PHP Login Script

login.php

<?php
	session_start();
	/*see if we can echo stuff*/
	//if( (!isset( $_SESSION['logged_in'] )) || (!isset( $_SESSION['username' )) )
	$logged_in = $_SESSION['logged_in'];
	$username = $_SESSION['username'];
//	$timestamp = $_SESSION['timestamp'];
	$session_id = $_SESSION['session_id'];

	//-------------------------
	//PHP 5.0 -- RESET ME LATER
	//require_once("include/pf.class.php");
	//grab the timestamp from the database
	//$zulu = new PFmysql( MYSQL_HOST, MYSQL_USER, MYSQL_PASS, MYSQL_DB );
	//$zulu->pf_connect();
	//$zulu->pf_db_select();
	//$zulu->pf_query("SELECT timestamp FROM mdh_com WHERE user ='$username' LIMIT 1");
	require_once("db_con.php");
	connect_to_db();
	$q = mysql_query("SELECT timestamp FROM mdh_com WHERE user='$username' LIMIT 1");

	//while( $foo = $zulu->pf_fetchRow() )
	while( $foo = mysql_fetch_row($q) )
	{
		$timestamp = $foo[0];
	}

	if( !isset( $logged_in ) && !isset( $username ) && !isset( $session_id ) )
	{
		/*they are not logged in so show the log in boxes!*/
		//echo "BAD BAD WOLF! <br />";

		echo "
		<form method=\"post\" action=\"login_process.php\">
		<table class=\"login\">
			<tr>
				<td >user&nbsp;<input class=\"text\" type=\"text\" name=\"login\" size=\"12\" /></td>
				<td >pass&nbsp;<input class=\"text\" type=\"password\" name=\"pass\" size=\"12\" /></td>
				<td >&nbsp;<input class=\"button\" type=\"submit\" name=\"submit\" value=\"login\" />&nbsp;</td>
			</tr>
		</table>
		</form>";
	}else if( isset( $logged_in ) && isset( $username ) && isset( $session_id ) )
	{
		/*make sure they aren't blank*/
		if( ($logged_in != "" || $logged_in != NULL) && ($username !="" || $username != NULL) )
		{
			//echo "Your username is: " . $username . " and you are logged " . $logged_in . "<br />";
			//echo "<H1>Logout here!</H1>";
			//echo "session id says: " . $session_id;

			//GIVE THEM A LOGOUT BUTTON
			echo "<form method=\"post\" action=\"logout_process.php\">
				<table class=\"login\">
				    <tr>
				    <td >Last log in: <i>$timestamp</i>&nbsp;</td>
				        <td >
				        	<input type=\"submit\" class=\"button\" name=\"logout\" value=\"logout\" />&nbsp;
				        </td>
				    </tr>
				</table>
			</form>";
		}
	}
?>

login_process.php

<?php
	session_start();	//start the session

	/*login to our MySQL database and retrieve our User's login credentials*/
	//require_once("include/pf.class.php");

	//make sure they gave us something
	if( empty( $_POST ) )
	{
		echo "No data was sent!";
		exit;
	}


	//-------------------------
	//PHP 5.0 -- RESET ME LATER
	//new connection
	//$alpha = new PFmysql( MYSQL_HOST, MYSQL_USER, MYSQL_PASS, MYSQL_DB );
	//$alpha->pf_connect();
	//$alpha->pf_db_select();

	require_once("db_con.php");

	/*get the $_POST variables, and sanitize*/
	$username = strip_tags( $_POST['login'] );
	$password = strip_tags( $_POST['pass'] );
		//and hash
	$md5 = md5($password);

	//try a query
	$string = "SELECT * FROM mdh_com WHERE mdh_com.user='$username' AND mdh_com.pass=\"$md5\" LIMIT 1";
	//$alpha->pf_query( $string );

	connect_to_db();
	$q = mysql_query( $string );

//	if( $alpha->pf_numRows()  < 1 )
//	{
//		echo "User not found. Do you wish to <a href=\"register.php\">register</a>?";
//		exit;
//	}
	//spit out XHTML

//	while( $rows  = $alpha->pf_fetchRow() )
	//if( $alpha->pf_numRows() == 1 )
	if( ($rows = mysql_num_rows($q)) == 1 )
	{
		//setup session variables
		$_SESSION['logged_in'] = 1;
		$_SESSION['username'] = $rows[0];
	//	$_SESSION['timestamp'] = $rows[7];
		$_SESSION['session_id'] = md5( $_SERVER['REMOTE_ADDR'] + $rows[1]);
	}


	//update their time
	$time = date("l, d M. Y g:i:s A");
	//$alpha->pf_query( "UPDATE mdh_com SET timestamp='$time' WHERE user='$username' ");
	$update = mysql_query( "UPDATE mdh_com SET timestamp='$time' WHERE user='$username' ");

//	echo "Click <a href=\"index.php\">here</a> to continue.";
	header("Location: index.php");
?>