<?php//allow sessions to be passed so we can see if the user is logged ins

1. <?php
2.  
3. //allow sessions to be passed so we can see if the user is logged in
4. session_start();
5. //redirect them to the usersonline page
6. header('Location: usersOnline.php');
7. //connect to the database so we can check, edit, or insert data to our users table
8. $con = mysql_connect('localhost', 'root', 'root') or die(mysql_error());
9. $db = mysql_select_db('tournaments', $con) or die(mysql_error());
10.  
11. //include out functions file giving us access to the protect() function made earlier
12. include "functions.php";
13.  
14. ?>
15. <!DOCTYPE html>
16. <html lang="en">
17. <head>
18. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
19. <link rel="stylesheet" type="text/css" href="style.css">
20. <title>untitled</title>
21. </head>
22. <body>
23. <?php
24.  
25. //If the user has submitted the form
26. if($_POST['submit']){
27. //protect the posted value then store them to variables
28. $username = protect($_POST['username']);
29. $password = protect($_POST['password']);
30.  
31. //Check if the username or password boxes were not filled in
32. if(!$username || !$password){
33. //if not display an error message
34. echo "<center>You need to fill in a <b>Username</b> and a <b>Password</b>!</center>";
35. }else{
36. //if the were continue checking
37.  
38.  
39. //select all rows from the table where the username matches the one entered by the user
40. $res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."'");
41. $num = mysql_num_rows($res);
42.  
43. //check if there was not a match
44. if($num == 0){
45. //if not display an error message
46. echo "<center>The <b>Username</b> you supplied does not exist!</center>";
47. }else{
48. //if there was a match continue checking
49.  
50. //select all rows where the username and password match the ones submitted by the user
51. $res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'");
52. $num = mysql_num_rows($res);
53.  
54. //check if there was not a match
55. if($num == 0){
56. //if not display error message
57. echo "<center>The <b>Password</b> you supplied does not match the one for that username!</center>";
58. }else{
59. //if there was continue checking
60.  
61. //split all fields fom the correct row into an associative array
62. $row = mysql_fetch_assoc($res);
63.  
64. //check to see if the user has not activated their account yet
65. if($row['active'] != 1){
66. //if not display error message
67. echo "<center>You have not yet <b>Activated</b> your account!</center>";
68. }else{
69. //if they have log them in
70.  
71. //set the login session storing there id - we use this to see if they are logged in or not
72. $_SESSION['uid'] = $row['id'];
73. //show message
74. echo "<center>You have successfully logged in!</center>";
75.  
76. //set the session username to call their name when logged in
77. $_SESSION['user_name'] = $row['username'];
78. echo $_SESSION['user_name'];
79.  
80. //update the online field to 50 seconds into the future
81. $time = date('U')+50;
82. mysql_query("UPDATE `users` SET `online` = '".$time."' WHERE `id` = '".$_SESSION['uid']."'");
83.  
84. }
85. }
86. }
87. }
88. }
89. ?>
90. <form action="login.php" method="post">
91. <div id="border">
92. <?php include("menu.php"); ?>
93. <table border="0" cellpadding="2" cellspacing="0">
94. <tbody><tr>
95. <td>Username:</td>
96. <td><input name="username" type="text"></td>
97. </tr>
98. <tr>
99. <td>Password:</td>
100. <td><input name="password" type="password"></td>
101. </tr>
102. <tr>
103. <td colspan="2" align="center"><input name="submit" value="Login" type="submit"></td>
104. </tr>
105. <tr>
106. <td colspan="2" align="center"><a href="register.php">Register</a> | <a href="forgot.php">Forgot Pass</a></td>
107. </tr>
108. </tbody></table>
109. </div>
110. </form>
111. </body>
112. </html>