documentation for script login.php


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html><head>
<title>Create account</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8"/>
</head>
<body>

<?php

function show_form($message,$username,$password) {
   print "<div><h1>";
   print $message;
   print "</h1><h2>Login</h2><form action=\"";
   print $_SERVER['PHP_SELF'];
   print "\" method=\"post\"><div><input type=\"hidden\";";
   print " name=\"submitted\" value=\"1\" /></div>"; 
   print "<p>Username <input type=\"text\"";
   print "name=\"username\" maxlength=\"15\" value=\"";
   print $username;
   print "\" /></p><p>Password <input type=\"password\"";
   print " name=\"pass\" value=\"";
   print $password;
   print "\"/></p><p><input type=\"submit\" value=\"Login\" />";
   print "Not yet a member? <a href=\"create_account.php\">Create an account</a>!";
   print "</p></form></div>";
}

function process_form() {
  // $r is what is returned by the function
  $r['username']='';
  $r['password']='';
  $r['error']='';
  if(isset($_POST['username'])) {
      $username=trim($_POST['username']);
      $r['username']=$username;
  }
  else {
    $r['error']="You have to set a user name";
    return $r;
  }
  if(isset($_POST['pass'])) {
    $pass=trim($_POST['pass']);  
    $r['password']=$pass;
  }
  else {
    $r['error']="You have to set a password";
    return $r;
  }
  $sha_pass=sha1($pass);
  $db=mysql_connect('localhost:6033','krichel','');
  $query="SELECT * FROM beer_shop.users WHERE 
    username='$username' AND password = '$sha_pass'";
  $result=mysql_query($query);
  $error=mysql_error();
  if($error) {
    $r['error']="Sorry: $query gives an error<br/> $error";
    return $r;
  }
  $affected=mysql_affected_rows();
  if(! ($affected)) {
    $r['error']="Invalid username or password";
    return $r;
  }
  return $r;
}

if(isset($_POST['submitted'])) {
  $r=process_form();
  if($r['error']) {
    show_form($r['error'],$r['username'],$r['password']);
  }
  else {
    $user=$_POST['username'];
    print "<h1>Welcome to $user</h1>";
  }
}
else {
  show_form('','','');
}



?>


<p>
<a href="http://validator.w3.org/check?uri=referer"><img
    style="border: 0pt"
    src="/valid-xhtml10.png"
    alt="Valid XHTML 1.0!" height="31" width="88" /></a>
</p>
</body>
</html>