Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- My login.php
- <?php
- session_start(); //allows session
- include "config.php";
- if($logged[id]) {
- //welcomes the member
- echo "Welcome $logged[username]<br><br>";
- //shows the user menu
- $new = mysql_query("select * from pmessages where unread = 'unread' and touser = '$logged[username]'");
- $new = mysql_num_rows($new);
- echo "
- - <a href='welcome.php'>Members Page</a><br>
- - <a href='members.php'>View Members</a><br>
- - <a href='editprofile.php'>Edit Profile</a><br>
- - <a href='members.php?user=$logged[username]'>View Your Profile</a><br><br>
- - <a href='messages.php'>Private Messages ($new New)</a><br>
- - <a href='newfriends.php'>Friend Requests</a><br>
- - <a href='changepassword.php'>Change Password</a><br>
- - <a href='logout.php?logout'>Logout</a>";
- }else
- //if there trying to login
- if(isset($_GET['login'])) {
- //removes sql injections from the data
- $username= htmlspecialchars(addslashes($_POST[username]));
- //encrypts the password
- $password = sha1(md5(md5(sha1(md5(sha1(sha1(md5($_POST[password]))))))));
- //gets the username data from the members database
- $uinfo = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
- //see if the user exists
- $checkuser = mysql_num_rows($uinfo);
- //if user name not found in database error
- if($checkuser == '0')
- {
- echo "Username not found";
- }else{
- //fetch the sql
- $udata = mysql_fetch_array($uinfo);
- //checks see if the account is verified
- if($udata[userlevel] == 1) {
- echo "This account had not been verified.";
- }
- //if it is continue
- else
- //if the db password and the logged in password are the same login
- if($udata[password] == $password) {
- $query = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
- //fetchs the sql
- $user = mysql_fetch_array($query);
- $last_date = date("l, F j, Y h:i A");
- $update = mysql_query("UPDATE `members` SET `last_seen` = '$last_date' WHERE `username` = '$user[username]' AND `id` = '$user[id]';") or die(mysql_error());
- //sets the logged session
- $_SESSION['id'] = "$user[id]";
- $_SESSION['password'] = "$user[password]";
- echo "You are now logged in, Please wait. . .";
- //redirects them
- echo "<meta http-equiv='Refresh' content='2; URL=welcome.php'/>";
- }
- //wrong password
- else{
- echo "Incorrect username or password!";
- }
- }
- }else{
- //If not the above show the login form
- echo "<form action='login.php?login' method='post'>
- <table width='200'>
- <tr>
- <td width='120'>Username:</td>
- <td width='180'><input type='text' name='username' size='17' maxlength='50'></td>
- </tr>
- <tr>
- <td>Password:</td>
- <td><input type='password' name='password' size='17' maxlength='50'></td>
- </tr>
- <tr>
- <td colspan='2'><input type='submit' value='Login'></td>
- </tr>
- </table>
- </form>
- <a href='register.php'>Register to DE!</a> <strong>::</strong> <a href='forgotpass.php'>Forgot Password</a>";
- }
- ?>
- my config is still the same as here in the tut.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement