This requires 2 php files to be created -
1) Login.php
2) MyAccount.php
How this work -
When the user registers' with suitable username and password and uses this user details for logging in, the user is redirected to their account. If the username and password entered in incorrect, it displays an error message.
Login.php
############### CODE STARTS BELOW ###############
<?php
include 'dbc.php';
$err = array();
foreach($_GET as $key => $value) {
$get[$key] = filter($value); //get variables are filtered.
}
//print_r($_POST);
if ($_POST['doLogin']=='Login')
{
foreach($_POST as $key => $value) {
$data[$key] = filter($value); // post variables are filtered
}
$user_email = $data['usr_email'];
$pass = $data['pwd'];
if (strpos($user_email,'@') === false) {
$user_cond = "user_name='$user_email'";
} else {
$user_cond = "user_email='$user_email'";
}
$result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users WHERE
$user_cond
AND `banned` = '0'
") or die (mysql_error());
$num = mysql_num_rows($result);
// Match row found with more than 1 results - the user is authenticated.
if ( $num > 0 ) {
list($id,$pwd,$full_name,$approved,$user_level) = mysql_fetch_row($result);
if(!$approved) {
//$msg = urlencode("Account not activated. Please check your email for activation code");
$err[] = "Account not activated. Please check your email for activation code";
//header("Location: login.php?msg=$msg");
//exit();
}
//check against salt
if ($pwd === PwdHash($pass,substr($pwd,0,9))) {
if(empty($err)){
// this sets session and logs user in
session_start();
session_regenerate_id (true); //prevent against session fixation attacks.
// this sets variables in the session
$_SESSION['user_id']= $id;
$_SESSION['user_name'] = $full_name;
$_SESSION['user_level'] = $user_level;
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
//update the timestamp and key for cookie
$stamp = time();
$ckey = GenKey();
mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error());
//set a cookie
if(isset($_POST['remember'])){
setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
//setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/");
}
header("Location: myaccount.php");
}
}
else
{
//$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
$err[] = "Invalid Login. Please try again with correct user email and password.";
//header("Location: login.php?msg=$msg");
}
} else {
$err[] = "Error - Invalid login. No such user exists";
}
}
?>
//PHP Script ends above
//Below is the HTML form
<table width="100%" border="0" cellspacing="0" cellpadding="5" class="main">
<tr>
<td width="160" valign="top"></td>
<td width="732" valign="top"><p> </p>
<div class="fleft paddr10" style="width:74%;text-align:justify;">
</div>
<p>
<?php
/******************** ERROR MESSAGES*************************************************
This code is to show error messages
**************************************************************************/
if(!empty($err)) {
echo "<div class=\"msg\">";
foreach ($err as $e) {
echo "$e <br>";
}
echo "</div>";
}
/******************************* END ********************************/
?></p>
<form action="login.php" method="post" name="logForm" id="logForm">
<table width="85%" border="0" cellpadding="4" cellspacing="4" class="loginform" style = "margin-left: -168px;">
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td width="28%">Username / Email:</td>
<td width="72%"><input name="usr_email" type="text" class="required" id="txtbox" size="25"></td>
</tr>
<tr>
<td><br/>Password:</td>
<td><br/><input name="pwd" type="password" class="required password" id="txtbox" size="25"><a href="forgot.php"><font color="#0c80af" size= "2"> Forgot Password?</font></a>
</td>
</tr>
<tr>
<td colspan="2"><div align="center" style="margin-left: 170px;">
<br/><input name="remember" type="checkbox" id="remember" value="1" style="font-size:15px;">
<font size="2" color="000000"> Remember me</font></div></td>
</tr>
<tr>
<td colspan="2"> <div align="center">
<p style="margin-left: 170px;">
<br/><input name="doLogin" type="image" id="doLogin3" value="Login" src="./images/login-now.gif">
<br/>
</p><br/>
<p style="margin-left: 170px;"><font size="2" color="000000">New User? </font><a href="register.php"><font size="2" color="0c80af">Register Now >></font></a>
</p><br/>
<p style="margin-left: 170px;"><span style="font: normal 9px verdana">Powered by Parag/Anuja/Sonali<br/></span></p><br/>
<p><span style="font-size: 12px; margin-left: 170px;"><a href=index3.php><h6 style="margin-left:170px"><font size="2" color="000000"><< Back</font></div></td></h6></a></span></p>
</div></td>
</tr>
</table>
<div align="center"></div>
<p align="center"> </p>
</form>
<p> </p>
</td>
<td width="196" valign="top"> </td>
</tr>
<tr>
<td colspan="3"> </td>
</tr>
</table>
################# CODE ENDS ABOVE #################
MyAccount.php
############### CODE STARTS BELOW ################
<?php
include 'dbc.php';
page_protect();
?>
<html>
<head>
<title>My Account</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<body>
<table width="100%" border="0" cellspacing="0" cellpadding="5" class="main">
<tr>
<td colspan="3"> </td>
</tr>
<tr>
<td width="160" valign="top">
<?php
/*********************** MYACCOUNT MENU ****************************
This code shows my account menu only to logged in users.
Copy this code till END and place it in a new html or php where
you want to show myaccount options. This is only visible to logged in users
*******************************************************************/
if (isset($_SESSION['user_id'])) {?>
<div class="myaccount">
<p><strong>My Account</strong></p>
<a href="myaccount.php">My Account</a><br>
<a href="mysettings.php">Settings</a><br>
<a href="logout.php">Logout </a>
<p>You can add more links here for users</p></div>
<?php }
if (checkAdmin()) {
/*******************************END**************************/
?>
<p> <a href="admin.php">Admin CP </a></p>
<?php } ?>
<p> </p>
<p> </p>
<p> </p></td>
<td width="732" valign="top"><p> </p>
<h3 class="titlehdr">Welcome <?php echo $_SESSION['user_name'];?></h3>
<?php
if (isset($_GET['msg'])) {
echo "<div class=\"error\">$_GET[msg]</div>";
}
?>
<p>This is the my account page</p>
</td>
<td width="196" valign="top"> </td>
</tr>
<tr>
<td colspan="3"> </td>
</tr>
</table>
</body>
</html>
################# CODE ENDS ABOVE #################
NOTE: The above scripts doesn't carry every scripts viz. admin.php, thankyou.php, etc. Also it does not include the designing scripts i.e the CSS script. Hence only using the above code won't help you in performing the login script page. Therefore, you can download the whole script package here!
