login page:
<?php
include('init.inc.php');
$errors = array();
if (isset($_POST['email'], $_POST['password'])){
if (empty($_POST['email'])){
$errors[] = 'You must have an email.';
}
if (empty($_POST['password'])){
$errors[] = 'the password cannot be empty.';
}
if (valid_credentials($_POST['email'], $_POST['password']) === false){
$errors[] = 'Email or password is incorect.';
}
if (empty($errors)){
$_SESSION['user'] = htmlentities($_POST['user']);
header('location: user/');
die();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login </title>
<link href="../style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="container">
<div id="headcontainer">
<div id="navbar">
<a id="navhome" href="/">Home</a>
<a id="navabout" href="/">About</a>
<a id="navevents" href="/">Events</a>
<a id="navcontact" href="/">Contact</a>
<a id="navaccount" href="/">Account</a>
</div>
</div>
<div id="bodycontainer">
<div id="categories">
</div>
<div id="rightnav">
<div id="fb">
</div>
<div id="twitter">
Follow me on twitter to recieve huge saving coupon codes
</div>
<div id="shipping">
</div>
<div id="cfdylf">
<h4>Cant find a design you were looking for?<br />Find one here!
Then fill out the form below and I will purchase it, to make it for you.<form method="post" action="">
<input type="submit" value="request form"/>
</form></h4>
</div>
</div>
<div id="body">
<div id="logintext">
<?php
if (empty($errors) === false){
?>
<ul>
<?php
foreach ($errors as $error){
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}else{
echo 'To have an account you must make a purchase';
}
?>
<h4> Enter Account Infomation </h4>
<form method="POST" action="">
Email: <input type="text" name="email" value="<?php if (isset($_POST['email'])) echo htmlentities($_POST['email']); ?>"/><br>
Password: <input type="text" name="password"/><br>
<input type="submit" value="Log In" name="login">
</form><br />
</div>
</div>
</div>
</div>
</body>
</html>
init.inc page:
<?php
ob_start();
session_start();
mysql_connect('localhost','','');
mysql_select_db('');
echo mysql_error();
include('core/user.inc.php');
$exception = array('register', 'login');
$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);
if (in_array($page, $exception) === false){
if (isset($_SESSION['user']) == false){
header('location: login.php');
die();
}
}
user.inc.php page:
<?php
//checks if the given username is in the table
function user_exists($user){
$user = mysql_real_escape_string($user);
$total = mysql_query("SELECT COUNT(`acc_id`) FROM `accounts` WHERE `acc_email` = '{$user}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
// checks if the given username and passwword is valid
function valid_credentials($user, $pass){
$user = mysql_real_escape_string($user);
$pass = sha1($pass);
$total = mysql_query("SELECT COUNT(`acc_id`) FROM `accounts` WHERE `acc_email` = '{$user}' AND `acc_password` = '{$pass}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
// adds user to the database
function add_user($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);
mysql_query("INSERT INTO `accounts` (`acc_email`, `acc_password`) VALUES ('{$user}', '{$pass}')");
}
?>
