Thread: user login page
View Single Post
Old 01-22-2008, 02:24 AM   #1 (permalink)
sarmenhb
The Addict
 
sarmenhb's Avatar
 
Join Date: Jan 2008
Location: los angeles
Posts: 309
Thanks: 44
sarmenhb is on a distinguished road
Default user login page
anyone see anything wrong in this script? for some reason the login wont work.

i decided to use sessions instead of cookies for authentication.

Code:
<?php

#---------------------------------------
include("include/conn.php");
mysql_select_db("auth_users");
#---------------------------------------





#-------------------------------------------------------------------------------------------
#		if this page is visited while the user is logged in , log em in if data is correct
#-------------------------------------------------------------------------------------------

if($_SESSION['$username'] && $_SESSION['$password'])
{

	
//check if its the correct ip that is stored in the session

$checkip = getenv('REMOTE_ADDR');
if(($_SESSION['$userip'] == $checkip) && ($_SESSION['password'] == $data['password'])) {
	
	//log the user in
	header("Location: members.php");
}
}
else {   }


#-------------------------------------------------------------------------------------------

 


#----------------------------------------------------------
if(isset($_POST['submit'])) {

#---- check if anything was entered
if(!$_POST['txt_username'] || !$_POST['txt_pass']) {
die('Username or password was not entered');
}

#------> check if username exists
$username = addslashes($_POST['txt_username']);
$checkuser = mysql_query("SELECT * FROM userlogin WHERE username = '$username'");
$checkrow = mysql_num_rows($checkuser);

if($checkrow == 0) { die('the username you entered does not exist in the database'); }


#--------->check if the username and password is correct

while ($data = mysql_fetch_array($checkuser)) { 

$_POST['txt_pass'] = stripslashes($_POST['txt_pass']);
$data['password'] = stripslashes($data['password']);
$_POST['txt_pass'] = md5($_POST['txt_pass']);




#----> check if the password entered was incorrect
if($_POST['txt_pass'] != $data['password']) { die('password entered was incorrect, please try again'); }




else { 

#---- [ LOG THE USER IN ]



//create a session and give it to the user

session_start();
session_register('login') ;
session_register('password');
session_register('userip');

$_SESSION['login'] = $_POST['username'];
$_SESSION['password'] =$_POST['password'];
$_SESSION['userip'] = getenv('REMOTE_ADDR');

header("Location: members.php");


}
}
}







else { 

?> 


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>sharedemon login page</title>
<link href="style/style.css" rel="stylesheet" type="text/css" />
</head>

<body>

<div class="title">Share Demon Login Page</div>
<form method="post" action="login.php">
<table>
<tbody>
<tr>
<td>Username: </td>
<td><input type="text" name="txt_username" /></td>
</tr>

<tr>
<td>Password: </td>
<td><input type="password" name="txt_pass" /></td>
</tr>
</tbody>
<tfoot>
<tr>
<td rowspan="2" colspan="2"> <center><input type="submit" name="submit" value="submit" /> | <input type="reset" name="reset" value="reset" /></center></td><br />
</tr></tfoot></table><br />
</form>
<center>dont have a login? <a href="register.php">click here</a> to register</center><br />

<a href="index.php">home</a>
</body>
</html>

<?php
}
?>
__________________
no signature set
sarmenhb is offline   		Reply With Quote