whiteboikyle Posted June 6, 2008 Share Posted June 6, 2008 login.php <?php session_start(); if(session_is_registered(error)) { echo ($_SESSION['error']); session_unregister(error); session_destroy(); } ?> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form name="form1" method="post" action="process.php"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="0" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Member Login </strong></td> </tr> <tr> <td width="68"><div align="right">Username</div></td> <td width="3">:</td> <td width="205"><input name="myusername" type="text" id="myusername"></td> </tr> <tr> <td><div align="right">Password</div></td> <td>:</td> <td><input name="mypassword" type="password" id="mypassword"></td> </tr> <tr> <td><input name="login" type="hidden" value="1"></td> <td> </td> <td><input type="submit" name="Submit" value="Login"></td> </tr> <tr> <td colspan="3"><div align="center"><a href="register.php">Register Account? </a></div></td> </tr> </table> </td> </form> </tr> </table> register.php <?php session_start(); if(session_is_registered(welcome)) { echo($_SESSION['welcome']); session_unregister(welcome); session_destroy(); } else { ?> <table width="325" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form name="form2" method="post" action="process.php"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="0" bgcolor="#FFFFFF"> <tr> <td colspan="4"><strong>Member Register</strong></td> </tr> <tr> <td width="61" height="28"><div align="right">Username</div></td> <td width="3">:</td> <td width="144"><input name="myusername" type="text" id="myusername"></td> <td width="91"> <?php if(session_is_registered(username_taken)) { echo ($_SESSION['username_taken']); session_unregister(username_taken); session_destroy(); } ?></td> </tr> <tr> <td><div align="right">Password</div></td> <td>:</td> <td><input name="mypassword" type="password" id="mypassword"></td> <td rowspan="2"> <?php if(session_is_registered(password_same)) { echo ($_SESSION['password_same']); session_unregister(password_same); session_destroy(); } elseif(session_is_registered(password_less_then_5)) { echo ($_SESSION['password_less_then_5']); session_unregister(password_less_then_5); session_destroy(); } ?></td> </tr> <tr> <td><div align="right">Password</div></td> <td>:</td> <td><input name="mypassword2" type="password" id="mypassword2"></td> </tr> <tr> <td><div align="right">Email</div></td> <td>:</td> <td><input name="email" type="text" id="email"></td> <td> <font color="#FF0000" size="2">Optional</font> </td> </tr> <tr> <td><input name="register" type="hidden" value="1"></td> <td> </td> <td colspan="2"><input type="submit" name="Submit" value="Login"></td> </tr> </table> </td> </form> </tr> </table> <?php } ?> process.php <?php include("config.php"); class Process { function Process($connection){ if(isset($_POST['login'])){ $this->login(); } elseif(isset($_POST['register'])){ $this->register(); } else{ header("Location: login.php"); } } //Member Login function login(){ global $config; ob_start(); // Define $myusername and $mypassword $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $encrypt_password = md5($mypassword); $query = $config->query("SELECT * FROM members WHERE username='".$myusername."' and password='".$encrypt_password."'"); // Mysql_num_row is counting table row $count=mysql_num_rows($query); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:main.php"); } else { session_register(error); $_SESSION['error'] = "<center><font color='red' size='4'>Wrong Username or Password</font></center>"; header("location:login.php"); } ob_end_flush(); } //Register_Submit function register(){ global $config; //Defines All The Users Inputs $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; $mypassword2=$_POST['mypassword2']; $email=$_POST['email']; $passwordcount=$_POST['mypassword']; //Stop SQL Injection $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $mypassword2 = stripslashes($mypassword2); $email = stripslashes($email); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $mypassword2 = mysql_real_escape_string($mypassword2); $email = mysql_real_escape_string($email); //encrypt password variable $encrypt_password = md5($mypassword); $query = $config->query("SELECT * FROM members WHERE username='".$myusername."'"); // Mysql_num_row is counting table row $count=mysql_num_rows($query); // If result matches $myusername then username is taken if($count===1){ // Send error back to the register page if count = 1 session_register(username_taken); $_SESSION['username_taken'] = "<center><font color='red' size='1'>The Username You Chose Is Already In Use</font></center>"; header("location:register.php"); } elseif($mypassword != $mypassword2) { session_register(password_same); $_SESSION['password_same'] = "<center><font color='red' size='1'>Passwords Dont Match</font></center>"; header("location:register.php"); } elseif(strlen($mypassword) < "5") { session_register(password_less_then_5); $_SESSION['password_less_then_5'] = "<center><font color='red' size='1'>Password Must be Greater then 4 Charcters</font></center>"; header("location:register.php"); } else { $query = $config->query("INSERT INTO members (id, username, password, email) VALUES (NULL, '$myusername', '$encrypt_password', '$email')"); session_register(welcome_screen); $_SESSION['welcome'] = "Welcome, You are now a member of Corpal Uploads.<br> Reccommend us to your friends.<br> We are a free Upload site and WILL STAY FREE!<br> Thanks,<br> Whitey.<br> <a href='login.php'>Continue</a>"; header("location: register.php"); } } }; $process = new Process($connection); ?> logout.php <? session_start(); session_destroy(); session_unregister(myusername); echo("<center><font size='4'>You are now logged out</font>"); echo("<br><a href='login.php'>Now redirecting you to home page or click here if you do not wish to wait.</a></center>"); echo("<META HTTP-EQUIV='refresh' CONTENT='5;login.php'>"); ?> give me all suggestions i need. Its just going to be used for an upload script Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted June 6, 2008 Share Posted June 6, 2008 You should do quite fine. There is no reason why you would store the password in the sessions... What are you going to use that for? Also, the lines like this: session_unregister(error); and similar won't work. It has to be session_unregister('error'); but that's useless when you after that call session_destroy() which will unregister all sessions. Quote Link to comment Share on other sites More sharing options...
runnerjp Posted June 6, 2008 Share Posted June 6, 2008 U should NEVER store passwords as sessions as you should NEVER have to call it in your website again as this just leads to problems... Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted June 6, 2008 Share Posted June 6, 2008 Great job repeating me... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.