Once the user has logged in, they can navigate through the website. Each page within the website starts with:
Code: Select all
<?php
require_once("logincheck.php");
session_start();
?>
Logincheck.php
Code: Select all
<?php
session_start();
require_once('config.php');
mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die("Can't connect to database");
mysql_select_db(DB_DATABASE) or die(mysql_error());
$myusername = $_SESSION['username'];
$mypassword = $_SESSION['password'];
$sql = "SELECT * FROM users WHERE username ='$myusername' AND password ='$mypassword'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count == 0) {header("location:index.php");}
else{$_SESSION["userrecord"] = mysql_fetch_assoc($result);}
?>
Code: Select all
<?php
session_start();
require_once('config.php');
$errmsg_arr = array(); //Array to store validation errors
$errflag = false; //Validation error flag
$myusername = $_SESSION['username'];
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {die('Failed to connect to server: ' . mysql_error());}
$db = mysql_select_db(DB_DATABASE); if(!$db) {die("Unable to select database");}
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str); }
return mysql_real_escape_string($str); }
//Sanitize the POST values
$password1 = clean($_POST['password1']);
$password2 = clean($_POST['password2']);
$secret_password = md5($password2);
//Create INSERT query
if($password1 == $password2){
$qry = "UPDATE users
SET password = '$secret_password'
WHERE username = '$myusername'";
$result = @mysql_query($qry);
}
//Check whether the query was successful or not
if($result)
{header("location: password_updated.php");
exit(); }
else {header("location: password_wrong.php");}
?>