2009-03-23, 09:33 AM
Hi, I am learning the basics of PHP/MySQL, I have so far wrote my first script, can it be improved?
Many Thanks
include.php
login.php
user.php
Many Thanks
include.php
<?php
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("user") or die(mysql_error());
$salt = "RaNdOmSa1tStR1Ng";
?>
login.php
<?php
session_start(); // session start
require_once('include.php');
$form = $_POST['submit'];
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($salt.$_POST['password']));
if(isset($form)) {
if(!empty($username) && !empty($password)) {
$sql = mysql_query("SELECT * FROM `user` WHERE username='$username' and password='$password'");
if( mysql_num_rows($sql) != 0 ) { //success
$row=mysql_fetch_array($sql);
$_SESSION['logged-in'] = true;
$_SESSION['username'] = $row['username'];
header('Location: user.php');
exit;
} else { $error = "Incorrect login details"; }
} else { $error = "All information is not filled out correctly"; }
}
?>
Login
<?php
echo "$error";
?>
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<table cellspacing='1' cellpadding='5'>
<tr><td class='listtitle' colspan='2'>Enter Login Details</td></tr>
<tr><td class='list' align='right'>Username:</td><td class='list'><input name="username" type="text" /></td></tr>
<tr><td class='list' align='right'>Password:</td><td class='list'><input name="password" type="password" /></td></tr>
<tr><td class='listtitle' align='right' colspan='2'><input name="submit" type="submit" value="Log In" /></td></tr>
</table>
</form>
user.php
<?php
session_start(); // session start
require_once('include.php');
// is the one accessing this page logged in or not?
if (!isset($_SESSION['logged-in']) || $_SESSION['logged-in'] !== true) {
// not logged in, move to login page
header('Location: login.php');
exit;
}
?>
Welcome Page <br>
<a href="logout.php">logout</a>