registrationform.php seems fine send data to registration.php
registration.php seems fine checks all data then send it to function.php
connection.php does its job and connects to database also calls function.php
function.php puts data into database and send confirmation email
link in email if pressed sends data to database
ok so far so good everything doing what i wanted it to do
loginform.php seems fine sends data to login.php
heres the code of login.php
Code: <?php
include 'Connect.php';
if(!isset($_POST[submit]))
{
include 'index.php';
exit;
}
else
{
if (empty($_POST['username']) || empty($_POST['password']))// Check if any of the fields are missing
{
$loginempty_error = 'One or more fields missing';
include 'index.php';
exit;
}
//CHECKS USERNAME
if(!preg_match("/^[a-zd]{5,12}$/i", $_POST[username]))
{
$userlogin_error = "Invalid username please check and type carefully!<br />";
include 'index.php';
exit;
}
//CHECKS PASSWORD
if(!preg_match("/^[a-zd]{5,12}$/i", $_POST[password]))
{
$passlogin_error = "Invalid password please check and type carefully!<br />";
include 'index.php';
exit;
}
// Try and login with the given username & pass
$result = user_login($_POST['username'], $_POST['password']);
if ($result != 'Correct')
{
// Reshow the form with the error
$login_error = $result;
include 'index.php';
}
else
{
// direct to homepage
include 'index.php';
exit;
}
}
?>
heres my function.php
Code: <?php
// Salt Generator
function user_login($username, $password)
{
// Try and get the salt from the database using the username
$query = "select salt from members where username='$username' limit 1";
$result = mysql_query($query);
$user = mysql_fetch_array($result);
// Using the salt, encrypt the given password to see if it
// matches the one in the database
$encrypted_pass = md5(md5($password).$user['salt']);
// Try and get the user using the username & encrypted pass
$query = "select id, username from members where username='$username' and password='$encrypted_pass'";
$result = mysql_query($query);
$user = mysql_fetch_array($result);
$numrows = mysql_num_rows($result);
// Now encrypt the data to be stored in the session
$encrypted_id = md5($user['id']);
$encrypted_name = md5($user['username']);
// Store the data in the session
$_SESSION['id'] = $id;
$_SESSION['username'] = $username;
$_SESSION['encrypted_id'] = $encrypted_id;
$_SESSION['encrypted_name'] = $encrypted_name;
if ($numrows == 1)
{
return 'Correct';
}
else
{
return false;
}
}
function user_logout()
{
// End the session and unset all vars
session_unset ();
session_destroy ();
}
function is_authed()
{
// Check if the encrypted username is the same
// as the unencrypted one, if it is, it hasn't been changed
if (isset($_SESSION['username']) && (md5($_SESSION['username']) == $_SESSION['encrypted_name']))
{
return true;
}
else
{
return false;
}
}
?>
when i type a username and password that i know is in database and is correct
it shows index.php with $login_error
why is this?
Variable passed to each() is not an array or object
Hi,This is a email a friend type of form, and it isn't working anymore.<? function validate_email($email, $location) { $valid_address = true; $mail_pat = '^(.+)@(.+)$'; $valid_chars =
Casting Decimals in Oracle
This code worked as a query in DB2, but I am not sure what the syntax is for casting decimals in Oracle:
Why does this file not return file names that start with numbers?
This file returns a list of filenames to help populate a drop down in my form. For some reason it ignores any file names that begin with numbers, could anyone please tell my why and show me how to
Images outside webroot
Im hopeing someone can help me with this because i cant figure it out.I have setup an ASP.NET website in C# that allows end users to upload files to the server. I am able to save these files outside
Oracle11g Patch issue
Hi all,I'm getting the following error while installing Oracle11g Patch 11.1.0.7.0 on IBM-AIX/oracle/Disk1/stage/Components/oracle.owb.rsf/11.1.0.7.0/1/Datafiles/filegroup16.jar.when I look into the
Custom list order
Hi there,I have checked this tutorial and it's great till the point where I want to display my data by a variable. Let's say that I have in my table these fields:- id- name- usort- categoryI want to
is this the proper use of mysql_real_escape_string() to prevent sql injections?
i was wondering is this the proper use of mysql_real_escape_string() to prevent sql injections? any help greatly appreciated. thanks. derekCode:
Data type mismatch
Hi, I am migrating data from algol to c.I mapped real datatype in algol to double datatype in c.real has 6 bytes storage.i got one formula in unisys manual which is about the internal representation
Help building / using array
First - this is a cross-posting, if this is wrong I apologise! What started out as a MySQL query question (original post http://www.phpfreaks.com/forums/index.php/topic,273323.0.html) has become a PHP
PHP & Java
Hello,can PHP code be used inside java code?Code: <SCRIPT LANGUAGE="JavaScript">OpenWindow.document.write("<?php echo NotWorking;
