Login.php
Code: Select all
<?php
include_once('db.php');
session_start();
// Check if user wants to login (GET info)
if(isset($_GET['try'])) {
// That's nice, user wants to login. But lets check if user has filled in all information
If(empty($_POST['username']) OR empty($_POST['password'])) {
echo 'Please fill in all the required fields!';
}
else {
$username = addslashes($_POST['username']);
$password = md5($_POST['password']);
$query = mysql_query("SELECT uid FROM users WHERE username = '" . $username . "' AND passsword = '" . $password . "'") or die(mysql_error());
list($user_id) = mysql_fetch_row($query);
// If the user_id is empty no combination was found
if(empty($user_id)) {
echo 'No combination of username and password found.';
}
else{
// the user_id variable doesn't seem to be empty, so a combination was found!
// Create new session, store the user id
$_SESSION['user_id'] = $user_id;
header('location: profile.php');
}
}
}
?>
<form action="login.php?try=true" method="post">
Username: <input type="text" name="username"><br>
<br>
Password: <input type="password" name="password"><br>
<br>
<input type="submit" value="Login">
<a href="register.php"> Register </a>
</form>profile.php
Code: Select all
<?php
include_once('db.php');
session_start();
if(isset($_SESSION['user_id'])) {
// User is logged in!
$query = mysql_query("SELECT username FROM users WHERE UID = " . $_SESSION['user_id'] . " LIMIT 1") or die(mysql_error());
list($username) = mysql_fetch_row($query);
echo 'Hi '. $username . ', welcome to your profile!';
}
else {
header('location: login.php');
}
?>I appreciate the responses.... best way to learn.