So i hoped you guys could help..
Thanks
Login.php
<?php include('core/init.inc.php'); $errors = array(); if (isset($_POST['username'], $_POST['password'])){ if (empty($_POST['username'])){ $errors[] = 'The username cannot be empty.'; } if (empty($_POST['password'])){ $errors[] = 'The pass word cannot be empty.'; } if (empty($errors) && valid_credentials($_POST['usename'], $_POST['password']) === false){ $errors[] = 'Username / Password was incorrect.'; } if (empty($errors)){ $_SESSION['username'] = htmlentities($_POST['username']); header('Location: protected.php'); die(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1. Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd!> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" contect="text/html; charset=utf-8" /> <link rel="stylesheet" type="text/css" href="ext/css/style.css" /> <title>Daily Music</title> </head> <body> <div> <?php echo 'Need an account ? <a href="register.php">Register here</a>'; if (empty($errors) === false){ ?> <ul> <?php foreach ($errors as $error){ echo "<li>{$error}</li>"; } ?> </ul> <?php } ?> </div> <form action="" method="post"> <p> <label for="username">Username:</label> <input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" /> </p> <p> <label for="password">Password:</label> <input type="password" name="password" id="password" /> </p> <p> <input type="submit" value="Login" /> </p> </form> </body> </html>Register.php
<?php include('core/init.inc.php'); $errors = array(); if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){ if (empty($_POST['username'])){ $errors[] = 'The username cannot be empty.'; } if (empty($_POST['password']) || empty($_POST['repeat_password'])){ $errors[] = 'The password cannot be empty.'; } if ($_POST['password'] !== $_POST['repeat_password']){ $errors[] = 'Password verification failed.'; } if (user_exists($_POST['username'])){ $errors[] = 'The username you entered is already taken.'; } if (empty($errors)){ add_user($_POST['username'], $_POST['password']); $_SESSION['username'] = htmlentities($_POST['username']); header('Location: protected.php'); die(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1. Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd!> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" contect="text/html; charset=utf-8" /> <title>Daily Music</title> </head> <body> <div> <?php if (empty($errors) === false){ ?> <ul> <?php foreach ($errors as $error){ echo "<li>{$error}</li>"; } ?> </ul> <?php } ?> </div> <form action="" method="post"> <p> <label for="username">Username:</label> <input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" /> </p> <p> <label for="password">Password:</label> <input type="password" name="password" id="password" /> </p> <p> <label for="repeat_password">Repeat Password:</label> <input type="password" name="repeat_password" id="repeat_password" /> </p> <p> <input type="submit" value="Register" /> </p> </form> </body> </html>Protected.php
<?php include('core/init.inc.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1. Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd!> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" contect="text/html; charset=utf-8" /> <title>Daily Music</title> </head> <body> <p> You are logged in as <?php echo $_SESSION['username']; ?> </p> <p> <a href="logout.php">Logout ?</a> </p> </body> </html> [/code] Logout.php [code] <?php session_start(); $_SESSION = array(); session_destroy(); header('Location: protected.php'); ?>init.inc.php
<?php session_start(); $exceptions = array('register', 'login'); $page = substr(end(explode('/',$_SERVER['SCRIPT_NAME'])), 0, -4); if (in_array($page, $exceptions) === false){ if (isset($_SESSION['username']) === false){ header('Location: login.php'); die(); } } mysql_connect('localhost', 'root', '123lol123'); mysql_select_db('login'); $path = dirname(__FILE__); include("{$path}/inc/user.inc.php"); ?>user.inc.php
<?php // Checks if the given user name exists in the database. function user_exists($user){ $user = mysql_real_escape_string($user); $total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'"); return (mysql_result($total, 0) == `1`) ? true : false; } // Checks if the given user name and password combination is valid. function valid_credentials($user, $pass){ $user = mysql_real_escape_string($user); $pass = sha1($pass); $total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'"); return (mysql_result($total, 0) == `1`) ? true : false; } // adds a user the the database. function add_user($user, $pass){ $user = mysql_real_escape_string(htmlentities($user)); $pass = sha1($pass); mysql_query("INSERT INTO `users` (`user_name`, `user_password`) VALUE ('{$user}', '{$pass}')"); } ?>That was all the code