checking my code

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
salted
Forum Newbie
Posts: 2
Joined: Thu Feb 04, 2010 1:05 pm

checking my code

Post by salted »

i have built a custom cms using code that i learned/copy and pasted from "php and mysql for dynamic websites". i have been using this code for the past 2 years or so and wanted to make sure that everything is still up to par. it all functions fine still on my client's websites, but i just would feel more confident if others could look at it and make sure it looks allright.

Here is the first pageof the cms, which is a login screen:

Code: Select all

<?php # Script 9.15 - login.php (7th version after Scripts 9.1, 9.3, 9.6, 9.10. 9.13 & 9.14)
// Send NOTHING to the Web browser prior to the session_start() line!
 
// Check if the form has been submitted.
if (isset($_POST['submitted'])) {
 
    require_once ('../../mysql_connect.php'); // Connect to the db.
        
    $errors = array(); // Initialize error array.
    
    // Check for a user name.
    if (empty($_POST['username'])) {
        $errors[] = 'You forgot to enter your username.';
    } else {
        $un = escape_data($_POST['username']);
    }
    
    // Check for a password.
    if (empty($_POST['password'])) {
        $errors[] = 'You forgot to enter your password.';
    } else {
        $p = escape_data($_POST['password']);
    }
    
    if (empty($errors)) { // If everything's OK.
 
        /* Retrieve the user_id and first_name for 
        that email/password combination. */
        $query = "SELECT user_id , username FROM users WHERE username='$un' AND password=SHA('$p')";        
        $result = @mysql_query ($query); // Run the query.
        $row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable.
 
        if ($row) { // A record was pulled from the database.
                
            // Set the session data & redirect.
            session_name ('YourVisitID');
            session_start();
            $_SESSION['user_id'] = $row[0];
            $_SESSION['username'] = $row[1];
            $_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);
 
            // Redirect the user to the loggedin.php page.
            // Start defining the URL.
            $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
            // Check for a trailing slash.
            if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
                $url = substr ($url, 0, -1); // Chop off the slash.
            }
            // Add the page.
            $url .= '/loggedin.php';
            
            header("Location: $url");
            exit(); // Quit the script.
                
        } else { // No record matched the query.
            $errors[] = 'The username and password entered do not match those on file.'; // Public message.
            
        }
        
    } // End of if (empty($errors)) IF.
        
    mysql_close(); // Close the database connection.
 
} else { // Form has not been submitted.
 
    $errors = NULL;
 
} // End of the main Submit conditional.
 
// Begin the page now.
$page_title = 'Login';
echo '<style type="text/css" media="all">@import "./includes/layout.css";</style>' ;
 
 
if (!empty($errors)) { // Print any error messages.
    echo '<h1 id="mainhead">Error!</h1>
    <p class="error">The following error(s) occurred:<br />';
    foreach ($errors as $msg) { // Print each error.
        echo " - $msg<br />\n";
    }
echo '</p><p>Please try again.</p>';
}
 
// Create the form.
?>
<div align="center">
    <br>
    <br>
    <br>
    <table width="400" border="0" cellspacing="0" cellpadding="0">
        <tr>
            <td>
                <div align="center">
                    <img src="includes/salted_logo.gif" alt="" height="85" width="200" border="0"></div>
            </td>
        </tr>
        <tr height="25">
            <td height="25">
                <div align="center">
                    </div>
            </td>
        </tr>
        <tr>
            <td>
                <div align="center">
                    <p align="left"></p>
                
                <h2>Login</h2>
                <form action="login.php" method="post">
                    <p>Username: <input type="text" name="username" size="20" maxlength="40" /></p>
                    <p>Password: <input type="password" name="password" size="20" maxlength="20" /></p>
                    <p><input type="submit" name="submit" value="Login" /></p>
                    <input type="hidden" name="submitted" value="TRUE" />
                </form>
                <p>**Don't forget to logout when you are done!**</p>
                <?php
 
?></td>
        </tr>
        <tr>
            <td></td>
        </tr>
    </table>
    <p align="left"></p>
</div>
 
 
Post Reply