Login.php - Login Page
<?php # login.php
if (isset($_POST['submit'])) {
require_once ('login_connect.php');
function escape_data ($data) {
global $dbc;
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
}
return mysql_real_escape_string($data, $dbc);
}
$message = NULL;
if (empty($_POST['username'])) {
$u = FALSE;
$message .= '<p>You forgot to enter your username!</p>';
} else {
$u = escape_data($_POST['username']);
}
if (empty($_POST['password'])) {
$p = FALSE;
$message .= '<p>You forgot to enter your password!</p>';
} else {
$p = escape_data($_POST['password']);
}
if ($u && $p) { // If everything's OK.
$query = "SELECT username
FROM users
WHERE username='$u'
AND password='$p'";
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM);
if ($row) {
// Start the session, register the values & redirect.
session_name ('YourVisitID');
session_start();
$_SESSION['password'] = $p;
$_SESSION['user_id'] = $u;
header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/loggedin.php");
exit();
} else {
$message = '<p>The username and password entered do not match those on file.</p>';
}
mysql_close();
} else {
$message .= '<p>Please try again.</p>';
}
};
$page_title = 'Login';
include ('templates/header.inc');
if (isset($message)) {
echo '<font color="red">', $message, '</font>';
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset><legend>Enter your information in the form below:</legend>
<p><b>Username:</b> <input type="text" name="username" size="20" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></p>
<p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>
<div align="center"><input type="submit" name="submit" value="Login" /></div>
</fieldset>
</form><!-- End of Form -->
<small><center>*please note usernames and passwords are case sensitive*</center></small>
<?php
include ('templates/footer.inc');
?>
Loggedin.php - Displayed when successfully logged in
<?php #loggedin.php
session_name ('YourVisitID');
session_start(); // Start the session.
//If no session is present, redirect the user.
if (!isset($_SESSION['user_id'])) {
header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php");
exit(); // Quit the script.
}
// Set the page title and include the HTML header.
$page_title = 'Logged In!';
include ('templates/header.inc');
// Print a customized message.
echo "<p>You are now logged in, {$_SESSION['user_id']}!</p>";
include ('templates/footer.inc'); // Include the HTML footer.
?>