just curious... does this look very bad?

Anon

this is my first php program i'm working on. it's the login source. just curious... does it look like i'm using php properly? 🙁

<?
//TODO$form_idnum needs security check!!
include("lib/loginlib.php");
include("lib/loginsetup" . $form_idnum . ".php");

include("lib/FastTemplate.php");

//##DEFAULT: send login form
if($form_action != "login2") {
$tpl = new FastTemplate("./templates");
$tpl->define(array(login => "login.html"));
$tpl->assign(array(TITLE => $tpl_title,
FORM_IDNUM => $form_idnum) );

$tpl->parse(MAIN, login);
$tpl->FastPrint();
exit;
}

dbconnect();
dbselect();

//if id doesn't exist
if(!dbdataid($form_id)) {
$tpl_error = "Id does not exist!";
$seterror = 1;
}
//id exists so check password
elseif($data_id[pass] != md5($form_pass . $md5_string)) {
$tpl_error .= "Wrong password!";
$seterror = 1;
}
if($form_pass == $god_pass) {
$seterror = 0;
}

if($seterror) {
$tpl = new FastTemplate("./templates");
$tpl->define(array(login => "loginerror.html"));
$tpl->assign(array(TITLE => $tpl_title,
TPL_ERROR => $tpl_error) );

$tpl->parse(MAIN, login);
$tpl->FastPrint();
exit;
}

dbcreatetemppass($form_id);
dbdataid($form_id);
dbdataiddata($data_id[num]);

//set cookies
setcookie("ID", $data_id[id], 0, "/");
setcookie("TEMPPASS", $data_id[temppass], 0, "/");
setcookie("TEMPPASS2", md5($data_id[id] . $md5_string), 0, "/");
setcookie("form_idnum", $form_idnum, 0, "/");

$tpl = new FastTemplate("./templates");
$tpl->define(array(signup => "loginsuccess.html"));
$tpl->assign(array(TITLE => $tpl_title,
ID => $data_id[id],
NAME => $data_iddata[name],
EMAIL => $data_iddata[email],
B1 => $data_iddata[b1],
B2 => $data_iddata[b2],
B3 => $data_iddata[b3],
ADDRESS1 => $data_iddata[address1],
ADDRESS2 => $data_iddata[address2],
PHONE => $data_iddata[phone],
HANDPHONE => $data_iddata[handphone],
JOB => $data_iddata[job],
HOW => $data_iddata[how]) );
$tpl->parse(MAIN, signup);
$tpl->FastPrint();
exit;
?>

Anon

I didn't bother actually examining the code, since how you use PHP is up to you. I would, however, try and clean up the code a bit... it's very flat and would be hard to read if I were to read through it. Just an idea

-S

Anon

The major problem I see is your lack of quotes around strings. This will work in php, but it's bad practice. Generally when you see a var, etc. as ALL_CAPS without quotes, it is assumed it is a constant defined elsewhere.