Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- database.php:
- <?
- /**
- * Connect to the mysql database.
- */
- $conn = mysql_connect("localhost", "your_username", "your_password") or die(mysql_error());
- mysql_select_db('your_database', $conn) or die(mysql_error());
- ?>
- register.php:
- <?
- session_start();
- include("database.php");
- /**
- * Returns true if the username has been taken
- * by another user, false otherwise.
- */
- function usernameTaken($username){
- global $conn;
- if(!get_magic_quotes_gpc()){
- $username = addslashes($username);
- }
- $q = "select username from users where username = '$username'";
- $result = mysql_query($q,$conn);
- return (mysql_numrows($result) > 0);
- }
- /**
- * Inserts the given (username, password) pair
- * into the database. Returns true on success,
- * false otherwise.
- */
- function addNewUser($username, $password){
- global $conn;
- $q = "INSERT INTO users VALUES ('$username', '$password')";
- return mysql_query($q,$conn);
- }
- /**
- * Displays the appropriate message to the user
- * after the registration attempt. It displays a
- * success or failure status depending on a
- * session variable set during registration.
- */
- function displayStatus(){
- $uname = $_SESSION['reguname'];
- if($_SESSION['regresult']){
- ?>
- <h1>Registered!</h1>
- <p>Thank you <b><? echo $uname; ?></b>, your information has been added to the database, you may now <a href="main.php" title="Login">log in</a>.</p>
- <?
- }
- else{
- ?>
- <h1>Registration Failed</h1>
- <p>We're sorry, but an error has occurred and your registration for the username <b><? echo $uname; ?></b>, could not be completed.<br>
- Please try again at a later time.</p>
- <?
- }
- unset($_SESSION['reguname']);
- unset($_SESSION['registered']);
- unset($_SESSION['regresult']);
- }
- if(isset($_SESSION['registered'])){
- /**
- * This is the page that will be displayed after the
- * registration has been attempted.
- */
- ?>
- <html>
- <title>Registration Page</title>
- <body>
- <? displayStatus(); ?>
- </body>
- </html>
- <?
- return;
- }
- /**
- * Determines whether or not to show to sign-up form
- * based on whether the form has been submitted, if it
- * has, check the database for consistency and create
- * the new account.
- */
- if(isset($_POST['subjoin'])){
- /* Make sure all fields were entered */
- if(!$_POST['user'] || !$_POST['pass']){
- die('You didn\'t fill in a required field.');
- }
- /* Spruce up username, check length */
- $_POST['user'] = trim($_POST['user']);
- if(strlen($_POST['user']) > 30){
- die("Sorry, the username is longer than 30 characters, please shorten it.");
- }
- /* Check if username is already in use */
- if(usernameTaken($_POST['user'])){
- $use = $_POST['user'];
- die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one.");
- }
- /* Add the new account to the database */
- $md5pass = md5($_POST['pass']);
- $_SESSION['reguname'] = $_POST['user'];
- $_SESSION['regresult'] = addNewUser($_POST['user'], $md5pass);
- $_SESSION['registered'] = true;
- echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
- return;
- }
- else{
- /**
- * This is the page with the sign-up form, the names
- * of the input fields are important and should not
- * be changed.
- */
- ?>
- <html>
- <title>Registration Page</title>
- <body>
- <h1>Register</h1>
- <form action="<? echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post">
- <table align="left" border="0" cellspacing="0" cellpadding="3">
- <tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr>
- <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr>
- <tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="Join!"></td></tr>
- </table>
- </form>
- </body>
- </html>
- <?
- }
- ?>
- login.php:
- <?
- /**
- * Checks whether or not the given username is in the
- * database, if so it checks if the given password is
- * the same password in the database for that user.
- * If the user doesn't exist or if the passwords don't
- * match up, it returns an error code (1 or 2).
- * On success it returns 0.
- */
- function confirmUser($username, $password){
- global $conn;
- /* Add slashes if necessary (for query) */
- if(!get_magic_quotes_gpc()) {
- $username = addslashes($username);
- }
- /* Verify that user is in database */
- $q = "select password from users where username = '$username'";
- $result = mysql_query($q,$conn);
- if(!$result || (mysql_numrows($result) < 1)){
- return 1; //Indicates username failure
- }
- /* Retrieve password from result, strip slashes */
- $dbarray = mysql_fetch_array($result);
- $dbarray['password'] = stripslashes($dbarray['password']);
- $password = stripslashes($password);
- /* Validate that password is correct */
- if($password == $dbarray['password']){
- return 0; //Success! Username and password confirmed
- }
- else{
- return 2; //Indicates password failure
- }
- }
- /**
- * checkLogin - Checks if the user has already previously
- * logged in, and a session with the user has already been
- * established. Also checks to see if user has been remembered.
- * If so, the database is queried to make sure of the user's
- * authenticity. Returns true if the user has logged in.
- */
- function checkLogin(){
- /* Check if user has been remembered */
- if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
- $_SESSION['username'] = $_COOKIE['cookname'];
- $_SESSION['password'] = $_COOKIE['cookpass'];
- }
- /* Username and password have been set */
- if(isset($_SESSION['username']) && isset($_SESSION['password'])){
- /* Confirm that username and password are valid */
- if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
- /* Variables are incorrect, user not logged in */
- unset($_SESSION['username']);
- unset($_SESSION['password']);
- return false;
- }
- return true;
- }
- /* User not logged in */
- else{
- return false;
- }
- }
- /**
- * Determines whether or not to display the login
- * form or to show the user that he is logged in
- * based on if the session variables are set.
- */
- function displayLogin(){
- global $logged_in;
- if($logged_in){
- echo "<h1>Logged In!</h1>";
- echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>";
- }
- else{
- ?>
- <h1>Login</h1>
- <form action="" method="post">
- <table align="left" border="0" cellspacing="0" cellpadding="3">
- <tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr>
- <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr>
- <tr><td colspan="2" align="left"><input type="checkbox" name="remember">
- <font size="2">Remember me next time</td></tr>
- <tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr>
- <tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr>
- </table>
- </form>
- <?
- }
- }
- /**
- * Checks to see if the user has submitted his
- * username and password through the login form,
- * if so, checks authenticity in database and
- * creates session.
- */
- if(isset($_POST['sublogin'])){
- /* Check that all fields were typed in */
- if(!$_POST['user'] || !$_POST['pass']){
- die('You didn\'t fill in a required field.');
- }
- /* Spruce up username, check length */
- $_POST['user'] = trim($_POST['user']);
- if(strlen($_POST['user']) > 30){
- die("Sorry, the username is longer than 30 characters, please shorten it.");
- }
- /* Checks that username is in database and password is correct */
- $md5pass = md5($_POST['pass']);
- $result = confirmUser($_POST['user'], $md5pass);
- /* Check error codes */
- if($result == 1){
- die('That username doesn\'t exist in our database.');
- }
- else if($result == 2){
- die('Incorrect password, please try again.');
- }
- /* Username and password correct, register session variables */
- $_POST['user'] = stripslashes($_POST['user']);
- $_SESSION['username'] = $_POST['user'];
- $_SESSION['password'] = $md5pass;
- /**
- * This is the cool part: the user has requested that we remember that
- * he's logged in, so we set two cookies. One to hold his username,
- * and one to hold his md5 encrypted password. We set them both to
- * expire in 100 days. Now, next time he comes to our site, we will
- * log him in automatically.
- */
- if(isset($_POST['remember'])){
- setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
- setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
- }
- /* Quick self-redirect to avoid resending data on refresh */
- echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
- return;
- }
- /* Sets the value of the logged_in variable, which can be used in your code */
- $logged_in = checkLogin();
- ?>
- logout.php:
- <?
- session_start();
- include("database.php");
- include("login.php");
- /**
- * Delete cookies - the time must be in the past,
- * so just negate what you added when creating the
- * cookie.
- */
- if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
- setcookie("cookname", "", time()-60*60*24*100, "/");
- setcookie("cookpass", "", time()-60*60*24*100, "/");
- }
- ?>
- <html>
- <title>Logging Out</title>
- <body>
- <?
- if(!$logged_in){
- echo "<h1>Error!</h1>\n";
- echo "You are not currently logged in, logout failed. Back to <a href=\"main.php\">main</a>";
- }
- else{
- /* Kill session variables */
- unset($_SESSION['username']);
- unset($_SESSION['password']);
- $_SESSION = array(); // reset session array
- session_destroy(); // destroy session.
- echo "<h1>Logged Out</h1>\n";
- echo "You have successfully <b>logged out</b>. Back to <a href=\"main.php\">main</a>";
- }
- ?>
- </body>
- </html>
- main.php:
- <?
- /* Include Files *********************/
- session_start();
- include("database.php");
- include("login.php");
- /*************************************/
- ?>
- <html>
- <title>Jpmaster77's Login Script</title>
- <body>
- <? displayLogin(); ?>
- </body>
- </html>
- main2.php:
- <?
- /* Include Files *********************/
- session_start();
- include("database.php");
- include("login.php");
- /*************************************/
- ?>
- <html>
- <title>Jpmaster77's Login Script</title>
- <body>
- <?
- if($logged_in){
- echo 'Logged in as '.$_SESSION['username'].', <a href="logout.php">logout</a>';
- }else{
- echo 'Not logged in.';
- }
- ?>
- </body>
- </html>
- end
- ----------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement