API tools faq
paste
Guest User

Untitled

a guest
Nov 24th, 2017
84
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 3.33 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. //signin.php
  3. include 'connect.php';
  4. include 'header.php';
  5.  
  6. echo '<h3>Sign in</h3><br />';
  7.  
  8. //first, check if the user is already signed in. If that is the case, there is no need to display this page
  9. if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true)
  10. {
  11.     echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.';
  12. }
  13. else
  14. {
  15.     if($_SERVER['REQUEST_METHOD'] != 'POST')
  16.     {
  17.         /*the form hasn't been posted yet, display it
  18.           note that the action="" will cause the form to post to the same page it is on */
  19.         echo '<form method="post" action="">
  20.             Username: <input type="text" name="username" /><br />
  21.             Password: <input type="password" name="password"><br />
  22.             <input type="submit" value="Sign in" />
  23.          </form>';
  24.     }
  25.     else
  26.     {
  27.         /* so, the form has been posted, we'll process the data in three steps:
  28.             1.  Check the data
  29.             2.  Let the user refill the wrong fields (if necessary)
  30.             3.  Varify if the data is correct and return the correct response
  31.         */
  32.         $errors = array(); /* declare the array for later use */
  33.        
  34.         if(!isset($_POST['username']))
  35.         {
  36.             $errors[] = 'The username field must not be empty.';
  37.         }
  38.        
  39.         if(!isset($_POST['password']))
  40.         {
  41.             $errors[] = 'The password field must not be empty.';
  42.         }
  43.        
  44.         if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
  45.         {
  46.             echo 'Uh-oh.. a couple of fields are not filled in correctly..<br /><br />';
  47.             echo '<ul>';
  48.             foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
  49.             {
  50.                 echo '<li>' . $value . '</li>'; /* this generates a nice error list */
  51.             }
  52.             echo '</ul>';
  53.         }
  54.         else
  55.         {
  56.             //the form has been posted without errors, so save it
  57.             //notice the use of mysql_real_escape_string, keep everything safe!
  58.             //also notice the sha1 function which hashes the password
  59.             $sql = "SELECT
  60.                         id,
  61.                         username,
  62.                         user_level
  63.                     FROM
  64.                         users
  65.                     WHERE
  66.                         username = '" . mysql_real_escape_string($_POST['username']) . "'
  67.                     AND
  68.                         password = '" . sha1($_POST['password']) . "'";
  69.                        
  70.             $result = mysql_query($sql);
  71.             if(!$result)
  72.             {
  73.                 //something went wrong, display the error
  74.                 echo 'Something went wrong while signing in. Please try again later.';
  75.                 //echo mysql_error(); //debugging purposes, uncomment when needed
  76.             }
  77.             else
  78.             {
  79.                 //the query was successfully executed, there are 2 possibilities
  80.                 //1. the query returned data, the user can be signed in
  81.                 //2. the query returned an empty result set, the credentials were wrong
  82.                 if(mysql_num_rows($result) == 0)
  83.                 {
  84.                     echo 'You have supplied a wrong user/password combination. Please try again.';
  85.                 }
  86.                 else
  87.                 {
  88.                     //set the $_SESSION['signed_in'] variable to TRUE
  89.                     $_SESSION['signed_in'] = true;
  90.                    
  91.                     //we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
  92.                     while($row = mysql_fetch_assoc($result))
  93.                     {
  94.                         $_SESSION['id']     = $row['id'];
  95.                         $_SESSION['username']   = $row['username'];
  96.                         $_SESSION['user_level'] = $row['user_level'];
  97.                     }
  98.                    
  99.                     echo 'Welcome, ' . $_SESSION['username'] . '. <br /><a href="index.php">Proceed to the forum overview</a>.';
  100.                 }
  101.             }
  102.         }
  103.     }
  104. }
  105.  
  106. include 'footer.php';
  107. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!