Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- /**
- * Process.php
- */
- include("database.php");
- /**
- * POST variables from form - need to be sanitized.
- */
- $subuser = $_POST["username"];
- $subfirst = $_POST["firstname"];
- $subsurname = $_POST["surname"];
- $subpassword = $_POST["password"];
- $sublogin = $_POST["sublogin"];
- /**
- * Check username function.
- */
- function usernameTaken($username) && passwordTaken($password){
- $q = "SELECT username && password FROM ".TBL_USERS." WHERE username = '$username' && password = '$password'";
- $result = mysql_query($q);
- return (mysql_num_rows($result) > 0);
- }
- /**
- * Check password function.
- */
- function confirmUserPass($username, $password){
- /* Verify that user is in database */
- $q = "SELECT password FROM ".TBL_USERS." WHERE username = '$username'";
- $result = mysql_query($q);
- if(!$result || (mysql_numrows($result) < 1)){
- return 1; //Indicates username failure
- }
- /* Retrieve password from result, strip slashes */
- $dbarray = mysql_fetch_array($result);
- $password = $dbarray['password'];
- /* Validate that password is correct */
- if($password == $dbarray['password']){
- return 0; //Success! Username and password confirmed
- }
- else{
- return 2; //Indicates password failure
- }
- }
- /**
- * REGISTER - Username not in use
- */
- if (usernameTaken($subuser) && passwordTaken($subpassword)) == 0 ) {
- $q = mysql_query ("INSERT INTO information (username, firstname, surname, password) VALUES ('$subuser', '$subfirst', '$subsurname', '$subpassword')"); echo mysql_error();
- $success = 1;
- if ($success == 1) { echo "User ".$subuser." And "$subpassword" Added"; }
- }
- /**
- * REGISTER - Username in use
- */
- else if (usernameTaken($subuser) && passwordTaken($subpassword)) > 0 ) {
- echo "User ".$subuser." already exists, choose another username";
- header('Refresh:3; URL= informationform.php');
- }
- /**
- * LOGIN - this is not secure
- */
- if ($sublogin == 1) {
- $result = confirmUserPass($subuser, $subpassword);
- /* Check error codes */
- if($result == 1){
- // username not found
- echo "Username Not Found";
- header('Refresh:3; URL= loginform.php');
- }
- else if($result == 2){
- // password incorrect
- echo "Password Incorrect";
- header('Refresh:3; URL= loginform.php');
- }
- else if($result == 0){
- // password and user correct, forward to members page
- echo "Logged In";
- header('Refresh:3; URL= member_area.php');
- }
- }
- ?>
- <a href="display_users.php">Show Users</a><br / >
- <a href="informationform.php">Add a new user</a>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement