zg · July 22, 2011 06:59 · ERRDERRYBIDI222 · Apr 29, 2021
diff --git a/database.php b/database.php
 <?php
 //require this to get a database connection
 $connect = mysql_connect('localhost','test','test');
 mysql_select_db('test');
 ?>
diff --git a/is_logged_in.php b/is_logged_in.php
 <?php
 //to check if someone is logged in, require this file and then after the require, globalize $is_logged_in, like so:
 /*
 require_once('is_logged_in.php');
 global $is_logged_in;

 if($is_logged_in)
 {
 ...
 }
 */
 require_once('database.php');
 global $connect;
 $is_logged_in = false;
 session_start();
 if(isset($_SESSION['login_data']))
 {
 	// typical login data consists of: base64_encode('username|5f4dcc3b5aa765d61d8327deb882cf99')
 	$login_data = base64_decode($_SESSION['login_data']);
 	if(strpos($login_data,'|') && substr_count($login_data,'|') == 1) // we want at least one | but just one
 	{
 		list($username,$password) = explode('|',$login_data);
 		if(strlen($password) == 32) // md5
 		{
 			$sql = 'SELECT username FROM accounts WHERE username = "'.htmlentities($username).'" AND password = "'.$password.'"';
 			$query = mysql_query($sql);
 			if(mysql_num_rows($query) > 0)
 			{
 				$is_logged_in = true; // success
 			}
 		}
 	}
 }
 if($is_logged_in === false)
 {
 	unset($_SESSION['login_data']);
 }
 ?>
diff --git a/loginregister.php b/loginregister.php
 <?php
 require_once('database.php');
 global $connect;
 $location = 'index.php'; // where to go after they have successfully logged in
 session_start();
 $message = '';
 if(isset($_POST) && count($_POST) > 0)
 {
 	foreach($_POST as $key => $value)
 		$_POST[$key] = htmlentities($value,ENT_QUOTES,"UTF-8");
 	switch($_POST['action'])
 	{
 		case 'register':
 			if(isset($_POST['username']) && isset($_POST['password']))
 			{
 				$sql = 'SELECT username FROM accounts WHERE username = "'.$_POST['username'].'"';
 				$query = mysql_query($sql);
 				if(mysql_num_rows($query) > 0)
 				{
 					$message = 'Username already taken.';
 				}
 				else
 				{
 					if($_POST['password'] == $_POST['confirm_password'])
 					{
 						$sql = 'INSERT INTO accounts VALUES ("'.$_POST['username'].'","'.md5($_POST['password']).'");';
 						$query = mysql_query($sql);
 						if($query)
 						{
 							$message = 'Successfully registered.';
 						}
 						else
 						{
 							$message = 'Error registering user.';
 						}
 					}
 					else
 					{
 						$message = 'Password doesn\'t match confirm password.';
 					}
 				}
 			}
 		break;
 		case 'login':
 			if(isset($_POST['username']) && isset($_POST['password']))
 			{
 				$sql = 'SELECT username FROM accounts WHERE username = "'.$_POST['username'].'" AND password = "'.md5($_POST['password']).'"';
 				$query = mysql_query($sql);
 				if(mysql_num_rows($query) > 0)
 				{
 					$_SESSION['login_data'] = base64_encode($_POST['username'].'|'.md5($_POST['password']));
 					echo '<meta http-equiv="refresh" content="0;'.$location.'" />';
 				}
 				else
 				{
 					$message = 'Username or password is invalid.';
 				}
 			}
 		break;
 	}
 }
 if(strlen($message) > 0)
 {
 	echo '<div class="error_message">'.$message.'</div>';
 }
 if(isset($_GET['register']))
 {
 ?>
 <form method="post">
 <table>
 <tr><td>Username</td><td><input type="text" name="username" /></td></tr>
 <tr><td>Password</td><td><input type="password" name="password" /></td></tr>
 <tr><td>Confirm Password</td><td><input type="password" name="confirm_password" /></td></tr>
 <tr><td colspan="2"><input type="hidden" name="action" value="register" /><input type="submit" value="Register" /></td></tr>
 </table>
 </form>
 <?php
 }
 else
 {
 ?>
 <form method="post">
 <table>
 <tr><td>Username</td><td><input type="text" name="username" /></td></tr>
 <tr><td>Password</td><td><input type="password" name="password" /></td></tr>
 <tr><td colspan="2"><input type="hidden" name="action" value="login" /><input type="submit" value="Login" /></td></tr>
 </table>
 </form>
 <?php
 }
 ?>
diff --git a/loginregister.sql b/loginregister.sql
 CREATE TABLE accounts (
  username VARCHAR(40) NOT NULL,
  password INT NOT NULL,
  UNIQUE ( `username` )
 );
	<?php
	//require this to get a database connection
	$connect = mysql_connect('localhost','test','test');
	mysql_select_db('test');
	?>
	<?php
	//to check if someone is logged in, require this file and then after the require, globalize $is_logged_in, like so:
	/*
	require_once('is_logged_in.php');
	global $is_logged_in;

	if($is_logged_in)
	{
	...
	}
	*/
	require_once('database.php');
	global $connect;
	$is_logged_in = false;
	session_start();
	if(isset($_SESSION['login_data']))
	{
	// typical login data consists of: base64_encode('username\|5f4dcc3b5aa765d61d8327deb882cf99')
	$login_data = base64_decode($_SESSION['login_data']);
	if(strpos($login_data,'\|') && substr_count($login_data,'\|') == 1) // we want at least one \| but just one
	{
	list($username,$password) = explode('\|',$login_data);
	if(strlen($password) == 32) // md5
	{
	$sql = 'SELECT username FROM accounts WHERE username = "'.htmlentities($username).'" AND password = "'.$password.'"';
	$query = mysql_query($sql);
	if(mysql_num_rows($query) > 0)
	{
	$is_logged_in = true; // success
	}
	}
	}
	}
	if($is_logged_in === false)
	{
	unset($_SESSION['login_data']);
	}
	?>
	CREATE TABLE accounts (
	username VARCHAR(40) NOT NULL,
	password INT NOT NULL,
	UNIQUE ( `username` )
	);