0
login.php
<?php
session_start();
require('dbconnect.php');
include('check.php');
if(isset($_POST['login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$password = md5($password);
$search = mysql_query("SELECT * FROM `users` WHERE username='$username' AND password='$password'") or die(mysql_error());
$sql = mysql_num_rows($search);
if($sql > 0) {
$_SESSION['auth'] = TRUE;
setcookie("user", $username, time()+60*60*24*7);
setcookie("pass", $password, time()+60*60*24*7);
echo "Welcome back, $username. <a href='./?id=editprofile'>User CP</a> - <a href='./?id=logout'>Logout</a>.";
}
else {
echo("Sorry, you are unable to login because you have got your username/password wrong. Please check spelling & try again.");
}
}
elseif(isset($_SESSION['auth']) && isset($_COOKIE['user']) && isset($_COOKIE['pass'])) {
echo "Welcome back, ".$_COOKIE['user'].". <a href='./?id=editprofile'>User CP</a> - <a href='./?id=logout'>Logout</a>.";
}
else {
?>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
Username: <input name="username" type="text" id="username">
Password:<input name="password" type="password" id="password"> <input name="login" type="submit" id="login" value="Login">
</form>
<?php
}
?>
logout.php
<?php
include('check.php');
if(isset($_GET['logout'])) {
session_destroy();
echo "You have succesfully logged out! Click <a href='./'>here</a> to proceed!";
}
?>
check.php
<?php
require('dbconnect.php');
if(!$_SESSION['auth']) {
if(isset($_COOKIE['user'])&&isset($_COOKIE['pass'])) {
$user = $_COOKIE['user'];
$pass = $_COOKIE['pass'];
$query = mysql_query("SELECT 'id' FROM `users` WHERE username='$user' AND password='$pass'") or die(mysql_error());
if(mysql_num_rows($query) > 0) {
$_SESSION['auth'] = TRUE;
$_COOKIE['user'] = $user;
}
else {
$_COOKIE['user'] = "Guest";
}
}
}
?>
Anyone have any ideas?
Edited by Matt L, 23 August 2007 - 02:23 AM.
