Skip to content

Instantly share code, notes, and snippets.

@Moketronics

Moketronics/login.php

Created March 20, 2012 18:21
Show Gist options
  • Save Moketronics/2139152 to your computer and use it in GitHub Desktop.
Save Moketronics/2139152 to your computer and use it in GitHub Desktop.
Download ZIP
login
Raw
login.php
<?php
/* * * * * * * * * * * * * * * * * * *
*
* Tile Product Management System
* Name: login.php
* Version: DEV
* By: Michael Ramsey ([email protected], @moketronics)
*
* Last Updated: March 20, 2012 - Michael Ramsey
*
* * * * * * * * * * * * * * * * * * */
require_once('../../../mysql_connect.php');
include ('./includes/functions.php');
session_start();
switch ($_GET['action']) {
case "logout":
setcookie('user_id', '', time()-1000);
setcookie('auth_hash', '', time()-1000);
session_destroy();
header("location:index.php");
break;
case 'check':
if ($_POST['submit'] == 'Login') {
$clean_email = strip_tags(stripslashes(mysql_real_escape_string($_POST['email'])));
$clean_password = sha1(strip_tags(stripslashes(mysql_real_escape_string($_POST['password']))));
$query = "SELECT * FROM users WHERE e_mail='$clean_email' AND password='$clean_password'";
$result = mysql_query($query) or die ("Query failed");
if(mysql_num_rows($result) == 1) {
$aUser_data = mysql_fetch_row($result);
$_SESSION['user_id'] = $aUser_data[0];
$_SESSION['user_name'] = ($aUser_data[2] . ' ' . $aUser_data[3]);
$_SESSION['permission'] = $aUser_data[5]; # not sure if this is the right field. Check later.
if ($_POST['persist'] == 'yes') {
setcookie('user_id', $aUser_data[0], (time() + 2592000));
$randomhash = sha1(mt_rand());
setcookie('auth_hash', $randomhash, (time() + 2592000));
// Insert random hash into database to authenticate user when they return
// Maybe I should add another special token for authentication like http://jaspan.com/improved_persistent_login_cookie_best_practice ?
$query = 'UPDATE users SET auth_hash="' . $randomhash . '" WHERE user_id=' . $aUser_data[0];
$result = mysql_query($query);
}
if (isset($_GET['redirect_to'])) {
$redirect = urldecode($_GET['redirect_to']);
header("location:$redirect");
} else {
header("location:index.php?action=yes");
}
} else {
header("location:index.php?action=no");
}
}
break;
case 'yes':
if (isset($_SESSION['user_id'])) {
$sPage_title = 'Login Successful';
include ('./includes/header.html');
$status = "<h2>You are logged in!</h2>\n";
break;
}
case 'no':
$status = "<h2>Login failed, e-mail or password incorrect. Please try again.</h2>\n";
default:
$sPage_title = 'Login';
include ('./includes/header.html');
// doesn't actually do anything right now
if (isset($status)) {
echo $status;
}
?>
<div class="center_box" style="width:300px;">
<form name="form" method="post" action="login.php?action=check<?php if (isset($_GET['redirect_to'])) { echo '&redirect_to=' . $_GET['redirect_to']; }?>">
<h4>Please Login:</h4>
<table>
<tr>
<td><label for="email">E-mail:</label></td>
<td><input name="email" type="text" id="email" /></p>
</tr>
<tr>
<td><label for="password">Password:</label></td>
<td><input name="password" type="password" /></td>
</tr>
<tr>
<td colspan="2"><input type="checkbox" value="yes" name="persist" /> <label for="persist">Remember me for 30 days</label></td>
</tr>
<tr>
<td colspan="2"><input type="submit" name="submit" value="Login"/></td>
</tr>
</table>
</form>
</div>
<script type="text/javascript">
$(document).ready(function() { $("#email").focus(); });
</script>
<?php
}
include ('./includes/footer.html');
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment