Hmm... butch of little codes.... hmm is that the code?
<?php
$dbhost = 'localhost'
// Database Data
$dbusername = 'user'
$dbpasswd = 'password'
$database_name = 'SQL'
// Script Start
$connection = mysql_connect(" $connection = mysql_connect("$dbhost","$dbusername","$dbpasswd")
or die ("Couldn't connect to server.");
$db = mysql_select_db("$database_name", $connection)
or die("Couldn't select database.");
include('check.php');
?>
Now SQL
CREATE TABLE ponits (
id int(10) NOT NULL auto_increment,
username varchar(40),
time_string varchar(80)
credit varchar(12)
last_login varchar(20),
PRIMARY KEY(id))
Now rest....
<?php
require('db_connect.php'); // database connect script.
?>
<html>
<head>
<title>Register an Account</title>
</head>
<body>
<?php
if (isset($_POST['submit'])) { // if form has been submitted
if (!$_POST['uname'] || !$_POST['passwd'] ||
!$_POST['passwd_again'] || !$_POST['email']) {
die('You did not fill in a required field.');
}
// check if username exists in database.
if (!get_magic_quotes_gpc()) {
$_POST['uname'] = addslashes($_POST['uname']);
}
$qry = "SELECT username FROM users WHERE username = '".$_POST['uname']."'";
$sqlmembers = mysql_query($qry);
$name_check = mysql_fetch_array ($sqlmembers);
$name_checkk = mysql_num_rows ($sqlmembers);
if ($name_checkk != 0) {
die('Sorry, the username: <strong>'.$_POST['uname'].'</strong>'
. ' is already taken, please pick another one.');
}
// check passwords match
if ($_POST['passwd'] != $_POST['passwd_again']) {
die('Passwords did not match.');
}
// check e-mail format
if (!preg_match("/.*@.*..*/", $_POST['email']) ||
preg_match("/(<|>)/", $_POST['email'])) {
die('Invalid e-mail address.');
}
// no HTML tags in username, website, location, password
$_POST['uname'] = strip_tags($_POST['uname']);
$_POST['passwd'] = strip_tags($_POST['passwd']);
$_POST['website'] = strip_tags($_POST['website']);
$_POST['location'] = strip_tags($_POST['location']);
// check show_email data
if ($_POST['show_email'] != 0 & $_POST['show_email'] != 1) {
die('Nope');
}
if ($_POST['website'] != '' & !preg_match("/^(http|ftp):///", $_POST['website'])) {
$_POST['website'] = 'http://'.$_POST['website'];
}
// now we can add them to the database.
// encrypt password
$_POST['passwd'] = md5($_POST['passwd']);
if (!get_magic_quotes_gpc()) {
$_POST['passwd'] = addslashes($_POST['passwd']);
$_POST['email'] = addslashes($_POST['email']);
$_POST['website'] = addslashes($_POST['website']);
$_POST['location'] = addslashes($_POST['location']);
}
$regdate = date('m d, Y');
$insert = "INSERT INTO users (
username,
time_string,
credits,
password,
regdate,
email,
website,
location,
show_email,
last_login)
VALUES (
'".$_POST['uname']."',
'".$_POST['passwd']."',
'$regdate',
'".$_POST['email']."',
'".$_POST['website']."',
'".$_POST['location']."',
'".$_POST['show_email']."',
'Never')";
$sqlmembers = mysql_query($insert);
?>
<h1>Registered</h1>
<p>Thank you, your information has been added to the database,
you may now <a href="login.php" title="Login">log in</a>.</p>
<?php
} else { // if form hasn't been submitted
?>
<h1>Register</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td>Username*:</td><td>
<input type="text" name="uname" maxlength="40">
</td></tr>
<tr><td>Password*:</td><td>
<input type="password" name="passwd" maxlength="50">
</td></tr>
<tr><td>Confirm Password*:</td><td>
<input type="password" name="passwd_again" maxlength="50">
</td></tr>
<tr><td>E-Mail*:</td><td>
<input type="text" name="email" maxlength="100">
</td></tr>
<tr><td>Website:</td><td>
<input type="text" name="website" maxlength="150">
</td></tr>
<tr><td>Location</td><td>
<input type="text" name="location" maxlength="150">
</td></tr>
<tr><td>Show E-Mail?</td><td>
<select name="show_email">
<option value="1" selected="selected">Yes</option>
<option value="0">No</option></select>
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Sign Up">
</td></tr>
</table>
</form>
<?php
}
?>
</body>
</html>
And this should be the last line of code i think....
<?php
session_start();
if (!isset($_SESSION['username']) || !isset($_SESSION['password'])) {
$logged_in = 0;
return;
} else {
if(!get_magic_quotes_gpc()) {
$_SESSION['username'] = addslashes($_SESSION['username']);
}
$qry = "SELECT password FROM users WHERE username = '".$_SESSION['username']."'";
$sqlmembers = mysql_query($qry);
$pass = mysql_num_rows($sqlmembers);
if($pass != 1) {
$logged_in = 0;
unset($_SESSION['username']);
unset($_SESSION['password']);
// kill incorrect session variables.
}
$db_pass = mysql_fetch_array ($sqlmembers);
//$db_pass['password'], stripslashes() just incase:
$db_pass['password'] = stripslashes($db_pass['password']);
$_SESSION['password'] = stripslashes($_SESSION['password']);
if($_SESSION['password'] == $db_pass['password']) {
// valid password for username
$logged_in = 1; // they have correct info
// in session variables.
} else {
$logged_in = 0;
unset($_SESSION['username']);
unset($_SESSION['password']);
// kill incorrect session variables.
}
}
if ($time ! = 24) {
echo "Credit Refreshed"
}
else ($time ! =<24) {
echo "We are sorry the system has not refreshed the credits yet!"
}
unset($db_pass['password']);
$_SESSION['username'] = stripslashes($_SESSION['username']);
?>