Code: Select all
<?php
session_start();
$email = addslashes($_POST['email']); //protect again mysql injection
$_POST['password'] = addslashes($_POST['password']); //same
$_POST['password2'] = addslashes($_POST['password2']); //same again
$checkemail = mysql_query("SELECT 'email' FROM 'userdb' "
. "WHERE 'email' = ' " . $_POST['email'] . " ' ", $mysql);
if(mysql_num_rows($checkemail) == "1") {
echo <<<TAKEN
That user name has already been taken
TAKEN;
include "register.php";
exit; }
if(strlen('$_POST[email]' > 32)){
echo "Username is too long";
include "register.php";
exit;
}
if($_POST'[password]' != $_POST'[password2]'){
echo "The passwords entered do not match, try again.";
include "register.php";
exit; }
$password = md5($_POST'[password]');
mysql_query("INSERT INTO 'userdb' ('username' . 'password') "
. "VALUES (' " . $email . " ' , ' " . $password . " ')" , $mysql);
echo "account created successfully <a href="index.php">Click here to return to login page.</a>";
?>This next code, is the script to check if a persons name exist in the database, and the password matches. If so login.
Code: Select all
<?php
session_start();
include "mysql.inc.php";
$_POST['email'] = addslashes($_POST['email']); //protects agian mysql injection
$_POST['password'] = addslashes($_POST['password']); //same as above
$password = md5($_POST['password']); //encrypt the password
$userrow = mysql_query("SELECT * FROM 'userdb' " . " WHERE 'email' = ' " $_POST['email'] . " ' "
. " & $password . " ';",$mysql);
if(mysql_num_rows($userrow) != "1"){
//no rows found, wrong password or username
echo "<a href="index.php">Click here to return to login page</a>"
} else {
//1 row exactly found, this user is valid start session, and take to main page
$_SESSION['user'] = $_POST['email'];
header("location: main.php");
}
?>