Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //allow sessions to be passed so we can see if the user is logged in
- session_start();
- //redirect them to the usersonline page
- header('Location: usersOnline.php');
- //connect to the database so we can check, edit, or insert data to our users table
- $con = mysql_connect('localhost', 'root', 'root') or die(mysql_error());
- $db = mysql_select_db('tournaments', $con) or die(mysql_error());
- //include out functions file giving us access to the protect() function made earlier
- include "functions.php";
- ?>
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
- <link rel="stylesheet" type="text/css" href="style.css">
- <title>untitled</title>
- </head>
- <body>
- <?php
- //If the user has submitted the form
- if($_POST['submit']){
- //protect the posted value then store them to variables
- $username = protect($_POST['username']);
- $password = protect($_POST['password']);
- //Check if the username or password boxes were not filled in
- if(!$username || !$password){
- //if not display an error message
- echo "<center>You need to fill in a <b>Username</b> and a <b>Password</b>!</center>";
- }else{
- //if the were continue checking
- //select all rows from the table where the username matches the one entered by the user
- $res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."'");
- $num = mysql_num_rows($res);
- //check if there was not a match
- if($num == 0){
- //if not display an error message
- echo "<center>The <b>Username</b> you supplied does not exist!</center>";
- }else{
- //if there was a match continue checking
- //select all rows where the username and password match the ones submitted by the user
- $res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'");
- $num = mysql_num_rows($res);
- //check if there was not a match
- if($num == 0){
- //if not display error message
- echo "<center>The <b>Password</b> you supplied does not match the one for that username!</center>";
- }else{
- //if there was continue checking
- //split all fields fom the correct row into an associative array
- $row = mysql_fetch_assoc($res);
- //check to see if the user has not activated their account yet
- if($row['active'] != 1){
- //if not display error message
- echo "<center>You have not yet <b>Activated</b> your account!</center>";
- }else{
- //if they have log them in
- //set the login session storing there id - we use this to see if they are logged in or not
- $_SESSION['uid'] = $row['id'];
- //show message
- echo "<center>You have successfully logged in!</center>";
- //set the session username to call their name when logged in
- $_SESSION['user_name'] = $row['username'];
- echo $_SESSION['user_name'];
- //update the online field to 50 seconds into the future
- $time = date('U')+50;
- mysql_query("UPDATE `users` SET `online` = '".$time."' WHERE `id` = '".$_SESSION['uid']."'");
- }
- }
- }
- }
- }
- ?>
- <form action="login.php" method="post">
- <div id="border">
- <?php include("menu.php"); ?>
- <table border="0" cellpadding="2" cellspacing="0">
- <tbody><tr>
- <td>Username:</td>
- <td><input name="username" type="text"></td>
- </tr>
- <tr>
- <td>Password:</td>
- <td><input name="password" type="password"></td>
- </tr>
- <tr>
- <td colspan="2" align="center"><input name="submit" value="Login" type="submit"></td>
- </tr>
- <tr>
- <td colspan="2" align="center"><a href="register.php">Register</a> | <a href="forgot.php">Forgot Pass</a></td>
- </tr>
- </tbody></table>
- </div>
- </form>
- </body>
- </html>
Add Comment
Please, Sign In to add comment