So this is the login.php:
Code: Select all
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Log in!</title>
<style type="text/css">
<!--
.toutborder {
border: 1px solid #000;
margin: 1px;
padding: 1px;
float: none;
font-family: Tahoma;
font-size: 10px;
}
.tinborder {
border: 1px solid #000;
margin: 1px;
padding: 1px;
float: none;
font-family: Tahoma;
font-size: 10px;
background-color: #903;
color: #FFF;
}
.trstyle {
border: 1px solid #000;
margin: 1px;
padding: 1px;
float: none;
font-family: Tahoma;
font-size: 10px;
}
.statusgreen {
border: 1px solid #000;
margin: 1px;
padding: 1px;
float: none;
font-family: Tahoma;
font-size: 10px;
background-color: #093;
color: #FFF;
}
.statusred {
border: 1px solid #000;
margin: 1px;
padding: 1px;
float: none;
font-family: Tahoma;
font-size: 10px;
background-color: #903;
color: #FFF;
}
.statusgrey {
border: 1px solid #000;
margin: 1px;
padding: 1px;
float: none;
font-family: Tahoma;
font-size: 10px;
background-color: #999;
color: #FFF;
}
-->
</style>
</head>
<body>
<?PHP
// Connects to your Database
mysql_connect("localhost", "sc-fans", "**********") or die(mysql_error());
mysql_select_db("sc-fans") or die(mysql_error());
//Checks if there is a login cookie
if(isset($_COOKIE['ach_username']))
//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ach_username'];
$pass = $_COOKIE['ach_password'];
$check = mysql_query("SELECT * FROM ach_users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: /ach/view_ach.php");
}
}
}
//if the login form is submitted
if (isset($_POST['login'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>Message: You didn't complete all fields. <a href='javascript:self.history.back();'>Return</a>.</td></tr></table>";
exit();
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$usernamec = $_POST['username'];
$check = mysql_query("SELECT * FROM ach_users WHERE username ='$usernamec' ")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>Message: That user don't exist in our database. <a href='/ach/register.php'>Sign up</a> for an account today or <a href='javascript:self.history.back();'>return</a>.</td></tr></table>";
exit();
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password'])
{
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>Message: Incorrect password, please try again. <a href='javascript:self.history.back();'>Return</a>.</td></tr></table>";
exit();
}
else
{
// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 360000;
setcookie(ach_username, $_POST['username'], $hour);
setcookie(ach_password, $_POST['pass'], $hour);
//then redirect them to the members area
header("Location: /ach/view_ach.php");
}
}
}
?>
<form action="<?PHP $_POST['PHP_SELF']; ?>" method="post">
<table width='323' class='toutborder' cellspacing='2' cellpadding='2'>
<tr width='100%'>
<td class='tinborder' algin='center' width='40%'>Username:</td>
<td class='trstyle' align='center' width='60%'><input type='text' name='username'></td>
</tr>
<tr width='100%'>
<td class='tinborder' algin='center' width='40%'>Password:</td>
<td class='trstyle' align='center' width='60%'><input type="password" name="pass"/></td>
</tr>
<tr>
<td colspan="2" align='center' class='trstyle'><input type='submit' name='login' value='Log in'></td>
</tr>
</table>
</form>
</body>
</html>Code: Select all
<?PHP
include("connect.php");
include("vars.php");
//This code runs if the form has been submitted.
if (isset($_POST['register'])) {
//This makes sure they did not leave any fields blank.
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] | !$_POST['email'] | !$_POST['email2'] | !$_POST['vpncharacter']) {
echo $topregister;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>We warned you. Did we not? Complete all of the required fields. <a href='javascript:self.history.back();'>Return</a>.</td></tr></table>";
echo $bottom;
exit();
}
//Checks if the username is in use.
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM ach_users WHERE username = '$usercheck'",$connect);
$check2 = mysql_num_rows($check);
//If username exists then give error.
if ($check2 != 0)
{
echo $topregister;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>Error: Sorry, the username ";
echo $_POST['username'];
echo " is already in use. Maybe you should think of new one? <a href='javascript:self.history.back();'>Return</a>.</td></tr></table>";
echo $bottom;
exit();
}
//This makes sure both passwords entered match.
if ($_POST['pass'] != $_POST['pass2'])
{
echo $topregister;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>We warned you. Did we not? Your passwords did not match. <a href='javascript:self.history.back();'>Return</a>.</td></tr></table>";
echo $bottom;
exit();
}
//Here we encrypt the password and add slashes if needed.
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc())
{
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
}
//This makes sure both emails enetered match.
if ($_POST['email'] != $_POST['email2'])
{
echo $topregister;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>We warned you. Did we not? Your entered e-mails did not match. <a href='javascript:self.history.back();'>Return</a>.</td></tr></table>";
echo $bottom;
exit();
}
//Checks if the e-mail is in use.
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$emailcheck = $_POST['email'];
$check = mysql_query("SELECT username FROM ach_users WHERE email='$emailcheck'",$connect);
$check2 = mysql_num_rows($check);
//If email exists then give error.
if ($check2 != 0)
{
echo $topregister;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>Error: Sorry, the e-mail ";
echo $_POST['email'];
echo " is already in use. Maybe try some other working e-mail? <a href='javascript:self.history.back();'>Return</a>.</td></tr></table>";
echo $bottom;
exit();
}
//Checks if the vpn character name is in use.
if (!get_magic_quotes_gpc()) {
$_POST['vpncharacter'] = addslashes($_POST['vpncharacter']);
}
$vpncharactercheck = $_POST['vpncharacter'];
$check = mysql_query("SELECT username FROM ach_users WHERE vpncharacter='$vpncharactercheck'",$connect);
$check2 = mysql_num_rows($check);
//If email exists then give error.
if ($check2 != 0)
{
echo $topregister;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>Error: Sorry, somebody else has signed up with this ";
echo $_POST['vpncharacter'];
echo " character. <a href='javascript:self.history.back();'>Return</a>.</td></tr></table>";
echo $bottom;
exit();
}
//Now we insert it into the database.
$insert = mysql_query("INSERT INTO ach_users (username, password, email, vpncharacter) VALUES ('".$_POST['username']."', '".$_POST['pass']."', '".$_POST['email']."', '".$_POST['vpncharacter']."')",$connect);
$add_member = mysql_query($insert);
echo $topregister;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>Good news: Your account has been successfully created. You can now <a href='/ach/login.php'>log in</a>.</td></tr></table>";
echo $bottom;
exit();
}
else {
echo $topregister;
echo "
<form action='" . $_POST['PHP_SELF'] . "' method='post'>
<table width='323' class='toutborder' cellspacing='2' cellpadding='2'>
<tr width='100%'>
<td colspan='2' class='tinborder' align='center' width='100%'>Hello, want to sign up? Do it below, but be sure to complete all fields and enter accurate information in case we need to contact you.</td>
</tr>
<tr width='100%'>
<td class='tinborder' align='center' width='40%'>Username:</td>
<td class='trstyle' align='center' width='60%'><input type='text' name='username'></td>
</tr>
<tr width='100%'>
<td class='tinborder' align='center' width='40%'>Password:</td>
<td class='trstyle' align='center' width='60%'><input type='password' name='pass'></td>
</tr>
<tr width='100%'>
<td class='tinborder' align='center' width='40%'>Repeat password:</td>
<td class='trstyle' align='center' width='60%'><input type='password' name='pass2'></td>
</tr>
<tr width='100%'>
<td class='tinborder' align='center' width='40%'>E-mail:</td>
<td class='trstyle' align='center' width='60%'><input type='text' name='email'></td>
</tr>
<tr width='100%'>
<td class='tinborder' align='center' width='40%'>Repeat e-mail:</td>
<td class='trstyle' align='center' width='60%'><input type='text' name='email2'></td>
</tr>
<tr width='100%'>
<td class='tinborder' align='center' width='40%'>VPN Character:</td>
<td class='trstyle' align='center' width='60%'><input type='text' name='vpncharacter'></td>
</tr>
<tr>
<td colspan='2' align='center' class='trstyle'><input type='submit' name='register' value='Create Account!'></td>
</tr>
</table>
</form>";
echo $bottom;
}
?>
Code: Select all
if(isset($_COOKIE['ach_username']))
{
echo "You are member!";
}
else
{
echo "You are not a member!";
}Also I would like to remake the login script so there would be user groups - users and admins because otherwise I do user groups like this:
For users one table in database and output:
Code: Select all
if(isset($_COOKIE['ach_username']))
{
echo "You are member!";
}
else
{
echo "You are not a member!";
}Code: Select all
if(isset($_COOKIE['ach_admin_password'])=='$adminpassword') {
$adminpassword = checkpassword;
$checkpassword = mysql_query("SELECT * FROM ach_admins WHERE password ='$adminpassword' ")or die(mysql_error());
{
echo "You are admin!";
}
else
{
echo "You are nobody!";
}