A Login Script
[--Login Script--]
------------------
[--Level = Medium--]
------------------
Welcome to another one of my tutorials on scripting. This session is continuing from the registration script and you will
not understand most of the coding + im using most of the same database rows. First make a script called login.php and add this to it. This will be the login box.
Code
<html>
<head><title>LOGIN</title></head>
<body bgcolor=#333333>
<form method="POST" action="logincheck.php">
<table width=50% bgcolor=#666666 border=1 bordercolor=black cellpadding=0 cellspacing=0 frame=box rules=all>
<tr><td>
<font color=red><div align=center>USERNAME: <input style="background-color:#222222; font: 10pt verdana; color:#ffffff; border: 1px solid #555555;" type=text id="username" name="username" size="24">
<br>
PASSWORD: <input type="password" style="background-color:#222222; font: 10pt verdana; color:#ffffff; border: 1px solid #555555;" id=password name="password" size="24">
<br>
<input style="background-color:#CD8500; color:#000000; border: 1px solid #555555;" type="submit" name="Submit" value="Login"></div>
<br>
<a href=register.php>Register</a>
</td></tr>
<td>
<div align="center">
NEW
<br>
Welcome To Your Site!
</div>
</td>
</table>
</form>
</body>
</html>
Now add this to the script, this is the php area of the code at the top.
Code
<?php
include_once"includes/db_connect.php";
$ud=mysql_num_rows(mysql_query("SELECT * FROM users"));
?>
Now what you must do is add a row to your table `users` in your database called `ban`, make sure
it is 'enum' with the values '0','1' . Also add another row called 'online' and just make it
varchar100, no default value.
Now make another script named logincheck.php and insert this inside it.
Code
<?
session_start();
header("Cache-control: private");
include 'includes/db_connect.php';
if ($_SESSION['username']){
echo "
<SCRIPT LANGUAGE='JavaScript'>
window.location='logged_in.php'; /// When they are logged in already redirect them here.
</script>
";
exit();
}
if (!$_SESSION['username'] || !$_SESSION['email']){
$username = $_POST['username']; /// What the user put in the username box.
$password = $_POST['password']; /// What the user put in the password box.
$username = strip_tags($username);
$password = strip_tags($password);
$ip = $REMOTE_ADDR; /// The users IP address
$domain = $_SERVER['REMOTE_ADDR'];
$username=strtolower($username); /// Put the username in lower case letters.
if((!$username) || (!$password)){
echo "Please Enter All Necessary Fields.<br />"; /// If the username or
password are empty then echo this.
}else{
///check INFO
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
/// This line above checks if there is anyone in the database with that username and password.
$login_check = mysql_num_rows($sql);
/// This checks how many people are on that database.
$ban = mysql_fetch_object($sql);
if ($ban->banned = "1"){
echo "This user has been banned, please contact admin via email to find out why.";
exit();
/// If the user is banned echo saying that he is banned and exit the session.
}else{
///other
if ($login_check > '0'){
ini_set(session.cookie_lifetime, "3600");
session_register('username');
$_SESSION['username'] = $username;
session_register('email_address');
$_SESSION['email_address'] = $email_address;
/// security measures
$timestamp = time();
$timeout = $timestamp-$timeoutseconds;
$cool = gmdate('Y-m-d h:i:s');
mysql_query("UPDATE users SET online='$timestamp' WHERE username='$username'");
mysql_query("UPDATE users SET ip='$domain' WHERE username='$username'");
?>
<meta http-equiv="Refresh" content=0;url="logged_in.php"> /// redirect them to the logged in page.
<?
} else {
echo "Please Make Sure You Have Entered To Right Password/Username Combination. If You Have, Your Account May Not Be Activated<br />
<br />";
include 'login.php'; /// If their details are wrong echo the above and below that show login.php
}}}
?>