Thanks for looking! No problem ...
Here is my checkuser.php code. This runs when the submit button on my login page is clicked.
Code: Select all
<?
/* Check User Script */
session_start(); // Start Session
include 'db.php';
// Convert to simple variables
$username = $_POST['username'];
$password = $_POST['password'];
if((!$username) || (!$password)){
$enter_all = "Please enter ALL of the information.";
echo "Please enter ALL of the information! <br />";
include 'login_form.php';
exit();
}
// Convert password to md5 hash, don't forget to change $password to $encrypt_password in the sql query below
//$encrypt_password = md5($password);
// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'");
$login_check = mysql_num_rows($sql);
if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$$key = stripslashes( $val );
}
// Register some session variables!
session_register('first_name');
$_SESSION['first_name'] = $first_name;
session_register('last_name');
$_SESSION['last_name'] = $last_name;
session_register('email_address');
$_SESSION['email_address'] = $email_address;
session_register('special_user');
$_SESSION['user_level'] = $user_level;
mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");
//redirect to file login_success.php
header("Location: login_success.php");
}
} else {
$not_loggedin = "You could not be logged in! Either the username and password do not match or you have not validated your account!";
echo "You could not be logged in! Either the username and password do not match or you have not validated your account!<br />
Please try again!<br />";
include 'login_form.php';
}
?>
Code: Select all
Everything works. It authenticates user and brings up login page, you login and see the members area.
and this is my code for my register as a new user page:
Code: Select all
<?
include 'db.php';
// Define post fields into simple variables
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email_address = $_POST['email_address'];
$business_name = $_POST['business_name'];
$phone = $_POST['phone'];
$tax_id = $_POST['tax_id'];
$username = $_POST['username'];
$password = $_POST['password'];
$info = $_POST['info'];
/* Let's strip some slashes in case the user entered
any escaped characters. */
$first_name = stripslashes($first_name);
$last_name = stripslashes($last_name);
$email_address = stripslashes($email_address);
$business_name = stripslashes($business_name);
$phone = stripslashes($phone);
$tax_id = stripslashes($tax_id);
$username = stripslashes($username);
$password = stripslashes($password);
$info = stripslashes($info);
/* Do some error checking on the form posted fields */
if((!$first_name) || (!$last_name) || (!$email_address) || (!$business_name) || (!$phone) || (!$tax_id) || (!$username) || (!$password)){
$required_info = "You did not submit the following required information!";
echo 'You did not submit the following required information! <br />';
if(!$first_name){
$required_name = "First Name is a required field. Please enter it below.";
echo "First Name is a required field. Please enter it below.<br />";
}
if(!$last_name){
$required_lname = "Last Name is a required field. Please enter it below.";
echo "Last Name is a required field. Please enter it below.<br />";
}
if(!$email_address){
$required_email = "Email Address is a required field. Please enter it below.";
echo "Email Address is a required field. Please enter it below.<br />";
}
if(!$business_name){
$required_business = "Business Name is a required field. Please enter it below.";
echo "Business Name is a required field. Please enter it below.<br />";
}
if(!$phone){
$required_phone = "Phone is a required field. Please enter it below.";
echo "Phone is a required field. Please enter it below.<br />";
}
if(!$tax_id){
$required_tax_id = "Resale # is a required field. Please enter it below.";
echo "Resale # is a required field. Please enter it below.<br />";
}
if(!$username){
$required_username = "Desired Username is a required field. Please enter it below.";
echo "Desired Username is a required field. Please enter it below.<br />";
}
if(!$password){
$required_password = "Desired Password is a required field. Please enter it below.";
echo "Desired Password is a required field. Please enter it below.<br />";
}
include 'join.php'; // Show the form again!
/* End the error checking and if everything is ok, we'll move on to
creating the user account */
exit(); // if the error checking has failed, we'll exit the script!
}
/* Let's do some checking and ensure that the user's email address or username
does not exist in the database */
$sql_email_check = mysql_query("SELECT email_address FROM users WHERE email_address='$email_address'");
$sql_username_check = mysql_query("SELECT username FROM users WHERE username='$username'");
$sql_password_check = mysql_query("SELECT password FROM users WHERE password='$password'");
$email_check = mysql_num_rows($sql_email_check);
$username_check = mysql_num_rows($sql_username_check);
$password_check = mysql_num_rows($sql_password_check);
if(($email_check > 0) || ($username_check > 0) || ($password_check > 0)){
$please_fix = "Please fix the following errors:";
echo "Please fix the following errors: <br />";
if($email_check > 0){
$email_used = "Your email address has already been used by another member in our database. Please submit a different Email address!";
echo "<strong>Your email address has already been used by another member in our database. Please submit a different Email address!<br />";
unset($email_address);
}
if($username_check > 0){
$username_used = "The username you have selected has already been used by another member in our database. Please choose a different Username!";
echo "The username you have selected has already been used by another member in our database. Please choose a different Username!<br />";
unset($username);
}
if($password_check > 0){
$password_used = "The password you have selected has already been used by another member in our database. Please choose a different Password!";
echo "The password you have selected has already been used by another member in our database. Please choose a different Password!<br />";
unset($password);
}
include 'join.php'; // Show the form again!
exit(); // exit the script so that we do not create this account!
}
/* Everything has passed both error checks that we have done.
It's time to create the account! */
// Encrypt the password, dont forget to change $password to $encrypt_password in the sql query below
//$encrypt_password = md5($password);
// Enter info into the Database.
$info2 = htmlspecialchars($info);
$sql = mysql_query("INSERT INTO users (first_name, last_name, email_address, business_name, phone, tax_id, username, password, info, signup_date)
VALUES('$first_name', '$last_name', '$email_address', '$business_name', '$phone', '$tax_id', '$username', '$password', '$info2', now())") or die (mysql_error());
if(!$sql){
$error = "There has been an error creating your account. Please contact the webmaster.";
echo 'There has been an error creating your account. Please contact the webmaster.';
} else {
$userid = mysql_insert_id();
// Let's mail the user!
$subject = "Account at My Website!";
$message = "Dear $first_name $last_name,
Thank you for registering at our website, http://www.abc.com!
You will recieve an email once your account is approved or declined.
Upon approval, you will be able to login with the following information:
Username: $username
Password: $password
Thanks!
John Doe
This is an automated response, please do not reply!";
// Let's mail ourselves!
$subject2 = "Account request at My Website!";
$message2 = "Hey me,
You have a wholesale account request to approve.
Name: $first_name $last_name
Email: $email_address
Business: $business_name
Phone: $phone
Tax Id: $tax_id
Desired username: $username
Desired password: $password
To activate their account, click here: http://www.primitive-beginnings.com/members/activate.php?id=$userid&code=$password
Remember to send them an email letting them know they have been approved.
Thanks,
Me :)";
mail($email_address, $subject, $message, "From: Webmaster<myemail@mywebsite.com>\nX-Mailer: PHP/" . phpversion());
mail("myemail@mywebsite.com", $subject2, $message2, "From: Webmaster<myemail@mywebsite.com>\nX-Mailer: PHP/" . phpversion());
echo 'Your account information has been mailed to your email address! Please check it and follow the directions!';
}
?>
Code: Select all
Everything works here too. The account is entered into database, the emails go out, I activate account, they can login.
That is a lot of code to look at!