<?php
// set a session name
session_name('Website');
// start the session
session_start();
//define variables
$server = 'localhost' ;
$username = 'user' ;
$password = 'password' ;
//make a function to connect database
function GetDatabaseConnection ( $useDb = null ) {
global $server , $username , $password ;
$dsn = sprintf ( 'mysql:host=%s' , $server ) ;
if ( ! is_null ( $useDb ) ) :
$dsn .= sprintf ( ';dbname=%s' , $useDb ) ;
endif ;
$pdo = new PDO ( $dsn , $username , $password ) ;
$pdo->setAttribute ( PDO::ATTR_TIMEOUT , 1 ) ;
$pdo->setAttribute ( PDO::ATTR_PERSISTENT , false ) ;
$pdo->setAttribute ( PDO::MYSQL_ATTR_INIT_COMMAND , 'SET NAMES utf8' ) ;
return $pdo ;
}
// make a short named function and use the above function in it.
function Connection ( $useDb = null ) {
return GetDatabaseConnection ( $useDb ) ;
}
//function to check for any sql injections
function clean ( $dirty ) {
$clean = preg_replace("/[^A-Za-z0-9]/", "", $dirty);
return $clean;
}
//function to check if user is logged
function logged() {
return $_SESSION['logged'];
}
//function to get logged user's username
function user() {
if(logged()) {
return $_SESSION['username'];
}
}
//function to register
function register($user , $pass) {
$hpass = md5($pass); // hashing the password to prevent complications
$db = Connection ('blog');// name of the database
$query = $db->prepare( " insert into `users` (`username`,`password`) values ( :username , :password ) " ); // query
$query->bindParam(':username', $user ,PDO::PARAM_STR); // bind the value of $user to simple words :username
$query->bindParam(':password', $hpass ,PDO::PARAM_STR); // bind the value of $pass to simple words :password
$query->execute( ); // execute the query
if($query->rowCount( ) >= 1) { // check if the query was executed
return true; // if executed return true
} else return false; // if failed return false
}
//function to login
function login ($user , $pass) {
$db = Connection ('blog');// name of the database
$query = $db->prepare( " select * from `users` where username = :username "); // query to check
$query->bindParam( ':username' , $user , PDO::PARAM_STR );
$query->execute( );
if ( $query->rowCount ( ) >= 1 ) { // if account exists fetch password and compare database pass and user provided pass
$data = $query->fetch ( ) ;
if( md5($pass) != $data['password']) {
echo "Password error"; // if pass doesnt match then error
} else { // if matches set session
$_SESSION [ 'username' ] = $login ;
$_SESSION [ 'logged' ] = true;
return true;
}
}
else echo 'Account does not exist!' ;
}
//function to logout
function logout(){
session_destroy();
}
<?php
include('Functions.php');
if(isset($_POST['submit'])) {
//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {
die('You did not complete all of the required fields');
}
$user = $_POST['username'];
// checks if the username is in use
$db = Connection ( 'blog' );
$query = $db->prepare( 'select * from `users` where username = :username' );
$query->bindParam(':username' , $user , PDO::PARAM_STR);
$query->execute( );
if($query->rowCount( ) >= 1) {
die( 'Username is already used!' );
}
// checks if passwords match
$pass1 = $_POST['pass'];
$pass2 = $_POST['pass2'];
if($pass1 != $pass2) {
die ( 'Passwords dont match!!' );
}
//if everything is ok we regiser the user
if(register($user , $pass2)) {
print 'register success!';
} else print 'register failed!';
}else { ?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0">
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="10">
</td></tr>
<tr><td>Confirm Password:</td><td>
<input type="password" name="pass2" maxlength="10">
</td></tr>
<tr><th colspan=2><input type="submit" name="submit"
value="Register"></th></tr> </table>
</form>
<? } ?>
<?php
include('Functions.php');
if(isset($_POST['submit'])){
// if form has been submitted
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
} else {
if(login ( $_POST['username'] , $_POST['pass'] )) {
header('Location: members.php');
}
}
} else { ?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr>
<tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr>
<tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login">
</td></tr></table> </form>
<? } ?>
<?php
include('Functions.php');
session_unset();
session_destroy();
header('Location: login.php');
<?php
include('Functions.php');
if(!logged()) {
header('Location: login.php');
} else {?>
<p>your stuff here</p>
<a href=logout.php>Logout</a>
<?
}
?>
CREATE TABLE `users` (
`id` bigint(21) NOT NULL AUTO_INCREMENT,
`username` varchar(32) NOT NULL,
`password` varchar(32) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1;