-
Notifications
You must be signed in to change notification settings - Fork 1
/
signinpost.php
127 lines (114 loc) · 4.69 KB
/
signinpost.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<html>
<head>
<title>Signed In</title>
<link rel="stylesheet" type="text/css" href="css/signup.css">
</head>
<body>
<?php
include 'nvgbar.php';
?>
<br><br>
<div class="formstyle">
<center>
<h1>Sign In Now!<span>Sign in and start posting!!</span></h1>
</center>
</div>
<?php
include "connect.php";
//session_start();
$errors = array(); /* declare the array for later use */
if(!isset($_POST['username']))
{
$errors[] = 'The username field must not be empty.';
}
if(!isset($_POST['password']))
{
$errors[] = 'The password field must not be empty.';
}
if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
{
echo 'Uh-oh.. a couple of fields are not filled in correctly..';
// echo "<br><br><p style='font-size:34px; text-align:center; font-weight:bold;'>You have a problem while signing up..";
echo '<ul>';
foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
{
echo '<li>' . $value . '</li>'; /* this generates a nice error list */
}
echo '</ul>';
}
else
{
//the form has been posted without errors, so save it
//notice the use of mysql_real_escape_string, keep everything safe!
//also notice the sha1 function which hashes the password
/* $sql = "SELECT
id,
username,
user_level
FROM
users
WHERE
username = '" . mysql_real_escape_string($_POST['username']) . "'
AND
password = '" . sha1($_POST['password']) . "'";
$result = mysql_query($sql);*/
$user = $_POST['username'];
$pass = sha1($_POST['password']);
// echo "$pass";
$query = mysql_query("SELECT * FROM users WHERE username='$user'");
$numrows = mysql_num_rows($query);
if ($numrows!=0)
{
//while loop
while ($row = mysql_fetch_assoc($query))
{
//$dbusername = $row['username'];
//$dbpassword = $row['password'];
//echo "$pass";
if($pass==$row['password'])
{
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
$_SESSION['user_level'] = $row['user_level'];
$_SESSION['signed_in'] = true;
//echo 'Welcome, ' . $_SESSION['username'] . '. <a href="posts.php">Proceed to the forum overview</a>.';
header("location:index.php");
}
else
{
echo "<br><br><p style='font-size:34px; text-align:center; font-weight:bold;'>You have supplied a wrong user/password combination. Please try again.</p>";
echo '<p style="text-align:center; font-size:19px; font-weight:bold; font-decoration:none;"><a href="signin.php">Sign In again</a></p>';
}
}
//set the $_SESSION['signed_in'] variable to TRUE
//we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
// while($row = mysql_fetch_assoc($result))
// {
//}
}
/*if(!$result)
{
//something went wrong, display the error
echo 'Something went wrong while signing in. Please try again later.';
//echo mysql_error(); //debugging purposes, uncomment when needed
}*/
//else
//{
//the query was successfully executed, there are 2 possibilities
//1. the query returned data, the user can be signed in
//2. the query returned an empty result set, the credentials were wrong
else
{
echo 'You have supplied a wrong user/password combination. Please try again.';
}
//else
//{
//}
//}
}
?>
<?php
include 'footer.php';
?>
</body>
</html>