", print_r($_POST, true), ""; // Check for login $tempID = $_COOKIE['sessionID']; $first_name = $_COOKIE['first_name']; if(!empty($tempID)){ redirect_user("menu.php"); exit(); } #------------------------ # Log existing user into system #------------------------ // This variable will indicate whether we found a email/password match // in the SQL database. We set it to 0 by default, assuming no match. $match=0; // We define an array that will contain any error messages that are // generated along the way. We will display these for the user once // we are done with our various database queries. $error = array(); // Before we even bother to query the database, let's first // check and see if $e (the entered email address) and the // $p (the entered password) were actually entered. If not // let's create an error message and make sure match is set // (or still set) to 0. // Note: We will not perform this check if the user has just // landed on the page. We only perform this check if the submit // button has been pressed at least once ($submittedForm). if(empty($e) AND $submittedForm != 0){ $error[] = "Please enter your email address to login."; $match=0; } if(empty($p) AND $submittedForm != 0){ $error[] = "Please enter your password."; $match=0; } // If an email and a password have been submitted, let's // query the database to see if the submitted email and password // match those on file. If so, we will create a new session for the // user. If not, we generate error messages. if(!empty($e) AND !empty($p) AND $submittedForm != 0){ // Set the database access information as constants: DEFINE ('DB_USER', 'rcfraley'); DEFINE ('DB_PASSWORD', '*PASSWORD*'); DEFINE ('DB_HOST', 'yourpersonality.netfirmsmysql.com'); DEFINE ('DB_NAME', 'ullman'); // Make the database connection: $dbc = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) OR die ('Could not connect to MySQL: ' . mysqli_connect_error() ); // Define a SQL query // Here we are selecting the stored password and user_id for rows where // the database email (email) and submitted email($e) match one another. $q = "SELECT pass, user_id, first_name FROM users WHERE email='$e'"; $r = @mysqli_query ($dbc, $q); // Run the query. if ($r) { // If it ran OK. }else{ $error[] = "Error querring the database. Please contact the site administrator."; } // Check to see if submitted password ($p) equals stored password ($row[0]) // If there is a match, change $match to 1. $num = mysqli_num_rows($r); $does_email_exist = 0; if($num > 0){ // If something was returned, flag a successful database query. $does_email_exist = 1; // Following some practices we already discussed, we will loop // through our results via while(), despite the fact that, technically, // only one result should have been returned. while ($row = mysqli_fetch_array($r, MYSQLI_NUM)) { // If the retrieved (and hashed) email ($row[0]) is equal // to SHA1() of the submitted password ($p), we // flag a match. // We will also create two local variables, $id and $fn, // to represent the unique user_id and the first_name stored // in the database for that user, respectively. if($row[0] == SHA1($p)){ $pp = SHA1($p); $match = 1; $id = $row[1]; $fn = $row[2]; }else{ $error[] = "The password is not correct. Please make sure you have typed it correctly."; $match = 0; } } } // If nothing was returned ($num = 0, e.g., the submitted email doesn't exist // in the data base, we return an error. if($does_email_exist == 0){ $error[] = "The email you entered does not exist in our database. Please check to see that you entered your email correctly. If you would like to create a new account, please choose the Create new account option."; } } if($match == 0){ // Include external style sheet print "
"; // Create a form to collect email (email) and password (password) from user. print "";
print " Welcome to our class webpage! "; print " |