Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- /**
- * Process.php
- */
- include("database.php");
- /**
- * POST variables from form - need to be sanitized.
- */
- if(isset($_POST["sublogin"] )) {
- $subuser = $_POST["username"];
- $subpassword = $_POST["password"];
- $sublogin = $_POST["sublogin"];
- }
- if(isset($_POST["subregister"] )) {
- $subuser = $_POST["username"];
- $subfirst = $_POST["firstname"];
- $subsurname = $_POST["surname"];
- $subpassword = $_POST["password"];
- $subregister = $_POST["subregister"];
- }
- /**
- * Check username function.
- */
- function usernameTaken($username){
- $q = "SELECT username FROM ".TBL_USERS." WHERE username = '$username'";
- $result = mysql_query($q);
- return (mysql_num_rows($result) > 0);
- }
- /**
- * Check password function.
- */
- function confirmUserPass($username, $password){
- /* Verify that user is in database */
- $q = "SELECT password FROM ".TBL_USERS." WHERE username = '$username'";
- $result = mysql_query($q);
- if(!$result || (mysql_numrows($result) < 1)){
- return 1; //Indicates username failure
- }
- /* Retrieve password from result */
- $dbarray = mysql_fetch_array($result);
- /* Validate that password is correct */
- if($password == $dbarray['password']){
- return 0; //Success! Username and password confirmed
- }
- else{
- return 2; //Indicates password failure
- }
- }
- /**
- * REGISTER - Username not in use
- */
- if (isset ($subregister)) {
- if (usernameTaken($subuser) == 0 ) {
- $q = mysql_query ("INSERT INTO information (username, firstname, surname, password) VALUES ('$subuser', '$subfirst', '$subsurname', '$subpassword')"); echo mysql_error();
- $success = 1;
- if ($success == 1) { echo "User ".$subuser." Added"; }
- }
- /**
- * REGISTER - Username in use
- */
- else if (usernameTaken($subuser)) {
- echo "User ".$subuser." already exists, choose another username";
- header('Refresh:3; URL= informationform.php');
- }
- }
- /**
- * LOGIN - this is not secure
- */
- if ($sublogin == 1) {
- $result = confirmUserPass($subuser, $subpassword);
- //echo $result;
- /* Check error codes */
- if($result == 1){
- /* username not found, create user with password they typed */
- echo "Username Was Not Found, Created New User ".$subuser."";
- $q = mysql_query ("INSERT INTO information (username, password) VALUES ('$subuser', '$subpassword')"); echo mysql_error();
- header('Refresh:7; URL= login.html');
- }
- else if($result == 2){
- /* password incorrect */
- echo "Password Incorrect";
- header('Refresh:3; URL= login.html');
- }
- else if($result == 0){
- //* password and user correct, forward to members page */
- echo "Logged In";
- header('Refresh:3; URL= display_users.php');
- }
- }
- ?>
- <a href="display_users.php">Show Users</a><br / >
- <a href="register.php">Add a new user</a>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement