API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 27th, 2017
294
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 5.61 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. require_once("inc/session.php");
  3. require_once("inc/connect_db.php");
  4. require_once("inc/functions.php");
  5. // after login is successful, three session variables are created:
  6. // $_SESSION['username'] is the username of the person logged in
  7. // $_SESSION['user_id'] is the id of the person logged in
  8. // $_SESSION['admin'] is created to distinguish the admin role (1) from the user role (0)
  9. ?>
  10.  
  11. <?php
  12.  
  13. if (logged_in()) {
  14.     redirect_to("main.php");
  15. }
  16.  
  17. include_once("inc/form_functions.php");
  18.  
  19. // start form processing
  20. if (isset($_POST['submit'])) {
  21.     $errors = array();
  22.    
  23.     //perform validations on the form data
  24.     $required_fields = array('username', 'password');
  25.     $errors = array_merge($errors, check_required_fields($required_fields, $_POST));
  26.  
  27.     $fields_with_lengths = array('username' => 30, 'password' => 20);
  28.     $errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
  29.  
  30.     $username = trim(mysql_prep($_POST['username']));
  31.     $name_parts = explode(" ", $username);
  32.     $first_name = $name_parts[0];
  33.     $last_name = $name_parts[1];
  34.     $password = md5(trim(mysql_prep($_POST['password'])));
  35.    
  36.     if (empty($errors)){
  37.         // check database to see if username and the password exist there.
  38.         $query = "SELECT id, first_name, last_name, password, role
  39.         FROM users
  40.         WHERE first_name = '$first_name'
  41.         AND last_name = '$last_name'
  42.         AND password = '$password'
  43.         LIMIT 1 ";
  44.         $result = mysql_query($query, $mysql_link);
  45.        
  46.         confirm_query($result);
  47.        
  48.         if (mysql_num_rows($result) == 1) {
  49.             // username/password authenticated
  50.             // and only 1 match
  51.             $found_user = mysql_fetch_array($result);
  52.             $_SESSION['user_id'] = $found_user['id'];
  53.             $_SESSION['username'] = $found_user['first_name'] . " " . $found_user['last_name'];
  54.             if ($found_user['role'] == "admin") {
  55.                 $_SESSION['admin'] = 1;
  56.             } else {
  57.                 $_SESSION['admin'] = 0;
  58.             }          
  59.             redirect_to("main.php");
  60.         } else {
  61.             // username/password combo was not found in the database
  62.             $msg = "<p class=\"errors\">Username/password combination is incorrect.<br />
  63.             Please make sure your caps lock key is off and try again.</p>";
  64.         }
  65.     } else {
  66.         if (count($errors) == 1) {
  67.             $msg = "There was 1 error in the form.";
  68.         } else {
  69.             $msg = "There were " . count($errors) . " errors in the form.";
  70.         }
  71.     }
  72.    
  73. } else { // Form has not been submitted
  74.  
  75.     if (isset($_GET['logout']) && $_GET['logout'] == 1) {
  76.         $msg = "You are now logged out.";
  77.     }
  78.     $username = " ";
  79.     $password = " ";   
  80. }  
  81. ?>
  82.  
  83. <?php
  84. include_once("inc/header.php");
  85. ?>
  86. <div id="toDo" style="width: 410px; float:right; border: 1px solid #ddd7dd; padding: 10px; margin-top: 30px;">
  87.     <h4>For Testing:</h4>
  88.         <p>Use the following member information for testing purposes:</p>
  89.         <p>Member: Sam White &nbsp;&nbsp;&nbsp;password: samwhite</p>
  90.         <p>Admin: John Doe &nbsp;&nbsp;&nbsp;password: johndoe</p>
  91.         <p>Admin is by default the chairperson of the board of deacons, and as such has special editing privileges (within reason) in this forum.</p>
  92. </div>
  93.  
  94. <h2>Member Login</h2>
  95. <?php
  96.     if (!empty($msg)) {
  97.         print("<p class=\"message\">" . $msg . "</p>");
  98.     }
  99.  
  100. ?>
  101. <?php
  102.     if (!empty($errors)) {
  103.         display_errors($errors);
  104.     }
  105. ?>
  106. <p>Please enter your first and last name, and password to log in:</p>
  107. <form name="login" action="index.php" method="post" id="loginForm">
  108.     <table>
  109.         <tr>
  110.             <td class="label">Username:</td>
  111.             <td><input type="text" name="username" id="username" class="textbox" /><td>
  112.         </tr>
  113.         <tr>
  114.             <td class="label">Password:</td>
  115.             <td><input type="password" name="password" id="password" class="textbox" />
  116.             <br /><a href="new_password.php" style="margin-left: 70px;font-size: 0.8em;">Forgot your password?</a></td>
  117.         </tr>  
  118.         <tr>
  119.             <td class="label">&nbsp;</td>
  120.             <td><input type="submit" name="submit" id="submit" class="button" value="Login" /></td>
  121.         </tr>  
  122.     </table>
  123. </form>
  124. <div class="clear"></div>
  125. <hr />
  126. <h4 style="margin-top: 20px;">Features still to be added:</h4>
  127.         <p style="font-weight: bold;">Login Functions</p>
  128.         <ol style="margin-left: 25px;">
  129.            
  130.         </ol>
  131.         <p style="font-weight: bold;">Members Information</p>
  132.         <ol style="margin-left: 25px;">
  133.             <li>If admin deletes a member, the member must still remain in the database because there may be posts that are referenced by this member's id,
  134.             if he/she has taken part in any of the discussions. The answer would be to make this member's role 'inactive', and then display that status when any of his/her
  135.             posts are shown.</li>
  136.         </ol>
  137.         <p style="font-weight: bold;">Threads</p>
  138.         <ol style="margin-left: 25px;">
  139.             <li>Admin has the privilege of closing a thread so it cannot be added to. It will have a note: thread closed displayed beside the title, but will
  140.             remain in the active list until the 3 month time period is up.</li>
  141.             <li>Admin has the privilege of archiving a thread before the 3 month time period is up. He/she also has the privilege of un-archiving, and reopening a
  142.             thread if there is a good reason for it.</li>
  143.             <li>Admin has the privilege of editing a thread so that it is not displayed - either in the active or the archived sections. He/she will not be able to delete the thread
  144.             altogether. If he/she thinks it is really important to remove the thread from the database, it must be done directly on the database through the web person.</li>
  145.         </ol>
  146.         <p style="font-weight: bold;">Things to Fix</p>
  147.         <ol style="margin-left: 25px;">
  148.             <li>"Reset Password" function is done, the email is getting to its destination and the database is updated, but the new password does not work in the login page.</li>
  149.         </ol>
  150. <?php
  151. include_once("inc/footer.php");
  152. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!