Thread: Dumb question: making a login box
View Single Post
Old 02-26-2005, 07:07 PM  
calmlikeabomb
Confirmed User
 
calmlikeabomb's Avatar
 
Join Date: May 2004
Location: SW Palm Bay, Florida
Posts: 1,323
Use php and sql
Your login form:
Code:
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method=p.ost>

Username: <input type="text" name="username" maxlength="20" />
Password:<input type="password" name="password" maxlength="20" />
<input type="submit" name="submit" value="Login">

</form>
If this form is submitted check for user in database set cookies and redirect.
Code:
<?php

// Create a function for escaping the data.
	function escape_data ($data) {
		global $dbc; // Need the connection.
		if (ini_get('magic_quotes_gpc')) {
			$data = stripslashes($data);
		}
		return mysql_real_escape_string($data, $dbc);
} // End of function.

if (isset($_POST['submit'])) { // Check if the form has been submitted.

	require_once ('../mysql_connect.php'); // Connect to the database.
	
	if (empty($_POST['username'])) { // Validate the username.
		$u = FALSE;
		echo '<p><font color="red" >You forgot to enter your username!</font></p>';
	} else {
		$u = escape_data($_POST['username']);
	}
	
	if (empty($_POST['password'])) { // Validate the password.
		$p = FALSE;
		echo '<p><font color="red" >You forgot to enter your password!</font></p>';
	} else {
		$p = escape_data($_POST['password']);
	}
	
	if ($u && $p) { // If everything's OK.
	
		// Query the database.
		$query = "SELECT customer_id, firstname FROM customers WHERE username='$u' AND password=PASSWORD('$p')";		
		$result = @mysql_query ($query);
		$row = mysql_fetch_array ($result, MYSQL_NUM); 
		
		if ($row) { // A match was made.
				
				// Start the session, register the values & redirect.
				setcookie ('user_id', $row[0], time()+2419200, '/', '', 0);
				header ("Location:  http://www.domain.com/index.php");
				ob_end_flush(); // Delete the buffer.
				exit();
				
		} else { // No match was made.
			echo '<p><font color="red" >The username and password entered do not match those on file.</font></p>'; 
		}
		
		mysql_close(); // Close the database connection.
		
	} else { // If everything wasn't OK.
		echo '<p><font color="red" >Please try again.</font></p>';		
	}
	
} // End of SUBMIT conditional.
Protect pages with something like this:
Code:
<?php
if (!isset($_COOKIE['user_id'])) {
	header ("Location:  http://www.domain.com/login.php");
	}
?>
You'll also need a form to register your users to the database.


Dumbass
__________________
subarus.
calmlikeabomb is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote