Script 18.8 Log In Page

Output

Login

For testing purposes

Register to create your own account or login with one of the following predefined user accounts - play nice, don't delete them.

General User

(default) General Users can access member's area, edit personal profile and change password once logged in.

  • member@ashlietaylor.com
  • tester

Administrator

In addition to the above capabilities, the Administrator can edit user accounts, set permissions(except for own), and delete users. An administrator can only be assigned by another administrator.

  • administrator@ashlietaylor.com
  • tester

Source
<?php # Script 18.8 - login.php
// This is the login page for the site.
require (CHAPTER_PATH.'/'.$chapter.'/includes/18.3.php');
$page_title = 'Login';

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
	
	require (CONNECT_OOP);
	
	$errors= array();

	$e = $p = FALSE;

	// Trim all the incoming data:
	$trimmed = array_map('trim', $_POST);

	// Validate the email address:
	if (!empty($trimmed['email'])) {
		if(filter_var($trimmed['email'], FILTER_VALIDATE_EMAIL)) {
			$e = mysqli_real_escape_string ($link, $trimmed['email']);
		} else {
			$e = $trimmed['email'];
			$errors['e'] = 'Please enter a valid email address.';
		}
	} else {
		$errors['e'] = 'Please enter your email address.';
	}
	
	// Validate the password:
	if (!empty($trimmed['pass'])) {
		if(preg_match ('/^\w{4,20}$/', $trimmed['pass'])) {
			$p = mysqli_real_escape_string ($link, $trimmed['pass']);
		} else {
			$errors['p'] = 'Please enter a valid password.';
		}
	} else {
		$errors['p'] = 'Please enter your password.';
	}
	
	if (empty($errors)) { // If everything's OK.

		// Query the database:
		$q = "SELECT user_id, first_name, user_level, active FROM reg_users WHERE (email='$e' AND pass=SHA1('$p'))";		
		$r = mysqli_query ($link, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($link));
		$row = mysqli_fetch_array($r,MYSQLI_ASSOC);
		if (mysqli_num_rows($r) == 1 && $row['active']===NULL) { // A match was made.

			// Register the values:
			$_SESSION = $row; 
			if(isset($_SESSION['errors'])) {
				unset($_SESSION['errors']);
				unset($_SESSION['e']); 
			}
			mysqli_free_result($r);
			require(DISCONNECT_OOP);		
			ob_end_clean(); // Delete the buffer.	
			require (CHAPTER_PATH.'/12/includes/12.2.php');
			redirect_user('index.php?chapter=18&script=18.12');
			exit(); // Quit the script.
				
		} else { // No match was made.
			if($row['active']===NULL) {
				$errors['flag'] = '<h3>You could not be logged in.</h3><p>The email address and/or password entered do not match those on file.</p>';	
			} else {
				$errors['flag'] = '<h3>You could not be logged in.</h3><p>The account still needs to be activated. I\'d resend your activation key if i had the time.</p>';
			}
			$_SESSION['errors'] = $errors;
			$_SESSION['e'] = $e;
			require(DISCONNECT_OOP);		
			ob_end_clean(); // Delete the buffer.	
			require (CHAPTER_PATH.'/12/includes/12.2.php');
			redirect_user('index.php?chapter=18&script=18.8');
			exit(); // Quit the script.
		}
		
	} else { // data validation contained errors.
		$errors['flag'] = 'You could not be logged in with the credentials provided. Please try again.';
		$_SESSION['errors'] = $errors;
		$_SESSION['e'] = $e;
		require(DISCONNECT_OOP);		
		ob_end_clean(); // Delete the buffer.	
		require (CHAPTER_PATH.'/12/includes/12.2.php');
		redirect_user('index.php?chapter=18&script=18.8');
		exit(); // Quit the script.
	}
} elseif(isset($_SESSION['errors'])) {
	$errors = $_SESSION['errors'];
	$trimmed['email'] = $_SESSION['e'];
	unset($_SESSION['errors']);
	unset($_SESSION['e']);
}
include (CHAPTER_PATH.'/'.$chapter.'/includes/18.1.php');

if(isset($_SESSION['user_id'])) {
	echo "<div class='message'>You are currently logged in.</div>";
} else { ?>
	<h1>Login</h1>
	<script type="text/javascript">
			var cookies = are_cookies_enabled();
			if(cookies == false) {
				document.write("<div class='message'><span class='error'>You have cookies turned off. Cookies must be enabled for login functionality.</span></div>"); 
			}
	</script>
	<?php 
	echo (isset($errors['flag']))? '<div class="error-message">'. $errors['flag'] .'</div>' : '';
	?>
	<div class="message">
		<h2>For testing purposes</h2>
		<p>Register to create your own account or login with one of the following predefined user accounts - play nice, don't delete them.</p>
		<div id="test-users">
			<h3>General User</h3>
			<p>(default) General Users can access member's area, edit personal profile and change password once logged in.</p>
			<ul>
				<li><b>member@ashlietaylor.com</b></li>
				<li><b>tester</b></li>
			</ul>
			
			<h3>Administrator</h3>
			<p>In addition to the above capabilities, the Administrator can edit user accounts, set permissions(except for own), and delete users.
			An administrator can only be assigned by another administrator.</p> 
			<ul>
				<li><b>administrator@ashlietaylor.com</b></li>
				<li><b>tester</b></li>
			</ul>
		</div>
	</div>
	<form action="" method="post">
		<fieldset>
			<p>
				<label>Email Address:</label>
				<input type="text" name="email" size="20" maxlength="60" value="<?php if (isset($trimmed['email'])) echo $trimmed['email']; ?>"/>
				<?php echo (isset($errors['e']))?'<span class="error">'.$errors['e'].'</span>' : ''; ?>	
			</p>
			<p>
				<label>Password:</label>
				<input type="password" name="pass" size="20" maxlength="20" />
				<?php echo (isset($errors['p']))?'<span class="error">'.$errors['p'].'</span>' : ''; ?>
			</p>
		</fieldset>
		<p>
			<input type="submit" name="submit" value="Login" />
		</p>
	</form>
<?php  
}
include (CHAPTER_PATH.'/'.$chapter.'/includes/18.2.php');?>