<?php
/* Program: Login.php
* Desc: Login program for the Members Only section of
* the webpage. It provides two options:
* (1) login using an existing Login Name and
* (2) enter a new login name. Login Names and
* passwords are stored in a MySQL database.
*/
session_start(); # 9
include("dogs.inc"); #10
switch (@$_POST['do']) #11
{
case "login": #13
$cxn = mysqli_connect($host, $user,$passwd,$dbname)
or die ("Couldn't connect to server."); #15
$sql = "SELECT loginName FROM Member
WHERE loginName='$_POST[fusername]'"; #18
$result = mysqli_query($cxn,$sql)
or die("Couldn't execute query."); #20
$num = mysqli_num_rows($result); #21
if ($num > 0) // login name was found #22
{
$sql = "SELECT loginName FROM Member
WHERE loginName='$_POST[fusername]'
AND password=md5('$_POST[fpassword]')";
$result2 = mysqli_query($cxn,$sql)
or die("Couldn't execute query 2.");
$num2 = mysqli_num_rows($result2);
if ($num2 > 0) // password is correct #30
{
$_SESSION['auth']="yes"; #32
$logname=$_POST['fusername'];
$_SESSION['logname'] = $logname; #34
$today = date("Y-m-d h:i:s"); #35
$sql = "INSERT INTO Login (loginName,loginTime)
VALUES ('$logname','$today')";
$result = mysqli_query($cxn,$sql)
or die("Can't execute insert query.");
header("Location: Member_page.php"); #40
}
else // password is not correct #42
{
$message="The Login Name, '$_POST[fusername]'
exists, but you have not entered the
correct password! Please try again.<br>";
include("login_form.inc"); #47
}
} #49
elseif ($num == 0) // login name not found #50
{
$message = "The Login Name you entered does not
exist! Please try again.<br>";
include("login_form.inc");
}
break; #56
case "new":
/* Check for blanks */ #59
foreach($_POST as $field => $value) #60
{
if ($field != "fax") #62
{
if ($value == "") #64
{
$blanks[] = $field;
}
}
}
if(isset($blanks)) #70
{
$message_new = "The following fields are blank.
Please enter the required information: ";
foreach($blanks as $value)
{
$message_new .= "$value, ";
}
extract($_POST);
include("login_form.inc");
exit();
}
/* Validate data */
foreach($_POST as $field => $value) #84
{
if(!empty($value)) #86
{
if(eregi("name",$field) and
!eregi("login",$field))
{
if (!ereg("^[A-Za-z' -]{1,50}$",$value))
{
$errors[]="$value is not a valid name.";
}
}
if(eregi("street",$field) or
eregi("addr",$field) or eregi("city",$field))
{
if(!ereg("^[A-Za-z0-9.,' -]{1,50}$",$value))
{
$errors[] = "$value is not a valid
address or city.";
}
}
if(eregi("state",$field))
{
if(!ereg("[A-Za-z]{2}",$value))
{
$errors[]="$value is not a valid state.";
}
}
if(eregi("email",$field))
{
if(!ereg("^.+@.+\\..+$",$value))
{
$errors[] = "$value is not a valid
email address.";
}
}
if(eregi("zip",$field))
{
if(!ereg("^[0-9]{5,5}(\-[0-9]{4,4})?$",
$value))
{
$errors[]="$value is not a valid
zipcode.";
}
}
if(eregi("phone",$field)
or eregi("fax",$field))
{
if(!ereg("^[0-9)(xX -]{7,20}$",$value))
{
$errors[] = "$value is not a valid
phone number. ";
}
}
} // end if empty #138
} // end foreach
if(@is_array($errors)) #140
{
$message_new = "";
foreach($errors as $value)
{
$message_new .= $value." Please try
again<br />";
}
extract($_POST);
include("login_form.inc");
exit();
}
/* clean data */
$cxn = mysqli_connect($host,$user,$passwd,$dbname);
foreach($_POST as $field => $value) #156
{
if($field != "Button" and $field != "do")
{
if($field == "password")
{
$password = strip_tags(trim($value));
}
else
{
$fields[]=$field;
$value = strip_tags(trim($value));
$values[] =
mysqli_real_escape_string($cxn,$value);
$$field = $value;
}
}
}
/* check whether user name already exists */
$sql = "SELECT loginName FROM Member
WHERE loginName = '$loginName'"; #177
$result = mysqli_query($cxn,$sql)
or die("Couldn't execute select query.");
$num = mysqli_num_rows($result); #180
if ($num > 0) #181
{
$message_new = "$loginName already used.
Select another User Name.";
include("login_form.inc");
exit();
}
/* Add new member to database */
else #190
{
$today = date("Y-m-d");
$fields_str = implode(",",$fields);
$values_str = implode('","',$values);
$fields_str .=",createDate";
$values_str .='"'.",".'"'.$today;
$fields_str .=",password";
$values_str .= '"'.","."md5"."('".$password."')";
$sql = "INSERT INTO Member ";
$sql .= "(".$fields_str.")";
$sql .= " VALUES ";
$sql .= "(".'"'.$values_str.")";
$result = mysqli_query($cxn,$sql)
or die("Couldn't execute insert query.");
$_SESSION['auth']="yes"; #205
$_SESSION['logname'] = $loginName; #206
/* send email to new member */ #208
$emess = "A new Member Account has been setup. ";
$emess.= "Your new Member ID and password are: ";
$emess.= "\n\n\t$loginName\n\t$password\n\n";
$emess.="We appreciate your interest in Pet";
$emess.= " Message of website. \n\n";
$emess.= "If you have any questions or problems,";
$emess.= " email webmaster@website.com";
$ehead="From: member-desk@website.com\r\n"; #216
$subj = "Your new Member Account from website";
$mailsnd=mail("$email","$subj","$emess","$ehead");
header("Location: New_member.php"); #219
}
break; #221
default: #223
include("login_form.inc");
}
?>
Ik wil 5 gebruikersnamen en wachtwoorden. Deze zijn gekoppeld aan regio's. Bijvoorbeeld 1 gebruikersnaam met wachtwoord geldt voor de regio amsterdam. Alle mensen vanuit amsterdam die van mij het ledengedeelte in mogen loggen, krijgen van mij dezelfde usernaam en wachtwoord die geldend is voor de regio amsterdam. Dus er hoeven geen supervisors tussen te zitten. Ze krijgen ze rechtstreeks van de websitebeheerder. Vervolgens wil ik die mensen uit amsterdam wel de mogelijkheid bieden om hun eigen username en wachtwoord aan te maken. Dat moeten ze, nadat ze zijn ingelogd, zelf kunnen wijzigen, en die waarden kunnen dan weer opgeslagen worden in de database.
