<?//allow sessions to be passed so we can see if the user is logged insessio

1. <?
2. //allow sessions to be passed so we can see if the user is logged in
3. session_start();
4. ob_start();
5.  
6. //connect to the database so we can check, edit, or insert data to our users table
7. include_once '../../config.php';
8. include '../../functions.php';
9. ?>
10.  
11. <?
12.  
13. //If the user has submitted the form
14. if($_POST['submit']){
15. //protect the posted value then store them to variables
16. $username = protect($_POST['username']);
17. $password = protect($_POST['password']);
18.  
19. //Check if the username or password boxes were not filled in
20. if(!$username || !$password){
21. //if not display an error message
22. echo "<center>You need to fill in a <b>Username</b> and a <b>Password</b>!</center>";
23. }else{
24. //if the were continue checking
25.  
26. //select all rows from the table where the username matches the one entered by the user
27. $res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."'");
28. $num = mysql_num_rows($res);
29.  
30. //check if there was not a match
31. if($num == 0){
32. //if not display an error message
33. echo "<center>The <b>Username</b> you supplied does not exist!</center>";
34. }else{
35. //if there was a match continue checking
36.  
37. //select all rows where the username and password match the ones submitted by the user
38. $res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'");
39. $num = mysql_num_rows($res);
40.  
41. //check if there was not a match
42. if($num == 0){
43. //if not display error message
44. echo "<center>The <b>Password</b> you supplied does not match the one for that username!</center>";
45. }else{
46. //if there was continue checking
47.  
48. //split all fields fom the correct row into an associative array
49. $row = mysql_fetch_assoc($res);
50.  
51. //check to see if the user has not activated their account yet
52. if($row['active'] != 1){
53. //if not display error message
54. echo "<center>You have not yet <b>Activated</b> your account!</center>";
55. }else{
56. //if they have log them in
57.  
58. //set the login session storing there id - we use this to see if they are logged in or not
59. $_SESSION['uid'] = $row['id'];
60. //show message
61. echo "<center>You have successfully logged in!</center>";
62.  
63. //this is out update script which should be used in each page to update the users online time
64. $time = date('U')+50;
65. $update = mysql_query("UPDATE 'users' SET 'online' = '".$time."' WHERE 'id' = '".$_SESSION['uid']."'");
66.  
67. //redirect them to the usersonline page
68. header('Location: ../../index.php');
69. }
70. }
71. }
72. }
73. }
74.  
75. ?>
76. <?
77. ob_end_flush();
78. ?>