<?php session_start(); $uri = $_SERVER['REQUEST_URI']; function displaylo

1. <?php
2. session_start();
3. $uri = $_SERVER['REQUEST_URI'];
4. function displaylogon($alert, $uri)
5. {
6.  
7. echo "<form method='post' action='$uri'>";
8. echo "<table>";
9. echo "<tr><td>Login Name<br /></td></tr>" ;
10. echo "<tr><td><input type='text' name='loginname' size='15'/></td></tr>";
11. echo "<tr><td>Login Password</td></tr>";
12. echo "<tr><td><input type='password' name='loginpassword' maxlength='15' size='15'/></td></tr>";
13. echo "<tr><td><span class='alert'>$alert</span></td></tr>";
14. echo "<tr><td><input type='submit' name='loginbutton' value='Login' /></td></tr>";
15. echo "</table>";
16. echo "</form>";
17. echo "<br />";
18. echo "<br />";
19. echo "<a href='../main/registeruser.php'>New User</a>";
20. echo "<br />";
21. }
22. function displaywelcome($uri)
23. {
24. echo "<p>";
25.  
26. if($_SESSION['admin']==true)
27. {
28. echo "Welcome Administrator";
29. echo "<br/>";
30. echo "<br/>";
31. echo "<a href='../admin/admin.php'>Admin Page</a>";
32. }
33. else
34. {
35. echo "Welcome " . $_SESSION['firstname'];
36. echo "<br/>";
37. echo "<br/>";
38. echo "<a href='../main/cart.php'>View Cart</a>";
39. }
40. echo "</p>";
41.  
42. echo "<form action='../main/homepage.php' method='post'>";
43. echo "<table>";
44. echo "<tr>";
45. echo "<td><input type='hidden' value='true' name='logout' />";
46. echo "<input type='submit' value='Log out' /></td>";
47. echo "</tr>";
48. echo "</table>";
49. echo "</form>";
50. }
51.  
52. if($_POST['logout']==true)
53. {
54. //log the user out
55. session_destroy();
56.  
57. $alert = "You are now logged out.";
58. displaylogon($alert, $uri);
59. }
60. else
61. {
62.  
63. if (isset($_SESSION['username']))
64. {
65. if($_POST['logout']==true)
66. {
67. //log the user out
68. session_destroy();
69. header('location:..\main\homepage.php?');
70. //$alert = "You are now logged out.";
71. //displaylogon($alert, $uri);
72. }
73. else
74. {
75. displaywelcome($uri);
76. }
77. }
78. else if(isset($_POST['loginname']))
79. {
80. //check for admin login
81. if((strcmp("super",$_POST['loginname'])==0)&& (strcmp("super",$_POST['loginpassword'])==0))
82. {
83. //set up session variables
84. session_register('firstname');
85. session_register('username');
86. session_register('admin');
87. $_SESSION['admin']=true;
88. $_SESSION['firstname']= 'super';
89. $_SESSION['username']= 'super';
90.  
91. displaywelcome($uri);
92.  
93. }
94. else
95. {
96. //check user name is valid
97. @ $fp = fopen("../datafiles/users.txt","r");
98. if ($fp == null)
99. {
100. $alert = "An error has occurred, please try again.";
101. displaylogon($alert, $uri);
102. }
103. else
104. {
105. $match = false;
106. while (!feof($fp))
107. {
108. $line = fgetss($fp);
109. //only check if line from file is not blank.
110. if (!(($line =="") || ($line==null)))
111. {
112. $linearray = explode("\t",$line);
113. //check if username and password match
114. if((strnatcasecmp($linearray[2],$_POST['loginname'])==0)&& (strcmp($linearray[0],$_POST['loginpassword'])==0))
115. {
116. $match = true;
117. }
118. }
119. }
120.  
121. if ($match == true)
122. {
123. //set up session variables
124. session_register('firstname');
125. session_register('username');
126. $_SESSION['firstname']= $_POST['loginpassword'];
127. $_SESSION['username']= $_POST['loginname'];
128.  
129. displaywelcome($uri);
130.  
131.  
132. }
133. else
134. {
135. $alert = "Username or password is incorrect.";
136. displaylogon($alert, $uri);
137. }
138. fclose($fp);
139. }
140. }
141. }
142. else
143. {
144. //send the user back to where they came from
145. $alert="";
146. displaylogon($alert, $uri);
147.  
148.  
149. }
150. }
151. ?>