<?php include("config.php"); $logged_in = FALSE; if(isset($_COOKIE['

1. <?php
2.     include("config.php");
3.    
4.     $logged_in = FALSE;
5.    
6.     if(isset($_COOKIE['beautiful_cookie'])) {
7.         $cookie = $mysqli->real_escape_string($_COOKIE['beautiful_cookie']);
8.         $check_token = $mysqli->query("SELECT * FROM sessions WHERE token = '{$cookie}'");
9.         if($check_token->num_rows > 0) {
10.             echo "Welcome, you are logged in!";
11.             $logged_in = TRUE;
12.         }
13.     }
14.    
15.     if(isset($_POST['logout'])) {
16.         setcookie("beautiful_cookie", "", time()-60, "/");
17.         echo "<p>You've been logged out!</p>";
18.     }
19.    
20.     if(isset($_POST['submit']) && isset($_POST['username']) && isset($_POST['password'])) {
21.         $username = $mysqli->real_escape_string($_POST['username']) ;
22.         $password = $mysqli->real_escape_string($_POST['password']) ;
23.        
24.         $check_login = $mysqli->query("SELECT * FROM users WHERE username = '{$username}' AND password = '{$password}'");
25.        
26.         if($check_login->num_rows > 0) {
27.             echo "You've been logged in.";
28.             $hash = sha1($username.rand(1,5));
29.             setcookie("beautiful_cookie", $hash, time()+3600, "/");
30.            
31.             $check_cookie = $mysqli->query("SELECT * FROM sessions WHERE username = '{$username}'");
32.             if ($check_cookie->num_rows > 0) {
33.                 $update_cookie = $mysqli->query("UPDATE sessions SET username = '{$username}', token = '{$hash}', date = NOW() WHERE username = '{$username}'");
34.             } else {
35.                 $insert_cookie = $mysqli->query("INSERT INTO sessions (username, token, date) VALUES ('{$username}', '{$hash}', NOW())");
36.             }
37.            
38.         } else {
39.             echo "Incorrect username or password!";
40.         }
41.     }
42.    
43.     $mysqli->close();
44.    
45.  
46.     if($logged_in == FALSE) {
47.         echo '
48.         <form method="POST">
49.             <input type="text" name="username">
50.             <input type="password" name="password">
51.             <input type="submit" name="submit" value="Login">
52.         </form>';
53.     } else {
54.         echo '
55.         <form method="POST">
56.             <input type="submit" name="logout" value="Logout">
57.         </form>
58.         ';
59.     }
60. ?>