login.php:
Code: Select all
<?php
ob_start("ob_gzhandler");
session_start();
$e = $_SESSION['ship_email'];
echo "$e"; //for testing
?>
<html>
<head>
<SCRIPT language="JavaScript">
function submitform()
{
document.myform.submit();
}
</SCRIPT>
<link rel="stylesheet" href="http://domain.com/new/css.css" type="text/css">
<!--[if IE]><style type="text/css">@import "ie.css";</style><![endif]-->
</head>
<body>
<div align="center">
<table information...>
<?php
if(isset($_SESSION['ship_email']))
{
$e = $_SESSION['ship_email'];
?>
<div class="header">
<ul>
<li><a href="http://domain.com/new">Home</a></li>
<li><a href="http://domain.com/new/index.php?page=products">Products</a></li>
</table>
<?php
require_once('mysqladmin.php');
$query = "SELECT * FROM cust WHERE ship_email='$e'";
$result = mysql_query($query);
$num = mysql_num_rows($result);
$row = mysql_fetch_array($result, MYSQL_NUM);
echo "Welcome $row[4] $row[5]";
}
else if(isset($_POST['login_submit'])) //form has just been submitted
{
require_once('mysqladmin.php');
if(empty($_POST['user']))//if email is not entered
{
$ship_email = FALSE;
echo '<B><P ALIGN=RIGHT>YOU FORGOT TO ENTER YOUR EMAIL!</p></B>';
}
else// email is entered, parse it
{
$ship_email = $_POST['user'];
}
if(empty($_POST['password']))//if password is not entered
{
$p = FALSE;
echo '<P ALIGN=RIGHT><B>YOU FORGOT TO ENTER A PASSWORD!</B></P>';
}
else //password entered, parse it
{
$p = $_POST['password'];
}
if($ship_email && $p)//username and password are OK - QUERY DATABASE
{
$query = "SELECT * FROM cust
WHERE ship_email='$ship_email' AND password=PASSWORD('$p')";
$result = @mysql_query($query);
$row = mysql_fetch_array($result, MYSQL_NUM);
if($row)
{
session_start();
$_SESSION['ship_email'] = $row[15];
$e = $_SESSION['ship_email'];
?>
<table>
<div class="header">
<ul>
<li><a href="http://domain.com/new">Home</a></li>
<li><a href="http://domain.com/new/index.php?page=products">Products</a></li>
</div>
</table>
<META HTTP-EQUIV="Refresh" CONTENT="3;
URL=http://www.domain.com/new/login.php">
<?php
echo "$e"; //for testing
ob_end_flush();
}//if($row)
else// username and password are not found in the database
{
echo '<P ALIGN=RIGHT><B>THE USERNAME-PASSWORD DO NOT MATCH OUR DATABASE!</B></P>';
}
}//if($ship_email && $p)
else
{
echo '<P ALIGN=RIGHT><B>PLEASE TRY AGAIN!</B></P>';
}
mysql_close();
}//if(isset($_POST['login_submit']))
?>
else
{
?>
<div class="header">
<ul>
<li><a href="http://domain.com/new">Home</a></li>
<li><a href="http://domain.com/new/index.php?page=products">Products</a></li>
</div>
</table>
<table>
<tr>
<form name="myform" action="http://domain.com/new/login.php" method="post">
<td>Email address:</td>
<td></td>
<td><p class="regbox">
<input type="Text" name="user" value="" size="70" /></td>
</tr>
<tr>
<td><p class="regbox">
<input type="password" name="password" value="" size="70" /></td>
</tr>
<tr>
<td><a href="javascript: submitform()">
<input type="hidden" name="login_submit" value="Login">Login</td>
</tr>
<?php
}
?>
</div>
</body>
</html>