zg/database.php

## database.php
<?php
//require this to get a database connection
$connect = mysql_connect('localhost','test','test');
mysql_select_db('test');
?>

## is_logged_in.php
<?php
//to check if someone is logged in, require this file and then after the require, globalize $is_logged_in, like so:
/*
require_once('is_logged_in.php');
global $is_logged_in;

if($is_logged_in)
{
...
}
*/
require_once('database.php');
global $connect;
$is_logged_in = false;
session_start();
if(isset($_SESSION['login_data']))
{
	// typical login data consists of: base64_encode('username|5f4dcc3b5aa765d61d8327deb882cf99')
	$login_data = base64_decode($_SESSION['login_data']);
	if(strpos($login_data,'|') && substr_count($login_data,'|') == 1) // we want at least one | but just one
	{
		list($username,$password) = explode('|',$login_data);
		if(strlen($password) == 32) // md5
		{
			$sql = 'SELECT username FROM accounts WHERE username = "'.htmlentities($username).'" AND password = "'.$password.'"';
			$query = mysql_query($sql);
			if(mysql_num_rows($query) > 0)
			{
				$is_logged_in = true; // success
			}
		}
	}
}
if($is_logged_in === false)
{
	unset($_SESSION['login_data']);
}
?>

## loginregister.php
<?php
require_once('database.php');
global $connect;
$location = 'index.php'; // where to go after they have successfully logged in
session_start();
$message = '';
if(isset($_POST) && count($_POST) > 0)
{
	foreach($_POST as $key => $value)
		$_POST[$key] = htmlentities($value,ENT_QUOTES,"UTF-8");
	switch($_POST['action'])
	{
		case 'register':
			if(isset($_POST['username']) && isset($_POST['password']))
			{
				$sql = 'SELECT username FROM accounts WHERE username = "'.$_POST['username'].'"';
				$query = mysql_query($sql);
				if(mysql_num_rows($query) > 0)
				{
					$message = 'Username already taken.';
				}
				else
				{
					if($_POST['password'] == $_POST['confirm_password'])
					{
						$sql = 'INSERT INTO accounts VALUES ("'.$_POST['username'].'","'.md5($_POST['password']).'");';
						$query = mysql_query($sql);
						if($query)
						{
							$message = 'Successfully registered.';
						}
						else
						{
							$message = 'Error registering user.';
						}
					}
					else
					{
						$message = 'Password doesn\'t match confirm password.';
					}
				}
			}
		break;
		case 'login':
			if(isset($_POST['username']) && isset($_POST['password']))
			{
				$sql = 'SELECT username FROM accounts WHERE username = "'.$_POST['username'].'" AND password = "'.md5($_POST['password']).'"';
				$query = mysql_query($sql);
				if(mysql_num_rows($query) > 0)
				{
					$_SESSION['login_data'] = base64_encode($_POST['username'].'|'.md5($_POST['password']));
					echo '<meta http-equiv="refresh" content="0;'.$location.'" />';
				}
				else
				{
					$message = 'Username or password is invalid.';
				}
			}
		break;
	}
}
if(strlen($message) > 0)
{
	echo '<div class="error_message">'.$message.'</div>';
}
if(isset($_GET['register']))
{
?>
<form method="post">
<table>
<tr><td>Username</td><td><input type="text" name="username" /></td></tr>
<tr><td>Password</td><td><input type="password" name="password" /></td></tr>
<tr><td>Confirm Password</td><td><input type="password" name="confirm_password" /></td></tr>
<tr><td colspan="2"><input type="hidden" name="action" value="register" /><input type="submit" value="Register" /></td></tr>
</table>
</form>
<?php
}
else
{
?>
<form method="post">
<table>
<tr><td>Username</td><td><input type="text" name="username" /></td></tr>
<tr><td>Password</td><td><input type="password" name="password" /></td></tr>
<tr><td colspan="2"><input type="hidden" name="action" value="login" /><input type="submit" value="Login" /></td></tr>
</table>
</form>
<?php
}
?>

## loginregister.sql
CREATE TABLE accounts (
  username VARCHAR(40) NOT NULL,
  password INT NOT NULL,
  UNIQUE ( `username` )
);
	<?php
	//require this to get a database connection
	$connect = mysql_connect('localhost','test','test');
	mysql_select_db('test');
	?>
	<?php
	//to check if someone is logged in, require this file and then after the require, globalize $is_logged_in, like so:
	/*
	require_once('is_logged_in.php');
	global $is_logged_in;

	if($is_logged_in)
	{
	...
	}
	*/
	require_once('database.php');
	global $connect;
	$is_logged_in = false;
	session_start();
	if(isset($_SESSION['login_data']))
	{
	// typical login data consists of: base64_encode('username\|5f4dcc3b5aa765d61d8327deb882cf99')
	$login_data = base64_decode($_SESSION['login_data']);
	if(strpos($login_data,'\|') && substr_count($login_data,'\|') == 1) // we want at least one \| but just one
	{
	list($username,$password) = explode('\|',$login_data);
	if(strlen($password) == 32) // md5
	{
	$sql = 'SELECT username FROM accounts WHERE username = "'.htmlentities($username).'" AND password = "'.$password.'"';
	$query = mysql_query($sql);
	if(mysql_num_rows($query) > 0)
	{
	$is_logged_in = true; // success
	}
	}
	}
	}
	if($is_logged_in === false)
	{
	unset($_SESSION['login_data']);
	}
	?>
	CREATE TABLE accounts (
	username VARCHAR(40) NOT NULL,
	password INT NOT NULL,
	UNIQUE ( `username` )
	);