We used this code in one of my classes but i haven't been able to get it to work. I'm using the default apache and php on os x leopard.
<?php $page = isset($_GET['page']) ? $_GET['page'] : 'login'; ?>
<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<body>
<?php
switch ($page) {
case 'login';
// provide login table [html code and form]
echo "
<table width='300' border='0' align='center' cellpadding='0' cellspacing='1' bgcolor='#ccc'>
<tr>
<form name='form1' method='post' action='?page=process'>
<td>
<table width='100%' border='0' cellpadding='3' cellspacing='1' bgcolor='#fff'>
<tr>
<td colspan='3'><strong>Member Login</strong></td></tr>
<tr>
<td width='78'>Username</td>
<td width='6'>:</td>
<td width='294'><input name='username' type='text' id='username'></td></tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name='password' type='password' id='password'></td></tr>
<tr>
<td> </td>
<td> </td>
<td><input name='submit' type='submit' value='Login'></td></tr></table>
</td></form>
</tr>
</table>";
break;
case 'process';
// verify existence of form variables
if (!$_POST['username'] || !$_POST['password']) {
header('Location: ?page=login');
}
// set database connection variables
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$dbname = 'users';
// connect to database
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die('Database connection failure');
mysql_select_db($dbname) or die('Database name invalid');
// set username and password from form
$username = $_POST['username'];
$password = $_POST['password'];
// protect SQL injection
$username = stripslashes($username);
$username = mysql_real_escape_string($username);
$password = stripslashes($password);
$password = mysql_real_escape_string($password);
$dbsql = "SELECT * FROM logins WHERE username = '$username' AND password = '$password'";
$result = mysql_query($dbsql);
// check for successful result
$count = mysql_num_rows($result);
if ($count == 1) {
header('Location: main.php');
session_register("username");
session_register("password");
} else {
echo 'Invalid Username or Password...';
}
mysql_close($conn);
break;
default:
header('Location: ?page=login');
}
?>
</body>
</html>
| 