Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once("inc/session.php");
- require_once("inc/connect_db.php");
- require_once("inc/functions.php");
- // after login is successful, three session variables are created:
- // $_SESSION['username'] is the username of the person logged in
- // $_SESSION['user_id'] is the id of the person logged in
- // $_SESSION['admin'] is created to distinguish the admin role (1) from the user role (0)
- ?>
- <?php
- if (logged_in()) {
- redirect_to("main.php");
- }
- include_once("inc/form_functions.php");
- // start form processing
- if (isset($_POST['submit'])) {
- $errors = array();
- //perform validations on the form data
- $required_fields = array('username', 'password');
- $errors = array_merge($errors, check_required_fields($required_fields, $_POST));
- $fields_with_lengths = array('username' => 30, 'password' => 20);
- $errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
- $username = trim(mysql_prep($_POST['username']));
- $name_parts = explode(" ", $username);
- $first_name = $name_parts[0];
- $last_name = $name_parts[1];
- $password = md5(trim(mysql_prep($_POST['password'])));
- if (empty($errors)){
- // check database to see if username and the password exist there.
- $query = "SELECT id, first_name, last_name, password, role
- FROM users
- WHERE first_name = '$first_name'
- AND last_name = '$last_name'
- AND password = '$password'
- LIMIT 1 ";
- $result = mysql_query($query, $mysql_link);
- confirm_query($result);
- if (mysql_num_rows($result) == 1) {
- // username/password authenticated
- // and only 1 match
- $found_user = mysql_fetch_array($result);
- $_SESSION['user_id'] = $found_user['id'];
- $_SESSION['username'] = $found_user['first_name'] . " " . $found_user['last_name'];
- if ($found_user['role'] == "admin") {
- $_SESSION['admin'] = 1;
- } else {
- $_SESSION['admin'] = 0;
- }
- redirect_to("main.php");
- } else {
- // username/password combo was not found in the database
- $msg = "<p class=\"errors\">Username/password combination is incorrect.<br />
- Please make sure your caps lock key is off and try again.</p>";
- }
- } else {
- if (count($errors) == 1) {
- $msg = "There was 1 error in the form.";
- } else {
- $msg = "There were " . count($errors) . " errors in the form.";
- }
- }
- } else { // Form has not been submitted
- if (isset($_GET['logout']) && $_GET['logout'] == 1) {
- $msg = "You are now logged out.";
- }
- $username = " ";
- $password = " ";
- }
- ?>
- <?php
- include_once("inc/header.php");
- ?>
- <div id="toDo" style="width: 410px; float:right; border: 1px solid #ddd7dd; padding: 10px; margin-top: 30px;">
- <h4>For Testing:</h4>
- <p>Use the following member information for testing purposes:</p>
- <p>Member: Sam White password: samwhite</p>
- <p>Admin: John Doe password: johndoe</p>
- <p>Admin is by default the chairperson of the board of deacons, and as such has special editing privileges (within reason) in this forum.</p>
- </div>
- <h2>Member Login</h2>
- <?php
- if (!empty($msg)) {
- print("<p class=\"message\">" . $msg . "</p>");
- }
- ?>
- <?php
- if (!empty($errors)) {
- display_errors($errors);
- }
- ?>
- <p>Please enter your first and last name, and password to log in:</p>
- <form name="login" action="index.php" method="post" id="loginForm">
- <table>
- <tr>
- <td class="label">Username:</td>
- <td><input type="text" name="username" id="username" class="textbox" /><td>
- </tr>
- <tr>
- <td class="label">Password:</td>
- <td><input type="password" name="password" id="password" class="textbox" />
- <br /><a href="new_password.php" style="margin-left: 70px;font-size: 0.8em;">Forgot your password?</a></td>
- </tr>
- <tr>
- <td class="label"> </td>
- <td><input type="submit" name="submit" id="submit" class="button" value="Login" /></td>
- </tr>
- </table>
- </form>
- <div class="clear"></div>
- <hr />
- <h4 style="margin-top: 20px;">Features still to be added:</h4>
- <p style="font-weight: bold;">Login Functions</p>
- <ol style="margin-left: 25px;">
- </ol>
- <p style="font-weight: bold;">Members Information</p>
- <ol style="margin-left: 25px;">
- <li>If admin deletes a member, the member must still remain in the database because there may be posts that are referenced by this member's id,
- if he/she has taken part in any of the discussions. The answer would be to make this member's role 'inactive', and then display that status when any of his/her
- posts are shown.</li>
- </ol>
- <p style="font-weight: bold;">Threads</p>
- <ol style="margin-left: 25px;">
- <li>Admin has the privilege of closing a thread so it cannot be added to. It will have a note: thread closed displayed beside the title, but will
- remain in the active list until the 3 month time period is up.</li>
- <li>Admin has the privilege of archiving a thread before the 3 month time period is up. He/she also has the privilege of un-archiving, and reopening a
- thread if there is a good reason for it.</li>
- <li>Admin has the privilege of editing a thread so that it is not displayed - either in the active or the archived sections. He/she will not be able to delete the thread
- altogether. If he/she thinks it is really important to remove the thread from the database, it must be done directly on the database through the web person.</li>
- </ol>
- <p style="font-weight: bold;">Things to Fix</p>
- <ol style="margin-left: 25px;">
- <li>"Reset Password" function is done, the email is getting to its destination and the database is updated, but the new password does not work in the login page.</li>
- </ol>
- <?php
- include_once("inc/footer.php");
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement