Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*SQL*/
- //createSQL.sql
- CREATE TABLE `users` (
- `userID` int(11) NOT NULL auto_increment,
- `userName` varchar(30) collate utf8_unicode_ci NOT NULL default '',
- `userPass` varchar(32) collate utf8_unicode_ci NOT NULL default '',
- `userSession` varchar(32) collate utf8_unicode_ci default NULL,
- `userMail` varchar(150) collate utf8_unicode_ci NOT NULL default '';
- PRIMARY KEY (`userID`),
- UNIQUE KEY `userName` (`userName`),
- UNIQUE KEY `userMail` (`userMail`),
- UNIQUE KEY `userSession` (`userSession`),
- ) ENGINE=MyISAM;
- INSERT INTO users SET userName = 'loginname', userPass = MD5('loginpass'), userMail = 'usermail';
- /*Code*/
- //login.php
- <?php
- session_start();
- include_once('sessionshelpers.inc.php');
- if(isset($_POST['login'])) {
- $userID = check_user($_POST['userName'], $_POST['userPass']);
- if($userID) {
- login($userID);
- } else {
- echo '<p>You\'ve entered wrong login information.</p>';
- }
- }
- if(!logged_in()) {
- //echo <<<END
- <form method="post" action="login.php">
- <label>Username:</label> <input name="userName" type="text"><br/>
- <label>Password:</label> <input name="userPass" type="password" id="userpass"><br/>
- <input name="login" type="submit" id="login" value="Login">
- </form>
- //END;
- } else {
- echo '<p><a href="adminShit.php">Admin Portal</a></p>';
- echo '<p><a href="logout.php">Logout</a></p>';
- }
- ?>
- //adminShit.php
- <?php
- session_start();
- include_once('sessionhelpers.inc.php');
- echo '<p>You\'re ';
- if(!logged_in()) {
- echo 'not ';
- }
- echo 'logged in.<p/>';
- if(!logged_in()) {
- echo '<p><a href="login.php">Login</a></p>';
- }
- if (logged_in()) {
- echo '<p>BLA BLA BLA</p>';
- echo '<p><a href="logout.php">Logout</a></p>';
- }
- ?>
- //logout.php
- <?php
- session_start();
- include_once('sessionhelpers.inc.php');
- echo '<p>You\'re ';
- if(!logged_in()) {
- echo 'not ';
- }
- echo 'logged in.<p/>';
- logout();
- echo '<p>You\'re ';
- if(!logged_in()) {
- echo 'not ';
- }
- echo 'logged in.<p/>';
- echo '<p><a href="login.php">Login</a></p>';
- ?>
- //sessionhelpers.inc.php
- <?php
- function connect() {
- $connection = mysql_connect('host', 'username', 'password') or exit(mysql_error());
- mysql_select_db('database', $connection) or exit(mysql_error());
- }
- function checkUser($userName, $userPass) {
- if(get_magic_quotes_gpc()) {
- $userName = stripslashes($userName);
- $userPass = stripslashes($userPass);
- }
- $userName = mysql_real_escape_string($userName);
- $userName = str_replace('%', '\%', $userName);
- $userName = str_replace('_', '\_', $userName);
- $query = 'SELECT userID FROM users WHERE userName = \'' . $userName . '\' AND userPass = \'' . md5($userPass) . '\'';
- if(!$result = mysql_query($query)) {
- exit(mysql_error());
- }
- if(mysql_num_rows($result) == 1) {
- $user = mysql_fetch_assoc($result);
- return($user['userID']);
- } else {
- return(false);
- }
- }
- function login($userID) {
- $query = 'UPDATE users SET userSession = \'' . session_id() . '\' WHERE userID = ' . ((int)$userID);
- if(!mysql_query($query)) {
- exit(mysql_error());
- }
- }
- function logged_in() {
- $query = 'SELECT userID FROM users WHERE userSession = \'' . session_id() . '\'';
- if(!$result = mysql_query($query)) {
- exit(mysql_error());
- }
- return(mysql_num_rows($result) == 1);
- }
- function logout() {
- $query = 'UPDATE users SET userSession = NULL WHERE userSession = \'' . session_id() . '\'';
- if(mysql_query($query)) {
- exit(mysql_error());
- }
- }
- connect();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement