SlanginBeef.com – login.php – John Smith : ePortfolio


<?php # login.php
// This is the login page for the site.
require ('includes/config.inc.php'); 
$passage_title = 'Login';
include ('includes/header.html');

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    require (MYSQL);
    
    // Validate the email address:
    if (!empty($_POST['email'])) {
        $email = mysqli_real_escape_string ($dbc, $_POST['email']);
    } else {
        $email = FALSE;
        echo '<p class="error">You forgot to enter your email address!</p>';
    }
    
    // Validate the password:
    if (!empty($_POST['password'])) {
        $pass = mysqli_real_escape_string ($dbc, $_POST['password']);
    } else {
        $pass = FALSE;
        echo '<p class="error">You forgot to enter your password!</p>';
    }
    
    if ($email && $pass) { // If everything's OK.

        // Query the database:
        $q = "
            SELECT r.user_level, r.user_id, r.person_id, r.screen_name, 
                p.person_id, p.first_name AS p_first_name, p.last_name AS p_last_name, 
                p.middle_name AS p_middle_name, p.email AS p_email
            FROM registered_user AS r, person AS p
            WHERE r.password=SHA1('$pass') 
            AND r.active IS NULL 
            AND p.email='$email' 
            AND p.person_id = r.person_id
            ";
        $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n
MySQL Error: " . mysqli_error($dbc));
        
        if (@mysqli_num_rows($r) == 1) { // A match was made.
            // Register the values:
            $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); 
            refresh_session();
            // free up resorces
            mysqli_free_result($r);
            mysqli_close($dbc);
            // Redirect the user:
            $url = BASE_URL . 'index.php'; // Define the URL.
            ob_end_clean(); // Delete the buffer.
            header("Location: $url");
            exit(); // Quit the script.
        
        } else { // No match was made.
            echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>';
        }
        
    } else { // If everything wasn't OK.
        echo '<p class="error">Please try again.</p>';
    }
    
    mysqli_close($dbc); //close the database connection
} // End of SUBMIT conditional.
?>

<h1>Login</h1>
<p>Your browser must allow cookies in order to log in.</p>
<form action="login.php" method="post">
    <fieldset>
    <p><b>Email Address:</b> <input type="text" name="email" size="20" maxlength="60" /></p>
    <p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /><br /></p>
    <p><a href="forgot_password.php" title="Password Retrieval">Retrieve lost password</a></p>
    <div align="center"><input type="submit" name="submit" value="Login" /></div>
    </fieldset>
</form>

<?php include ('includes/footer.html'); ?>