Skip to content

Instantly share code, notes, and snippets.

@zg

zg/database.php

Created Jul 22, 2011
Embed
What would you like to do?
Login/Register
<?php
//require this to get a database connection
$connect = mysql_connect('localhost','test','test');
mysql_select_db('test');
?>
<?php
//to check if someone is logged in, require this file and then after the require, globalize $is_logged_in, like so:
/*
require_once('is_logged_in.php');
global $is_logged_in;
if($is_logged_in)
{
...
}
*/
require_once('database.php');
global $connect;
$is_logged_in = false;
session_start();
if(isset($_SESSION['login_data']))
{
// typical login data consists of: base64_encode('username|5f4dcc3b5aa765d61d8327deb882cf99')
$login_data = base64_decode($_SESSION['login_data']);
if(strpos($login_data,'|') && substr_count($login_data,'|') == 1) // we want at least one | but just one
{
list($username,$password) = explode('|',$login_data);
if(strlen($password) == 32) // md5
{
$sql = 'SELECT username FROM accounts WHERE username = "'.htmlentities($username).'" AND password = "'.$password.'"';
$query = mysql_query($sql);
if(mysql_num_rows($query) > 0)
{
$is_logged_in = true; // success
}
}
}
}
if($is_logged_in === false)
{
unset($_SESSION['login_data']);
}
?>
<?php
require_once('database.php');
global $connect;
$location = 'index.php'; // where to go after they have successfully logged in
session_start();
$message = '';
if(isset($_POST) && count($_POST) > 0)
{
foreach($_POST as $key => $value)
$_POST[$key] = htmlentities($value,ENT_QUOTES,"UTF-8");
switch($_POST['action'])
{
case 'register':
if(isset($_POST['username']) && isset($_POST['password']))
{
$sql = 'SELECT username FROM accounts WHERE username = "'.$_POST['username'].'"';
$query = mysql_query($sql);
if(mysql_num_rows($query) > 0)
{
$message = 'Username already taken.';
}
else
{
if($_POST['password'] == $_POST['confirm_password'])
{
$sql = 'INSERT INTO accounts VALUES ("'.$_POST['username'].'","'.md5($_POST['password']).'");';
$query = mysql_query($sql);
if($query)
{
$message = 'Successfully registered.';
}
else
{
$message = 'Error registering user.';
}
}
else
{
$message = 'Password doesn\'t match confirm password.';
}
}
}
break;
case 'login':
if(isset($_POST['username']) && isset($_POST['password']))
{
$sql = 'SELECT username FROM accounts WHERE username = "'.$_POST['username'].'" AND password = "'.md5($_POST['password']).'"';
$query = mysql_query($sql);
if(mysql_num_rows($query) > 0)
{
$_SESSION['login_data'] = base64_encode($_POST['username'].'|'.md5($_POST['password']));
echo '<meta http-equiv="refresh" content="0;'.$location.'" />';
}
else
{
$message = 'Username or password is invalid.';
}
}
break;
}
}
if(strlen($message) > 0)
{
echo '<div class="error_message">'.$message.'</div>';
}
if(isset($_GET['register']))
{
?>
<form method="post">
<table>
<tr><td>Username</td><td><input type="text" name="username" /></td></tr>
<tr><td>Password</td><td><input type="password" name="password" /></td></tr>
<tr><td>Confirm Password</td><td><input type="password" name="confirm_password" /></td></tr>
<tr><td colspan="2"><input type="hidden" name="action" value="register" /><input type="submit" value="Register" /></td></tr>
</table>
</form>
<?php
}
else
{
?>
<form method="post">
<table>
<tr><td>Username</td><td><input type="text" name="username" /></td></tr>
<tr><td>Password</td><td><input type="password" name="password" /></td></tr>
<tr><td colspan="2"><input type="hidden" name="action" value="login" /><input type="submit" value="Login" /></td></tr>
</table>
</form>
<?php
}
?>
CREATE TABLE accounts (
username VARCHAR(40) NOT NULL,
password INT NOT NULL,
UNIQUE ( `username` )
);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.