<?php
require_once('.
./www/db_connec
t.php');
//SEE IF
ALREADY LOGGED
IN
if($_SESSION['
logged_in'] ==
1)
{
//REDIRECT
TO HOMEPAGE
header('Locatio
n:
http://localhos
t/www/Mypage.ph
p');
} else {
if(isset($HTTP
_POST_VARS['sub
mit']))
{
//BEGIN
CHECKING
USERNAME...
if(!$_POST['use
rname'])
die('Alert:
username field
was
blank.');
//array of
invalid
characters
$junk =
array('.' , ','
, '//' , '\\' ,
'`' , ';' , '['
, ']' ,
'-',
'*', '&',
'^', '%', '$',
'#', '@', '!',
'~', '+', '(',
')',
'|', '{',
'}', '<',
'>', '?',
':', '"',
'=');
//starting
lenght of
username
$len =
strlen($_POST['
username']);
//replace
invalid
characters
$_POST['usernam
e'] =
str_replace($ju
nk, '',
$_POST['usernam
e']);
$test =
$_POST['usernam
e'];
//if lenghts
are different
($len smaller),
invalid
characters
found, so
prompt
error.
if(strlen($test
) != $len) {
die('Username
Error: Username
contained
invalid
characters. You
can only use
A-Z, 0-9 and
the
underscore
(_).');
}
//Check if
username
already
exists...
$q2 =
mysql_query(&qu
ot;SELECT *
FROM
`familymembers`
WHERE
`username` =
'".$_POST[
'username'].&qu
ot;'");
$q3 =
mysql_fetch_obj
ect($q2);
if($q3->user
name ==
$_POST['usernam
e']) {
die('<BR>
;<BR>Sorr
y, but the
username
"'.$q3->
;username.'&quo
t; is taken,
please choose
another.');
}
//PASSWORD
if(!$_POST['pas
sword']) {
die('Error:
Password field
was blank');
}
if(!$_POST['ver
ify_password'])
{
die('Error:
Verify Password
field was
blank.');
}
if($_POST['pass
word'] !=
$_POST['verify_
password']) {
die('Error:
The passwords
do not
match.');
}
if(strlen($_POS
T['password'])
< 6 ) {
die('Error:
Your password
is too short.
Must be 6 or
more characters
in
length.');
}
//ADD NEW
MEMBER
$insert
="INSERT
INTO
`familymembers`
(username,
password,
email) VALUES
('".$_POST
['username'].&q
uot;',
'".md5($_P
OST['password']
)."',
'".$_POST[
'email']."
')";
$insert2 =
mysql_query($in
sert);
if(!$insert2)
die(mysql_error
());
echo('Registrat
ion Successful,
Welcome new
member! You can
now login to
your new
account.');
} else {
?>
<table>
<form
name="sign
up"
action="&l
t;?php
$_SERVER['PHP_S
ELF'];
?>"
method="PO
ST">
<tr>
<td>Usern
ame: <BR>
(only A-Z, 0-9
and _
Allowed)<BR&
gt;</td><
br />
<td><i
nput
type="text
" id
="username
"
name="user
name"
value="&qu
ot;
maxlength="
;30">
<BR></
td>
</tr>
<tr>
<td>Passw
ord:</td>
<td><i
nput
type="pass
word"
id="passwo
rd"
name="pass
word"
value="&qu
ot;
maxlength="
;30">&l
t;BR>
(minimum 6
characters)<
/td>
</tr>
<tr>
<td>Verif
y
Pass:</td>
;
<td><i
nput
type="pass
word"
id="verify
_password"
name="veri
fy_password&quo
t;
value="&qu
ot;
maxlength="
;30">&l
t;BR>
</td>
</tr>
<tr>
<td>Email
:</td>
<td><i
nput
type="text
"
id="email&
quot;
name="emai
l"
value="&qu
ot;
size="30&q
uot;><br&
gt;</td><
br />
</tr>
<tr>
<td>Click
to Complete
Signup:</td&
gt;
<td><i
nput
type="subm
it"
id="submit
"
name="subm
it"
value="sub
mit">&l
t;/td>
</tr>
</form><
br />
</table>
<?php
} //end not
logged in
} //end submit
not pressed
?>
<?php
ob_start();
require_once('.
./www/db_connec
t.php');
if(isset($_SESS
ION['username']
) &&
isset($_SESSION
['password']))
{
//REDIRECT TO
USERS
PROFILE...
header("Lo
cation:
http://localhos
t/MyPage.php&qu
ot;);
} //end if
logged in
//IF SUBMIT
BUTTON
PRESSED
if(isset($_POST
['submit']))
{
if(!$_POST['use
rname'])
die("Error
: You must
enter your
username before
logging
in.");
if(!$_POST['pas
sword'])
die("Error
: You must
enter your
password before
logging
in.");
//set cookie
if checked
if(!empty($_POS
T['stay_in']))
{
$joined
=''.$_POST['use
rname'].'[]'.md
5($_POST['passw
ord']).'';
setcookie('logi
n_cookie',
$joined,
2147483647,
'/',
'.www.myfamily.
com');
} //end
if
//verify
user...
$get_user =
mysql_query(&qu
ot;SELECT *
FROM
`familymembers`
WHERE username
=
'".$_POST[
'username'].&qu
ot;' AND
password =
'".md5($_P
OST['password']
)."'"
);
$q =
mysql_fetch_obj
ect($get_user);
if(!$q)
die("Login
Failure: An
error occured,
please verify
your username
and password
are
correct.")
;
//set session
variables
$_SESSION['logg
ed_in'] = 1;
$_SESSION['user
name'] =
$_POST['usernam
e'];
$_SESSION['pass
word'] =
$_POST['passwor
d'];
session_write_c
lose();
header("Lo
cation:
http://localhos
t/MyPage.php&qu
ot;);
} else {
//show login
form
?>
<form
name="logi
n"
method="po
st"
action="&l
t;?php
$_SERVER['PHP_S
ELF'];
?>">
<table>
<tr>
<td>Usern
ame:<input
type="text
"
id="userna
me"
name="user
name">&
lt;/td>
</tr>
<tr>
<td>Passw
ord:<input
type="pass
word"
id="passwo
rd"
name="pass
word">&
lt;/td>
</tr>
<tr>
<td>Submi
t: <input
type="subm
it"
value="Sub
mit"
name="subm
it"
id="submit
"></
td>
</tr>
<tr>
<td>Remem
ber? <input
type="chec
kbox"
name="stay
_in[]"
checked="y
es"><
;/td>
</tr>
</table><
br />
</form>
<?php
}//end else
?>
