This script allows a user to login into the database described in mysql_connect.php
The page then creates a session for 3600 seconds after which time, without activity, the session is closed and the user will have to log in again.
<?php
ob_start();
if (isset($_POST['submit'])){require_once ('mysql_connect.php');function escape_data ($data){global $dbc;
if (ini_get('magic_quotes_gpc')){$data=stripslashes($data);}
return mysql_real_escape_string($data, $dbc);}
$message = null;
if (empty($_POST['user_name'])){$u = false;
$message .= '<p>You forgot to enter a username.</p>';}
else{$u = escape_data($_POST['user_name']);}
if (empty($_POST['password'])){$p = false;
$message .= '<p>You forgot to enter a password.</p>';}
else{$p = escape_data($_POST['password']);}
if ($u && $p){$query = "SELECT user_id, first_name FROM users WHERE user_name = '$u' AND password = '$p'";
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM);
if ($row){setcookie ('first_name', $row[1], time()+3600, '/', '', 0);setcookie ('user_id', $row[0], time()+3600, '/', '', 0);header ("location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/open.php");exit();}
else{$message = '<p>The username and password are not on file.</p>';}
mysql_close();}
else{$message .= '<p>Please try again.</p>';}
}
$page_title = 'Login';
include ('header.php');if (isset($message)){echo '<font color="#ff0000">', $message, '</font>';}
ob_flush();
?>
//Start PHP protocol
//Start buffer
//When submit is clicked
//Connect to the database
//Escape data
//Global connect
//Use magic quotes
//Use strip slashes
//Return new data
//Create an empty variable
//Check uesrname
//If variable is false
//Print message
//Otherwise
//Post
//Check password
//If variable is false
//Print message
//Otherwise
//Post
//If fields are correct
//Check the information
//Run query
//Return record
//If record match
//Set cookie for first name
//Set cookie for user id
//Go to open.php
//Exit
//If no record match
//Print message
//Close connection
//If error
//Print message
//End submit
//Set the page title
//Include header
//If message
//Print error message
//End buffer
//End PHP protocol