ranchodeluxemedia
1/25/2014 - 9:06 AM

Functions.php

Functions.php
content_copyfile_download
<?php
// set a session name
session_name('Website');
// start the session
session_start();
//define variables
$server = 'localhost' ; 
$username = 'user' ;
$password = 'password' ;
//make a function to connect database
function GetDatabaseConnection ( $useDb = null ) {
              global $server , $username , $password ;
              $dsn = sprintf ( 'mysql:host=%s' , $server ) ;
              if ( ! is_null ( $useDb ) ) :
                     $dsn .= sprintf ( ';dbname=%s' , $useDb ) ;
              endif ;
              $pdo = new PDO ( $dsn , $username , $password ) ;
              $pdo->setAttribute ( PDO::ATTR_TIMEOUT , 1 ) ;
              $pdo->setAttribute ( PDO::ATTR_PERSISTENT , false ) ;
              $pdo->setAttribute ( PDO::MYSQL_ATTR_INIT_COMMAND , 'SET NAMES utf8' ) ;
              return $pdo ;
       }
// make a short named function and use the above function in it. 
function Connection ( $useDb = null ) {
              return GetDatabaseConnection ( $useDb ) ;
       }
//function to check for any sql injections
function clean ( $dirty ) {
$clean = preg_replace("/[^A-Za-z0-9]/", "", $dirty);
return $clean;
}
//function to check if user is logged
function logged() {
return $_SESSION['logged'];
}
//function to get logged user's username
function user() {
if(logged()) {
return $_SESSION['username'];
}
}
//function to register
function register($user , $pass) {
$hpass = md5($pass); // hashing the password to prevent complications
$db = Connection ('blog');// name of the database
$query = $db->prepare( " insert into `users` (`username`,`password`) values ( :username , :password ) " ); // query
$query->bindParam(':username', $user ,PDO::PARAM_STR); // bind the value of $user to simple words :username
$query->bindParam(':password', $hpass ,PDO::PARAM_STR); // bind the value of $pass to simple words :password
$query->execute( ); // execute the query
if($query->rowCount( ) >= 1) { // check if the query was executed
return true; // if executed return true
} else return false; // if failed return false
}
//function to login
function login ($user , $pass) {
$db = Connection ('blog');// name of the database
$query = $db->prepare( " select * from `users` where username = :username "); // query to check
$query->bindParam( ':username' , $user , PDO::PARAM_STR );
$query->execute( );
if ( $query->rowCount ( ) >= 1 ) { // if account exists fetch password and compare database pass and user provided pass
$data = $query->fetch ( ) ;
if( md5($pass) != $data['password']) {
echo "Password error"; //  if pass doesnt match then error
} else { // if matches set session
$_SESSION [ 'username' ] = $login ;
$_SESSION [ 'logged' ] = true;
return true;
} 
} 
else echo 'Account does not exist!' ;
}
//function to logout
function logout(){
session_destroy();
}
Register.php
content_copyfile_download
<?php
include('Functions.php');
if(isset($_POST['submit'])) {
   
//This makes sure they did not leave any fields blank
 
 if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {
 
     die('You did not complete all of the required fields');
 
  }
  $user = $_POST['username'];
// checks if the username is in use
  $db = Connection ( 'blog' );
  $query = $db->prepare( 'select * from `users` where username = :username' );
  $query->bindParam(':username' , $user , PDO::PARAM_STR);
  $query->execute( );
  if($query->rowCount( ) >= 1) {
   die( 'Username is already used!' ); 
  }
// checks if passwords match
$pass1 = $_POST['pass'];
$pass2 = $_POST['pass2'];
if($pass1 != $pass2) {
  die ( 'Passwords dont match!!' );
  }
//if everything is ok we regiser the user
if(register($user , $pass2)) {
   print 'register success!';
} else print 'register failed!';
}else { ?>
  <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
 
 <table border="0">
 
 <tr><td>Username:</td><td>
 
 <input type="text" name="username" maxlength="60">
 
 </td></tr>
 
 <tr><td>Password:</td><td>
 
 <input type="password" name="pass" maxlength="10">
 
 </td></tr>
 
 <tr><td>Confirm Password:</td><td>
 
 <input type="password" name="pass2" maxlength="10">
 
 </td></tr>
 
 <tr><th colspan=2><input type="submit" name="submit" 
value="Register"></th></tr> </table>
 
 </form>
 
<? } ?>
login.php
content_copyfile_download
<?php
include('Functions.php');
if(isset($_POST['submit'])){
   // if form has been submitted
// makes sure they filled it in
   if(!$_POST['username'] | !$_POST['pass']) {
   	die('You did not fill in a required field.');
 	} else {
    if(login ( $_POST['username'] , $_POST['pass'] )) {
    header('Location: members.php');
    }
 	}
} else { ?>
  
  <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> 
 <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> 
 <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> 
 <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr> 
 <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> 
 </td></tr></table> </form>
 
<? } ?>
logout.php
content_copyfile_download
<?php
include('Functions.php');
session_unset();
session_destroy();
header('Location: login.php');
members.php
content_copyfile_download
<?php
include('Functions.php');
if(!logged()) {
 header('Location: login.php');
} else {?>
<p>your stuff here</p>
<a href=logout.php>Logout</a>
<?
}
?>
users.sql
content_copyfile_download
CREATE TABLE `users` (
  `id` bigint(21) NOT NULL AUTO_INCREMENT,
  `username` varchar(32) NOT NULL,
  `password` varchar(32) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1;