nikolaykrylov · February 27, 2017 12:44
diff --git a/newboston_connect.inc.php b/newboston_connect.inc.php
 <?php //connect.inc.php
 $conn_error = 'Could not connect.';
 $mysql_host = 'localhost';
 $mysql_user = 'root';
 $mysql_pass = '';
 $mysql_connect = @mysqli_connect($mysql_host, $mysql_user, $mysql_pass);
 $mysql_db = 'a_database';
 if(!@mysqli_connect($mysql_host, $mysql_user, $mysql_pass) || !@mysqli_select_db($mysql_connect, $mysql_db))
 {
    die($conn_error);
 }
 ?>
diff --git a/newboston_core.inc.php b/newboston_core.inc.php
 <?php //core.inc.php
 ob_start();
 session_start();
 $current_file = $_SERVER['SCRIPT_NAME'];
 $http_referer = $_SERVER['HTTP_REFERER'];

 function loggedin() {
    if (isset($_SESSION['user_id']) && !empty($_SESSION['user_id'])) {
        return true;
    } else {
        return false;
    }
 }

 function getuserfield($field) {
    global $mysql_connect;
    $query = "SELECT  $field FROM users  WHERE id = '".$_SESSION['user_id']."'";
    if ($query_run = mysqli_query ($mysql_connect, $query))
    {
        $query_run = mysqli_query($mysql_connect, $query);
        $query_row = mysqli_fetch_assoc($query_run);
        $return_field = $query_row[$field];
        return $return_field;
    }

 }
 ?>
diff --git a/newboston_index.php b/newboston_index.php
 <?php // index.php
 require 'connect.inc.php';
 require 'core.inc.php';

 if (loggedin()) {
    $firstname = getuserfield('firstname');
    $surname = getuserfield('surname');
    echo 'You\'re logged in, '.$firstname.' '.$surname.'. <a href = "logout.php">Log out</a><br>';
 }
 else {
    include 'loginform.inc.php';
 }
 ?>
diff --git a/newboston_loginform.inc.php b/newboston_loginform.inc.php
 <?php //loginform.inc.php



 if (isset ($_POST['username']) && isset ($_POST['password'])) {

    $username = $_POST['username'];
    $password = $_POST['password'];
    $password_hash = md5($password);


    if (!empty($username) && !empty($password)) {
        $query="SELECT id FROM users WHERE username= '$username' AND password='$password_hash'";
        if ($query_run = mysqli_query ($mysql_connect, $query)) {

            $query_num_rows = mysqli_num_rows($query_run);
            if ($query_num_rows == 0) {
                echo 'Invalid username/password combination.';
            } else if ($query_num_rows == 1) {
                $query_row = mysqli_fetch_assoc($query_run);
                $user_id = $query_row ['id'];
                $_SESSION['user_id'] = $user_id;
                header('Location: index.php');
            }
        }
    } else {
        echo 'You must supply username and password.';
    }
 }

 ?>

 <form action = "<?php echo $current_file; ?>" method = "post">
 Username: <input type = "text" name = "username"> Password: <input type = "password" name = "password">
    <input type = "submit" value = "Log in">
 </form>



diff --git a/newboston_logout.php b/newboston_logout.php
 <?php
 require 'core.inc.php';
 session_destroy();
 header('Location:' .$http_referer);

 ?>
	<?php //connect.inc.php
	$conn_error = 'Could not connect.';
	$mysql_host = 'localhost';
	$mysql_user = 'root';
	$mysql_pass = '';
	$mysql_connect = @mysqli_connect($mysql_host, $mysql_user, $mysql_pass);
	$mysql_db = 'a_database';
	if(!@mysqli_connect($mysql_host, $mysql_user, $mysql_pass) \|\| !@mysqli_select_db($mysql_connect, $mysql_db))
	{
	die($conn_error);
	}
	?>
	<?php //core.inc.php
	ob_start();
	session_start();
	$current_file = $_SERVER['SCRIPT_NAME'];
	$http_referer = $_SERVER['HTTP_REFERER'];

	function loggedin() {
	if (isset($_SESSION['user_id']) && !empty($_SESSION['user_id'])) {
	return true;
	} else {
	return false;
	}
	}

	function getuserfield($field) {
	global $mysql_connect;
	$query = "SELECT $field FROM users WHERE id = '".$_SESSION['user_id']."'";
	if ($query_run = mysqli_query ($mysql_connect, $query))
	{
	$query_run = mysqli_query($mysql_connect, $query);
	$query_row = mysqli_fetch_assoc($query_run);
	$return_field = $query_row[$field];
	return $return_field;
	}

	}
	?>
	<?php // index.php
	require 'connect.inc.php';
	require 'core.inc.php';

	if (loggedin()) {
	$firstname = getuserfield('firstname');
	$surname = getuserfield('surname');
	echo 'You\'re logged in, '.$firstname.' '.$surname.'. <a href = "logout.php">Log out</a><br>';
	}
	else {
	include 'loginform.inc.php';
	}
	?>
	<?php //loginform.inc.php



	if (isset ($_POST['username']) && isset ($_POST['password'])) {

	$username = $_POST['username'];
	$password = $_POST['password'];
	$password_hash = md5($password);


	if (!empty($username) && !empty($password)) {
	$query="SELECT id FROM users WHERE username= '$username' AND password='$password_hash'";
	if ($query_run = mysqli_query ($mysql_connect, $query)) {

	$query_num_rows = mysqli_num_rows($query_run);
	if ($query_num_rows == 0) {
	echo 'Invalid username/password combination.';
	} else if ($query_num_rows == 1) {
	$query_row = mysqli_fetch_assoc($query_run);
	$user_id = $query_row ['id'];
	$_SESSION['user_id'] = $user_id;
	header('Location: index.php');
	}
	}
	} else {
	echo 'You must supply username and password.';
	}
	}

	?>

	<form action = "<?php echo $current_file; ?>" method = "post">
	Username: <input type = "text" name = "username"> Password: <input type = "password" name = "password">
	<input type = "submit" value = "Log in">
	</form>
	<?php
	require 'core.inc.php';
	session_destroy();
	header('Location:' .$http_referer);

	?>