Posted by Hyshiro Fri 2nd Mar 2007 17:17 - Syntax is PHP - 96 viewsRun this post in the PHP shell
Download | New Post | Modify | Hide line numbers
PHP parser reported no syntax errors in this post!
  2.   /* Program: login.php
  3.    * Desc:    Login program for the Members Only section of the pet store.
  4.    *          It provides two options: (1) login using an existing login name and
  5.    *          (2) enter a new login name. Login names and passwords are stored in mysql
  6.    */
  7.      session_start ();
  8.      include("conf.inc");
  9.      switch (@$_GET['do'])
  10.      {
  11.     case "login";
  12.       $connection = mysql_connect($host,$user,$password)
  13.         or die ("Couldn't connect to server.");
  14.       $db = mysql_select_db($database,$connection)
  15.         or die ("Couldn't select database.");
  16.      
  17.       $sql = "SELECT loginName FROM Member
  18.           WHERE loginName='$_POST[fusername]'";
  19.       $result = mysql_query($sql)
  20.         or die("Couldn't execute querry.");
  21.       $num = mysql_num_rows($result);
  22.       if ($num == 1) // login name was found
  23.       {
  24.          $sql = "SELECT loginName FROM Member
  25.              WHERE loginName='$_POST[fusername]'
  26.              AND password=md5('$_POST[fpassword]')";
  27.          $result2 = mysql_query($sql)
  28.             or die("Couldnt execute query 2.");
  29.          $num2 = mysql_num_rows($result2);
  30.          if ($num2 > 0) // password is correct
  31.          {
  32.         $_SESSION['auth']="yes";
  33.         $logname=$_POST['fusername'];
  34.         $_SESSION['logname'] = $logname;
  35.         $today = date("Y-m-d h:m:s");
  36.         $sql = "INSERT INTO Login (loginName,loginTime)
  37.             VALUES ('$logname','$today')";
  38.         mysql_query($sql) or die ("Can't execute query.");
  39.         header("Location: Member_page.php");
  40.          }
  41.          else // password is not correct
  42.          {
  43.         unset($_GET['do']);
  44.         $message="The Login Name, '$_POST[fusername]'
  45.               exists, but you have not entered the correct password, Please try
  46.         again.
    "    ;
  47.         include("login_form.inc");
  48.          }
  49.     }
  50.     elseif ($num == 0) // login name not found
  51.     {
  52.        unset($_GET['do']);
  53.        $message = "The Login Name you entered does not exist!
  54.                Please try again.
    "    ;
  55.        include("login_form.inc");
  56.     }
  57.       break;
  58.  
  59.       case "new";
  60.     foreach($_POST as $field => $value)
  61.     {
  62.       if ($field != "fax")
  63.       {
  64.         if ($value == "")
  65.         {
  66.           unset($_GET['do']);
  67.           $message_new = "Required information is missing.
  68.         Please try again.";
  69.           include("login_form.inc");
  70.           exit();
  71.         }
  72.       }
  73.       if (ereg("(Name)",$field))
  74.       {
  75.           if (!ereg("^[A-Za-z' -]{1,50}$",$value))
  76.         {
  77.           unset($_GET['do']);
  78.               $message_new = "$field is not a valid name.
  79.                   Please try again.";
  80.           include('login_form.inc');
  81.           exit();
  82.         }
  83.       }   
  84.       $$field = strip_tags(trim($value));
  85.     } // end foreach
  86.     if (!ereg("^.+@.+\\..+$",$email))
  87.     {
  88.       unset($_GET['do']);
  89.       $message_new = "$email is not a valid email address.
  90.                Please try again.";
  91.       include("login_form.inc");
  92.       exit();
  93.     }
  94.     /* check to see if login name already exists */
  95.     $connection = mysql_connect($host,$user,$password)
  96.         or die ("Couldn't connect to server.");
  97.     $db = mysql_select_db($database,$connection)
  98.         or die ("Couldn't select database.");
  99.     $sql = "SELECT loginName FROM Member
  100.         WHERE loginName='$newname'";
  101.     $result = mysql_query($sql)
  102.         or die("Couldn't execute query.");
  103.     $num = mysql_numrows($result);
  104.     if ($num > 0)
  105.     {
  106.       unset($_GET['do']);
  107.       $message_new = "$newname already used.
  108.                Select another Member ID.";
  109.       include("login_form.inc");
  110.       exit();
  111.     }
  112.     else
  113.     {
  114.       $today = date("Y-m-d");
  115.       $sql = "INSERT INTO Member (loginName,createDate,password,firstName,lastName,
  116.             street,city,state,zip,phone,fax,email) VALUES
  117.           ('$newname','$today',md5('$newpass'),
  118.            '$firstName','$lastName','$street','$city',
  119.            '$state','$zip','$phone','$fax','$email')";
  120.       mysql_query($sql);
  121.       $_SESSION['auth']="yes";
  122.       $_SESSION['logname'] = $newname;
  123.  
  124.     /* send email to new member */
  125.     $emess = "A new Member Account has been setup. ";
  126.     $emess = "Your new Member ID and password are: ";
  127.     $emess = "\n\n\t$newname\n\t$newpass\n\n";
  128.     $emess = "We appreciate your interest BCSO";
  129.     $emess = " at www.bcso.co.uk! \n\n";
  130.     $emess = "If you have any questions or problems,";
  131.     $emess = " email ";
  132.     $ehead="From: ";
  133.     $subj = "Your new Member Account from BCSO";
  134.     $mailsend=mail("$email","$subj","$emess","$ehead");
  135.     header("Location: New_member.php");
  136.     }
  137.       break;
  138.  
  139.       default;
  140.        include("login_form.inc");
  141.     }
  142.   ?>
  143.  
  144.  
  145.  
  146.  
  147.  

PermaLink to this entry https://pastebin.co.uk/11303
Posted by Hyshiro Fri 2nd Mar 2007 17:17 - Syntax is PHP - 96 viewsRun this post in the PHP shell
Download | New Post | Modify | Hide line numbers

 

Comments: 0