Code: Select all
<?php
// expire cookie
setcookie ("loggedin", "", time() - 3600);
include("include.php");
// connect to the mysql server
$link = mysql_connect($server, $username, $password)
or die ("Could not connect to mysql because ".mysql_error());
// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());
switch($_GET['action'])
{
case "newpass":
$user = $_POST['user'];
setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("fedex_username", "$user");
include("cookie.php");
$pass = $_POST['password'];//get password from form
$pass2 = $_POST['password2'];//get password2 from form
//USER AND PASSWORD LENGTH CHECK
$min_length = 6; //this value is the minimal length that we desire our passwords
//to be if the username or the password is shorter than 6 chars the user is sent
//to a previously prepared custom error page
echo "<div align=\"center\">";
if(strlen($pass) < $min_length)
{
echo "Sorry, but your password is less than $min_length characters.<br>";
echo "<a href=\"javascript: history.go(-1);\">Try again</a>";
die();
}
if (($pass)!=($pass2)) //if the values stored in the 2 variables are
//different we redirect the users to a previously created error page
{
echo "Sorry, but your passwords do not match.<br>";
echo "<a href=\"javascript: history.go(-1);\">Try again</a>";
die();
}
$query = "UPDATE members SET password = '".md5($_POST['password'])."' WHERE user = '$fedex_username'";
mysql_query($query);
echo "<meta http-equiv=\"refresh\" content=\"3;URL=/fedex1/\"><base target=\"_parent\">Thank you for updating your password. You will be redirected to the main page.";
echo "</div>";
die();
break;
}
$pass = md5($_POST['password']);
$temp_pass = md5("fedexeval1");
$match = "select id from members where user = '".$_POST['user']."'
and password = '".md5($_POST['password'])."';";
$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);
if ($num_rows <= 0) {
echo "<div align=\"center\">";
echo "Sorry, there is no username \"$user\" with the specified password. Please check your information.<br>";
echo "<a href=\"javascript: history.go(-1);\">Try again</a>";
echo "</div>";
exit;
} else {
//**********************************************************************
//Set the cookie
//**********************************************************************
setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("fedex_username", "$user");
if ($pass == $temp_pass)
{
echo "<div align=\"center\">";
echo "You are now logged in, <b>$user</b>, but you are required to change your password.<br><form action=\"user_login.php?action=newpass\" method=\"POST\"><table align=\"center\" width=\"30%\"><tr>
<td>Password<br>(6 - 12 characters):</td>
<td><input type=\"hidden\" name=\"user\" value=\"$user\"><input type=\"password\" name=\"password\" size=\"20\"></td>
</tr>
<tr>
<td>Re-enter password:</td>
<td><input type=\"password\" name=\"password2\" size=\"20\"></td>
</tr>
<tr align=\"center\">
<td colspan=\"2\"><input type=\"submit\" value=\"Update\"></td>
</tr></table></form><br>";
echo "</div/>";
}
else
{
echo "<div align=\"center\">";
echo "<meta http-equiv=\"refresh\" content=\"2;URL=javascript:window.open('/fedex1/','_parent');\">Thank you for logging in, $user! Please wait...<br>";
echo "</div>";
}
}
//echo "</div>";
?>Here is the script to check whether the user is logged in or not, and if so, display the "Welcome" text.
Code: Select all
<?php
$fedex_username = $HTTP_COOKIE_VARS["fedex_username"];
if (!isset($_COOKIE['loggedin']))
{
echo "";
}
else
{
echo "<td align=\"center\"><font color=\"00cc00\">[</font><a href=\"roster.php\" target=\"main\">Manage Employee Roster</a><font color=\"00cc00\">]</font> | <font color=\"00cc00\">[</font><a href=\"add_eval.php\" target=\"main\">Submit Evaluations</a><font color=\"00cc00\">]</font> | <font color=\"00cc00\">[</font><a href=\"view_eval.php\" target=\"_new\">View Evaluations</a><font color=\"00cc00\">]</font> | <font color=\"00cc00\">[</font><a href=\"tools.php\" target=\"main\">Database Tools</a><font color=\"00cc00\">]</font></td></tr><tr><td colspan=\"2\" align=\"left\">Welcome, $fedex_username. [ <a href=\"logout.php\" target=\"_parent\">logout</a> ]";
}
?>Code: Select all
<?php
// expire cookie
setcookie ("loggedin", "", time() - 3600);
$user = $_POST['user'];
echo "<meta http-equiv=\"refresh\" content=\"2;URL=javascript:window.open('/fedex1/','_parent');\">Logging <b>$user</b> out of the system...";
?>