I have tried Get and Post. Here is what I currently have. Now please remember I am in the middle of simplifying it and making it to work with globals off. I learned with them on. This paste below is the entire page they login to.
---------------------------------------------------------------------------------
<? ob_start();
session_start();
include ("config.php");
include ("config.inc.php");
include ("uonline.php");
if ($_POST[login] && $_POST[password])
{
// if the user has just tried to log in make sure the username is there.
$db_conn = mysql_connect("localhost", "$DBuser", "$DBpass");
mysql_select_db("$DBname");
$query = "select * from users "
."where user='$_POST[login]' ";
$result = mysql_query($query, $db_conn);
if (mysql_num_rows($result) ==0 ) { echo "Sorry but no such username<BR>Please go back and try again.<BR>"; exit; } else {
$query = "select * from users "
."where user='$_POST[login]' "
." and password=password('$_POST[password]')";
$result = mysql_query($query, $db_conn);
if (mysql_num_rows($result) ==0 ) { echo "Sorry but that password does not match the username.<BR>";
exit; } else { // continue
}
// if they are in the database register the user id
// fetch the results from the database.
$sqlquery = "SELECT * From users where user='$_POST[login]'";
$result=mysql_query($sqlquery);
$num=mysql_num_rows($result);
$i=0;
while ($i < $num) {
$realname=mysql_result($result,$i,'realname');
$realname=htmlspecialchars($realname);
$valid_user=mysql_result($result,$i,'user');
$valid_user=htmlspecialchars($valid_user);
$email=mysql_result($result,$i,'email');
$fast=mysql_result($result,$i,'approved');
$uid=mysql_result($result,$i,'uid');
$level=mysql_result($result,$i,'level');
$adminsignature=mysql_result($result,$i,'admin_signature');
++$i;
}
session_register("valid_user", "email", "fast", "uid", "level" , "adminsignature");
if ($_REQUEST[addcookie]==YES) {
setcookie("valid_user",$valid_user,604800,"/","
www.closedgamesystems.com");
setcookie("email",$email,604800,"/","
www.closedgamesystems.com");
setcookie("check",valid_user,604800,"/","
www.closedgamesystems.com");
} else { // dont add a cookie
}ob_end_flush();
$lastip=($REMOTE_ADDR);
$sql=("UPDATE users SET lastip='$lastip' WHERE user='$valid_user'");
$result=mysql_query($sql);
// check for dupes
$sqlquery = "SELECT * From users where lastip='$lastip' and user<>'$login'";
$result2=mysql_query($sqlquery);
$num2=mysql_num_rows($result2);
if ($num2==0) { // do nothing
} else {
// Shared Mod
// see if the user is in the shared table.
$sqlquery = "SELECT * From shared where trader='$valid_user'";
$result5=mysql_query($sqlquery);
$num3=mysql_num_rows($result5);
if ($num3==0) {
//email to me
$recipient2 = $email2;
$subject2 = "Possible Dupe";
$message2 = "This is a note to tell you that $valid_user with email address of $email has logged on with the ip address of $REMOTE_ADDR and it matches at least one other.";
$extra2 = "From:
possibledupe@coastgames.com";
mail ($recipient2,$subject2,$message2,$extra2);
} else {
//they are valid.. do nothing
}
// End of Shared Mod
}
}
}
if (empty($_SESSION['valid_user']))
{
include("cookie.php"); } else { // nothing
}
?>
<?
if (session_is_registered("valid_user"))
{ // Start of main page.
?>
<html>
<head>
<title><? echo $yourheading; ?></title>
<link rel="stylesheet" href="<? echo $path; ?>/themes/<? echo $theme; ?>/style.css" type="text/css" />
</head>
<body>
<? include ("$path/themes/$theme/top.php"); ?>
<table width="95%" border="0" cellspacing="1" cellpadding="1">
<tr>
<td width="180" valign="top">
<table width="180" border="0" cellspacing="1" cellpadding="1">
<tr>
<td><? include ("$path/main_menu.php"); ?></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td><? include ("$path/menu2.php"); ?></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td><? include ("$path/menu_games.php"); ?></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td><? if ($_SESSION[level] >=5) { include ("$path/admin/menu_admin.php"); } else {// nothing
echo " "; } ?>
</td>
</tr>
<tr>
<td> </td>
</tr>
</table>
</td>
<td width="74%" valign="top"><? include ("$path/closed_games.php"); ?></td>
</tr>
</table>
<?
}
else
{ echo "Sorry. Either you are not logged in your or your username or password was not correct. Please hit the back button and try it again."; }
?>
</div>
</body>
</html>
----------------------------------------------------------------------------
Below here is my cookie.php
<?
if (empty($_SESSION['valid_user']))
{
if (isset($_COOKIE["check"]))
{
mysql_connect($DBhost,$DBuser,$DBpass) or
die("Unable to connect to database");
@mysql_select_db("$DBname") or die("Unable to select
database");
$sqlquery = "SELECT * From users where user='".$_COOKIE["valid_user"]."' and email='".$_COOKIE["email"]."'";
$result=mysql_query($sqlquery);
$num=mysql_num_rows($result);
$i=0;
while ($i < $num) {
$realname=mysql_result($result,$i,'realname');
$realname=htmlspecialchars($realname);
$valid_user=mysql_result($result,$i,'user');
$valid_user=htmlspecialchars($valid_user);
$email=mysql_result($result,$i,'email');
$fast=mysql_result($result,$i,'approved');
$uid=mysql_result($result,$i,'uid');
$trusted=mysql_result($result,$i,'password');
$receivenews=mysql_result($result,$i,'receivenews');
$level=mysql_result($result,$i,'level');
$adminsignature=mysql_result($result,$i,'admin_signature');
++$i;
}
session_register("valid_user", "email", "fast", "uid", "level" , "adminsignature");
// update cookie for time expiration
//ob_start();
setcookie("valid_user",$valid_user,604800,"/","
www.closedgamesystems.com");
setcookie("email",$email,604800,"/","
www.closedgamesystems.com");
setcookie("check",valid_user,604800,"/","
www.closedgamesystems.com");
//ob_end_flush();
?><meta http-equiv="refresh" content="0"><?
}
else
{
// TestCookie does NOT exist do nothing
}
}
?>
-----------------------
I am also in the middle of making everything all straight php.