_SESSION['regresult'] = addNewUser($_POST['user'], $md5pass);
120. $_SESSION['registered'] = true;
121. echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
122. return;
123. }
124. else{
125. /**
126. * This is the page with the sign-up form, the names
127. * of the input fields are important and should not
128. * be changed.
129. */
130. ?>
131.  
132. <html>
133. <title>Registration Page</title>
134. <body>
135. <h1>Register</h1>
136. <form action="<? echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post">
137. <table align="left" border="0" cellspacing="0" cellpadding="3">
138. <tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr>
139. <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr>
140. <tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="Join!"></td></tr>
141. </table>
142. </form>
143. </body>
144. </html>
145.  
146.  
147. <?
148. }
149. ?>
150.  
151.  
152. login.php:
153. <?
154.  
155. /**
156. * Checks whether or not the given username is in the
157. * database, if so it checks if the given password is
158. * the same password in the database for that user.
159. * If the user doesn't exist or if the passwords don't
160. * match up, it returns an error code (1 or 2).
161. * On success it returns 0.
162. */
163. function confirmUser($username, $password){
164. global $conn;
165. /* Add slashes if necessary (for query) */
166. if(!get_magic_quotes_gpc()) {
167. $username = addslashes($username);
168. }
169.  
170. /* Verify that user is in database */
171. $q = "select password from users where username = '$username'";
172. $result = mysql_query($q,$conn);
173. if(!$result || (mysql_numrows($result) < 1)){
174. return 1; //Indicates username failure
175. }
176.  
177. /* Retrieve password from result, strip slashes */
178. $dbarray = mysql_fetch_array($result);
179. $dbarray['password'] = stripslashes($dbarray['password']);
180. $password = stripslashes($password);
181.  
182. /* Validate that password is correct */
183. if($password == $dbarray['password']){
184. return 0; //Success! Username and password confirmed
185. }
186. else{
187. return 2; //Indicates password failure
188. }
189. }
190.  
191. /**
192. * checkLogin - Checks if the user has already previously
193. * logged in, and a session with the user has already been
194. * established. Also checks to see if user has been remembered.
195. * If so, the database is queried to make sure of the user's
196. * authenticity. Returns true if the user has logged in.
197. */
198. function checkLogin(){
199. /* Check if user has been remembered */
200. if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
201. $_SESSION['username'] = $_COOKIE['cookname'];
202. $_SESSION['password'] = $_COOKIE['cookpass'];
203. }
204.  
205. /* Username and password have been set */
206. if(isset($_SESSION['username']) && isset($_SESSION['password'])){
207. /* Confirm that username and password are valid */
208. if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
209. /* Variables are incorrect, user not logged in */
210. unset($_SESSION['username']);
211. unset($_SESSION['password']);
212. return false;
213. }
214. return true;
215. }
216. /* User not logged in */
217. else{
218. return false;
219. }
220. }
221.  
222. /**
223. * Determines whether or not to display the login
224. * form or to show the user that he is logged in
225. * based on if the session variables are set.
226. */
227. function displayLogin(){
228. global $logged_in;
229. if($logged_in){
230. echo "<h1>Logged In!</h1>";
231. echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>";
232. }
233. else{
234. ?>
235.  
236. <h1>Login</h1>
237. <form action="" method="post">
238. <table align="left" border="0" cellspacing="0" cellpadding="3">
239. <tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr>
240. <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr>
241. <tr><td colspan="2" align="left"><input type="checkbox" name="remember">
242. <font size="2">Remember me next time</td></tr>
243. <tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr>
244. <tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr>
245. </table>
246. </form>
247.  
248. <?
249. }
250. }
251.  
252.  
253. /**
254. * Checks to see if the user has submitted his
255. * username and password through the login form,
256. * if so, checks authenticity in database and
257. * creates session.
258. */
259. if(isset($_POST['sublogin'])){
260. /* Check that all fields were typed in */
261. if(!$_POST['user'] || !$_POST['pass']){
262. die('You didn\'t fill in a required field.');
263. }
264. /* Spruce up username, check length */
265. $_POST['user'] = trim($_POST['user']);
266. if(strlen($_POST['user']) > 30){
267. die("Sorry, the username is longer than 30 characters, please shorten it.");
268. }
269.  
270. /* Checks that username is in database and password is correct */
271. $md5pass = md5($_POST['pass']);
272. $result = confirmUser($_POST['user'], $md5pass);
273.  
274. /* Check error codes */
275. if($result == 1){
276. die('That username doesn\'t exist in our database.');
277. }
278. else if($result == 2){
279. die('Incorrect password, please try again.');
280. }
281.  
282. /* Username and password correct, register session variables */
283. $_POST['user'] = stripslashes($_POST['user']);
284. $_SESSION['username'] = $_POST['user'];
285. $_SESSION['password'] = $md5pass;
286.  
287. /**
288. * This is the cool part: the user has requested that we remember that
289. * he's logged in, so we set two cookies. One to hold his username,
290. * and one to hold his md5 encrypted password. We set them both to
291. * expire in 100 days. Now, next time he comes to our site, we will
292. * log him in automatically.
293. */
294. if(isset($_POST['remember'])){
295. setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
296. setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
297. }
298.  
299. /* Quick self-redirect to avoid resending data on refresh */
300. echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
301. return;
302. }
303.  
304. /* Sets the value of the logged_in variable, which can be used in your code */
305. $logged_in = checkLogin();
306.  
307. ?>
308.  
309.  
310. logout.php:
311. <?
312. session_start();
313. include("database.php");
314. include("login.php");
315.  
316. /**
317. * Delete cookies - the time must be in the past,
318. * so just negate what you added when creating the
319. * cookie.
320. */
321. if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
322. setcookie("cookname", "", time()-60*60*24*100, "/");
323. setcookie("cookpass", "", time()-60*60*24*100, "/");
324. }
325.  
326. ?>
327.  
328. <html>
329. <title>Logging Out</title>
330. <body>
331.  
332. <?
333.  
334. if(!$logged_in){
335. echo "<h1>Error!</h1>\n";
336. echo "You are not currently logged in, logout failed. Back to <a href=\"main.php\">main</a>";
337. }
338. else{
339. /* Kill session variables */
340. unset($_SESSION['username']);
341. unset($_SESSION['password']);
342. $_SESSION = array(); // reset session array
343. session_destroy(); // destroy session.
344.  
345. echo "<h1>Logged Out</h1>\n";
346. echo "You have successfully <b>logged out</b>. Back to <a href=\"main.php\">main</a>";
347. }
348.  
349. ?>
350.  
351. </body>
352. </html>
353. main.php:
354. <?
355. /* Include Files *********************/
356. session_start();
357. include("database.php");
358. include("login.php");
359. /*************************************/
360. ?>
361.  
362. <html>
363. <title>Jpmaster77's Login Script</title>
364. <body>
365.  
366. <? displayLogin(); ?>
367.  
368. </body>
369. </html>
370. main2.php:
371. <?
372. /* Include Files *********************/
373. session_start();
374. include("database.php");
375. include("login.php");
376. /*************************************/
377. ?>
378.  
379. <html>
380. <title>Jpmaster77's Login Script</title>
381. <body>
382.  
383. <?
384. if($logged_in){
385. echo 'Logged in as '.$_SESSION['username'].', <a href="logout.php">logout</a>';
386. }else{
387. echo 'Not logged in.';
388. }
389. ?>
390.  
391. </body>
392. </html>
393.  
394.  
395.  
396.  
397.  
398.  
399. end
400. ----------