Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $host = "localhost";
- $dbname = "sisfo_php";
- $dbuser = "sisfo_sisfo";
- $dbpass = "49473";
- $mysql = mysql_connect($host,$dbuser,$dbpass);
- mysql_select_db($dbname) or die('db does not exist');
- if (!$mysql)
- {
- die('Connection failed ' . mysql_error()); }
- //logging in
- session_start();
- $in = ($_SESSION['logged_in'] == 'Yes');
- $admin = ($_SESSION['access'] > 1);
- //loging out
- if ($_GET['action'] == logout){
- $in = false;
- $admin = false;
- }
- if (!$in) {
- //are you logging in?
- if ($_POST) {
- $u = mysql_escape_string($_POST['username']);
- $p = md5($_POST['password']);
- if (!empty($u) && !empty($p)) {
- $valid_users = mysql_query("SELECT * FROM users WHERE username='$u' AND password='$p'");
- if (mysql_num_rows($valid_users) > 0) {
- //login
- $users = mysql_fetch_array($valid_users);
- $_SESSION['logged_in'] = 'Yes';
- $_SESSION['username'] = $users['username'];
- $_SESSION['id'] = $users['id'];
- $_SESSION['email'] = $users['email'];
- $in = true;
- $admin = ($_SESSION['access'] > 1);
- }
- }
- }
- }
- $changepw = false;
- if($_GET['action'] == "changepassword")
- {$changepw = true;}
- //changing pw?
- if ($_POST) {
- $newpw = mysql_escape_string($_POST['newpw']);
- $newpw2 = mysql_escape_string($_POST['newpw2']);
- }
- //do the pws match?
- if (!empty($newpw) && !empty($newpw2)) {
- if ($newpw == $newpw2) {
- mysql_query("UPDATE users SET password = MD5('$newpw') WHERE id = $_SESSION[id]") or die('shit, no pw change.');
- $pwchanged = "yes";}
- else { $pwchanged = "no"; }
- }
- ?>
- <a href="?page=info">info</a><br>
- <a href="?page=contact">contact</a><br>
- <?php if($in) { ?>
- <a href="?action=changepassword">change password</a><br>
- <?php } ?>
- <?php
- if ($_GET["page"] == "info")
- { echo "this is the info page"; }
- if ($_GET["page"] == "contact")
- { echo "this is the contact page"; }
- if ($_GET["action"] == "changepassword")
- {echo "change your password"; }
- $emp = array("paul","rubin");
- if ($_GET["page"] == "hostgator")
- { echo $emp[0] . " and " . $emp[1] . " . "; }
- ?>
- <br>
- <br>
- <?php
- mysql_select_db($dbname) or die('db does not exist');
- $query = "SELECT * FROM users";
- $result = mysql_query($query) or die('line 47');
- while($row = mysql_fetch_array($result)){
- echo $row['username'] . " - " . $row['email'];
- echo "<br />";
- }
- $admin = $row['access'] > 1;
- if ($admin) {
- echo $row['username'] . " has exceptional access. ";
- }
- ?>
- <br><br>
- <?php
- if (!$in) { ?>
- <form method="post" action="<?php echo $PHP_SELF; ?>">
- <input type="text" name="username" value="username" onfocus="this.value=''">
- <input type="password" name="password">
- <input type="submit" value="Login">
- </form>
- <?php } ?>
- <?php
- if ($in) { ?>
- you are now logged in as <?php echo $_SESSION['username']; ?> <br>
- <a href="?action=logout">logout</a>
- <br><br>
- <?php
- if($changepw)
- { ?>
- <form method="post" action="<?php echo $PHP_SELF; ?>">
- <input type="password" name="newpw">
- <input type="password" name="newpw2">
- <input type="submit" value="change">
- <?php }} ?>
- <br>
- <?php
- if ($pwchanged == "yes") { echo "your password has been changed"; }
- elseif ($pwchanged == "no") { echo "your password has not been changed"; }
- ?>
- <?php if (!$in) session_destroy(); ?>
Add Comment
Please, Sign In to add comment