Script 18.8
Test Application - User Registration
Login
<?php # Script 18.8 - login.php // This is the login page for the site. require (CHAPTER_PATH.'/'.$chapter.'/includes/18.3.php'); $page_title = 'Login'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { require (CONNECT_OOP); $errors= array(); $e = $p = FALSE; // Trim all the incoming data: $trimmed = array_map('trim', $_POST); // Validate the email address: if (!empty($trimmed['email'])) { if(filter_var($trimmed['email'], FILTER_VALIDATE_EMAIL)) { $e = mysqli_real_escape_string ($link, $trimmed['email']); } else { $e = $trimmed['email']; $errors['e'] = 'Please enter a valid email address.'; } } else { $errors['e'] = 'Please enter your email address.'; } // Validate the password: if (!empty($trimmed['pass'])) { if(preg_match ('/^\w{4,20}$/', $trimmed['pass'])) { $p = mysqli_real_escape_string ($link, $trimmed['pass']); } else { $errors['p'] = 'Please enter a valid password.'; } } else { $errors['p'] = 'Please enter your password.'; } if (empty($errors)) { // If everything's OK. // Query the database: $q = "SELECT user_id, first_name, user_level, active FROM reg_users WHERE (email='$e' AND pass=SHA1('$p'))"; $r = mysqli_query ($link, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($link)); $row = mysqli_fetch_array($r,MYSQLI_ASSOC); if (mysqli_num_rows($r) == 1 && $row['active']===NULL) { // A match was made. // Register the values: $_SESSION = $row; if(isset($_SESSION['errors'])) { unset($_SESSION['errors']); unset($_SESSION['e']); } mysqli_free_result($r); require(DISCONNECT_OOP); ob_end_clean(); // Delete the buffer. require (CHAPTER_PATH.'/12/includes/12.2.php'); redirect_user('index.php?chapter=18&script=18.12'); exit(); // Quit the script. } else { // No match was made. if($row['active']===NULL) { $errors['flag'] = '<h3>You could not be logged in.</h3><p>The email address and/or password entered do not match those on file.</p>'; } else { $errors['flag'] = '<h3>You could not be logged in.</h3><p>The account still needs to be activated. I\'d resend your activation key if i had the time.</p>'; } $_SESSION['errors'] = $errors; $_SESSION['e'] = $e; require(DISCONNECT_OOP); ob_end_clean(); // Delete the buffer. require (CHAPTER_PATH.'/12/includes/12.2.php'); redirect_user('index.php?chapter=18&script=18.8'); exit(); // Quit the script. } } else { // data validation contained errors. $errors['flag'] = 'You could not be logged in with the credentials provided. Please try again.'; $_SESSION['errors'] = $errors; $_SESSION['e'] = $e; require(DISCONNECT_OOP); ob_end_clean(); // Delete the buffer. require (CHAPTER_PATH.'/12/includes/12.2.php'); redirect_user('index.php?chapter=18&script=18.8'); exit(); // Quit the script. } } elseif(isset($_SESSION['errors'])) { $errors = $_SESSION['errors']; $trimmed['email'] = $_SESSION['e']; unset($_SESSION['errors']); unset($_SESSION['e']); } include (CHAPTER_PATH.'/'.$chapter.'/includes/18.1.php'); if(isset($_SESSION['user_id'])) { echo "<div class='message'>You are currently logged in.</div>"; } else { ?> <h1>Login</h1> <script type="text/javascript"> var cookies = are_cookies_enabled(); if(cookies == false) { document.write("<div class='message'><span class='error'>You have cookies turned off. Cookies must be enabled for login functionality.</span></div>"); } </script> <?php echo (isset($errors['flag']))? '<div class="error-message">'. $errors['flag'] .'</div>' : ''; ?> <div class="message"> <h2>For testing purposes</h2> <p>Register to create your own account or login with one of the following predefined user accounts - play nice, don't delete them.</p> <div id="test-users"> <h3>General User</h3> <p>(default) General Users can access member's area, edit personal profile and change password once logged in.</p> <ul> <li><b>member@ashlietaylor.com</b></li> <li><b>tester</b></li> </ul> <h3>Administrator</h3> <p>In addition to the above capabilities, the Administrator can edit user accounts, set permissions(except for own), and delete users. An administrator can only be assigned by another administrator.</p> <ul> <li><b>administrator@ashlietaylor.com</b></li> <li><b>tester</b></li> </ul> </div> </div> <form action="" method="post"> <fieldset> <p> <label>Email Address:</label> <input type="text" name="email" size="20" maxlength="60" value="<?php if (isset($trimmed['email'])) echo $trimmed['email']; ?>"/> <?php echo (isset($errors['e']))?'<span class="error">'.$errors['e'].'</span>' : ''; ?> </p> <p> <label>Password:</label> <input type="password" name="pass" size="20" maxlength="20" /> <?php echo (isset($errors['p']))?'<span class="error">'.$errors['p'].'</span>' : ''; ?> </p> </fieldset> <p> <input type="submit" name="submit" value="Login" /> </p> </form> <?php } include (CHAPTER_PATH.'/'.$chapter.'/includes/18.2.php');?>