<?php $host = "localhost";$dbname = "sisfo_php";$dbuser = "sisfo_sisfo";

1. <?php
2. $host = "localhost";
3. $dbname = "sisfo_php";
4. $dbuser = "sisfo_sisfo";
5. $dbpass = "49473";
6.  
7. $mysql = mysql_connect($host,$dbuser,$dbpass);
8. mysql_select_db($dbname) or die('db does not exist');
9. if (!$mysql)
10. {
11. die('Connection failed ' . mysql_error()); }
12.  
13.  
14. //logging in
15. session_start();
16.  
17. $in = ($_SESSION['logged_in'] == 'Yes');
18. $admin = ($_SESSION['access'] > 1);
19.  
20. //loging out
21. if ($_GET['action'] == logout){
22. $in = false;
23. $admin = false;
24. }
25.  
26. if (!$in) {
27. //are you logging in?
28. if ($_POST) {
29. $u = mysql_escape_string($_POST['username']);
30. $p = md5($_POST['password']);
31. if (!empty($u) && !empty($p)) {
32. $valid_users = mysql_query("SELECT * FROM users WHERE username='$u' AND password='$p'");
33. if (mysql_num_rows($valid_users) > 0) {
34. //login
35. $users = mysql_fetch_array($valid_users);
36. $_SESSION['logged_in'] = 'Yes';
37. $_SESSION['username'] = $users['username'];
38. $_SESSION['id'] = $users['id'];
39. $_SESSION['email'] = $users['email'];
40. $in = true;
41. $admin = ($_SESSION['access'] > 1);
42. }
43. }
44. }
45. }
46.  
47. $changepw = false;
48.  
49. if($_GET['action'] == "changepassword")
50. {$changepw = true;}
51.  
52. //changing pw?
53. if ($_POST) {
54. $newpw = mysql_escape_string($_POST['newpw']);
55. $newpw2 = mysql_escape_string($_POST['newpw2']);
56. }
57. //do the pws match?
58. if (!empty($newpw) && !empty($newpw2)) {
59. if ($newpw == $newpw2) {
60. mysql_query("UPDATE users SET password = MD5('$newpw') WHERE id = $_SESSION[id]") or die('shit, no pw change.');
61. $pwchanged = "yes";}
62. else { $pwchanged = "no"; }
63. }
64.  
65.  
66. ?>
67. <a href="?page=info">info</a><br>
68. <a href="?page=contact">contact</a><br>
69. <?php if($in) { ?>
70. <a href="?action=changepassword">change password</a><br>
71. <?php } ?>
72.  
73. <?php
74.  
75. if ($_GET["page"] == "info")
76. { echo "this is the info page"; }
77.  
78. if ($_GET["page"] == "contact")
79. { echo "this is the contact page"; }
80. if ($_GET["action"] == "changepassword")
81. {echo "change your password"; }
82.  
83. $emp = array("paul","rubin");
84.  
85. if ($_GET["page"] == "hostgator")
86. { echo $emp[0] . " and " . $emp[1] . " . "; }
87. ?>
88. <br>
89. <br>
90. <?php
91. mysql_select_db($dbname) or die('db does not exist');
92.  
93. $query = "SELECT * FROM users";
94.  
95. $result = mysql_query($query) or die('line 47');
96.  
97. while($row = mysql_fetch_array($result)){
98.  
99.  
100. echo $row['username'] . " - " . $row['email'];
101. echo "<br />";
102. }
103.  
104. $admin = $row['access'] > 1;
105.  
106. if ($admin) {
107. echo $row['username'] . " has exceptional access. ";
108. }
109. ?>
110. <br><br>
111. <?php
112. if (!$in) { ?>
113. <form method="post" action="<?php echo $PHP_SELF; ?>">
114. <input type="text" name="username" value="username" onfocus="this.value=''"> &nbsp;
115. <input type="password" name="password"> &nbsp;
116. <input type="submit" value="Login">
117. </form>
118. <?php } ?>
119. <?php
120. if ($in) { ?>
121. you are now logged in as <?php echo $_SESSION['username']; ?> <br>
122. <a href="?action=logout">logout</a>
123. <br><br>
124.  
125. <?php
126. if($changepw)
127. { ?>
128.  
129. <form method="post" action="<?php echo $PHP_SELF; ?>">
130. <input type="password" name="newpw"> &nbsp;
131. <input type="password" name="newpw2"> &nbsp;
132. <input type="submit" value="change">
133. <?php }} ?>
134. <br>
135. <?php
136. if ($pwchanged == "yes") { echo "your password has been changed"; }
137. elseif ($pwchanged == "no") { echo "your password has not been changed"; }
138.  
139. ?>
140.  
141.  
142.  
143.  
144.  
145.  
146. <?php if (!$in) session_destroy(); ?>