In its very simplest form, the session code would look something like this:
Code:
if ($submit_x === '0' || $submit_x > 0) {
// form submitted
if (!$user || !$pass ) {
header("Location: $PHP_SELF?err=1");
exit;
}
$user = trim(stripslashes($user));
$pass = trim(stripslashes($pass));
$query = "SELECT `password` FROM `tUsers` WHERE userid = '$user' AND `isActive`=1";
$result = mysql_query($query);
if ($result) {
if (mysql_num_rows($result) > 0) {
$myrow = mysql_fetch_array($result);
if ($myrow["password"]) {
$dbpass = $myrow["password"];
} else {
header("Location: $PHP_SELF?err=2");
exit;
}
} else {
header("Location: $PHP_SELF?err=2");
exit;
}
} else {
header("Location: $PHP_SELF?err=3");
exit;
}
// compare given pass with real pass
if ($pass == $dbpass) {
// store the details in session variables
session_start();
session_register("SESSION");
session_register("SESSION_USERID");
// assign values to the session variables
$SESSION_USERID = $user;
// redirect user to the list page
header("Location: index.php");
} else {
header("Location: $PHP_SELF?err=2");
}
}
?>
<html>
<head>
</head>
<body>
<?php
if ($err) {
if ($err == 1) {
print "<div id="errMsg">You did not enter a username or password. Please try again.</div>";
}
if ($err == 2) {
print "<div id="errMsg">Username or password incorrect. Please try again.</div>";
}
if ($err == 3) {
print "<div id="errMsg">Database error. Please try again later.</div>";
}
}
?>
<div id="loginForm>
<form name="login" method="POST" action="<?php echo $PHP_SELF ?>">
<label for="user">Username</label><input type="text" name="user" tabindex="1" />
<label for="pass">Password</label><input type="password" name="pass" tabindex="2" />
<input type="image" src="submitbutton.gif" value="Submit" tabindex="3" name="submit" />
<input type="image" src="clearbutton.gif" value="Clear" tabindex="4" name="clear" />
</form>
</div>
</body>
</html>
Previous Topic
Index
