I have enclosed the php code for the login, create_users and admin pages. The admin page resides in an include directory as the It's plenty of code, but if it helps thanks.
Here is the login page (php code):
<?php include("../include/admin.php"); ?>
<?php
// This section is only run when the form has been submitted
if($HTTP_POST_VARS['Submit']=='Login'){
session_start();
// Check whether the login details are correct, and put
// the user status into a session variable.
$statusCheck = check_login($HTTP_POST_VARS);
if ($statusCheck == "Admin" || $statusCheck == "Staff"){
session_register("statusCheck");
header("Location: menu.php");
}
}
?>
<?
function check_login($formdata) {
// This section queries the users table, and searches for
// the username and password that were supplied. If the
// user is not found, an error is returned. If the user
// details are correct the users status is returned.
// Setup MySQL Connection variables, set as correct for your system.
$dbhost = "localhost";
$dbuser = "root";
$dbpassword = "sunshine";
$db = "smmbc";
// Get Form Data
$form_data = trim_data($formdata);
$user = $form_data['username'];
$password = $form_data['password'];
// Connect to the mySQL Server
$mysql = mysql_connect($dbhost, $dbuser, $dbpassword);
if(!$mysql) {
$error = "Cannot connect to Database Host";
return($error);
}
// Open the mySQL Database
$mysqldb = mysql_select_db($db);
if(!$mysqldb) {
$error = "Cannot open Database";
return($error);
}
// Query Database
$myquery = "SELECT * FROM users WHERE username = '" . $user . "' AND password = '" . crypt($password,"DWMXPHP") . "'";
$result = mysql_query($myquery);
if (!$result){
$error = "Cannot run Query";
return($error);
}
// Check that we have a record returned
$numRows = mysql_num_rows($result);
if ($numRows < 1){
$error = "User name or password not recognised";
return($error); }
// Get user status from returned record
$userRecord = mysql_fetch_array($result);
$status = $userRecord["status"];
return($status);
}
?>
Here is the code for the create_users page:
<?php include("../include/admin.php"); ?>
<?php
session_start();
// Check the Users status, if not Admin level
// redirect back to the menu.php page
if($HTTP_SESSION_VARS['statusCheck'] != 'Admin')
header("Location: menu.php");
// If the user logs out, destroy their session
if($HTTP_GET_VARS['action']=='logout'){
session_unregister("statusCheck");
session_destroy(); }
// If no session is set, redirect to login.php
if (!session_is_registered("statusCheck"))
header("Location: login.php");
?>
<?php
function insert_data($formdata) {
// Insert Data into users table
// $formdata = form array
// setup database connection variables, insert as correct for your server
$error = "";
$myhost = "localhost";
$myuser = "root";
$mypass = "sunshine";
$mydb = "smmbc";
// setup data to insert
$firstName = $formdata['firstName'];
$lastName = $formdata['lastName'];
$username = $formdata['username'];
$password = $formdata['password'];
$status = $formdata['status'];
// encrypt the password using the key "DWMXPHP"
$password = crypt($password,"DWMXPHP");
// connect to mySQL server
$mysql = mysql_connect($myhost, $myuser, $mypass);
if (!$mysql) {
$error = "Cannot connect to mySQL server";
return($error);
}
// Connect to Database
$mysqldb = mysql_select_db($mydb, $mysql);
if (!$mysqldb) {
$error = "Cannot open Database";
return($error);
}
// Insert Data
$myquery = "INSERT INTO users1 ( firstName, lastName, username, password, ";
$myquery .= " status) VALUES ('$firstName', '$lastName', '$username', '$password', '$status')";
$result = mysql_query($myquery, $mysql);
if (!$result) {
$error = "Cannot run Query";
return $error;
}
// Return True if record written successfully
return("true");
}
function verify_data($formdata) {
// This function uses the functions in the include file,
// and uses them to validate various aspects of the form.
// If validation fails, it returns $error, the appropriate error message
// If validation suceeds, return true
$error = "";
$form_data = trim_data($formdata);
$user = $form_data['username'];
// check all form fields are filled in
if (!check_form($form_data)) {
$error="All Form Fields must be filled in";
return($error); }
// check password and confirmation password match
if (!confirm_password($form_data, 'password', 'confirmpassword')) {
$error = "Password and Confirm Password do not match";
return($error); }
// check length of password
if (!check_password_length($form_data, 'password', 5)) {
$error = "Password should be 5 characters or more";
return($error); }
// check that username is unique
$check = check_unique($user, 'smmbc', 'localhost' , 'root', 'sunshine', 'users1', 'username');
if ($check != "true") {
$error = "Username is already in user, select another";
return($error); }
// if validated successfully, insert data into table
$insert_check = insert_data($formdata);
// if error with insertion, return error
if ($insert_check != "true")
return($insert_check);
// form validated and record inserted successfully
return("");
}
?>
<?php
// Main Code - Verifies the form data, and inserts into
// the users table in the Database
if($HTTP_POST_VARS['Submit']=='Create User')
{
$error = verify_data($HTTP_POST_VARS);
if ($error == "")
$success = "User inserted successfully";
}
?>
Here is the code for the admin page:
<?php
function trim_data($formdata) {
// Trim any leading or trailing spaces
// $formdata = Form Data Array
foreach($formdata as $key => $value)
{
$key = trim($key);
$value = trim($value);
}
return $formdata;
}
function check_form($formdata){
// Check all fields are filled in
// $formdata = Form Data Array
foreach ($formdata as $key => $value)
{
if (!isset($key) || $value == "" )
return false;
}
return true;
}
function check_password_length($formdata, $password, $minlen) {
// Check that password is required length
// $formdata = Form Data Array
// $password = Name of password field
// $minlen = Minimum number of password characters
if (strlen($formdata[$password]) < $minlen)
return false;
else
return true;
}
function confirm_password($formdata, $password1, $password2) {
// Check that two passwords given match
// $formdata = Form Data Array
// $password1 = Name of first password field
// $password2 = Name of second password field
if ($formdata[$password1] === $formdata[$password2])
return true;
else
return false;
}
function check_unique($formvalue, $db, $dbhost, $dbuser, $dbpassword, $table, $field) {
// Checks a table in a database, so see if passed value already exists
// $formvalue = Value you are checking to see if it is unique or not
// $db = mySQL Database Name
// $dbhost = mySQL Server address eg localhost
// $dbuser = mySQL user name
// $dbpassword = mySQL password
// $table = mySQL Table to search
// $field = mySQL Field to search
$error = "";
// Connect to the mySQL Server
$mysql = mysql_connect($dbhost, $dbuser, $dbpassword);
if(!$mysql)
{
$error = "Cannot connect to Database Host";
return($error);
}
// Open the mySQL Database
$mysqldb = mysql_select_db($db);
if(!$mysqldb)
{
$error = "Cannot open Database";
return($error);
}
// Query Table to see if $formvalue is unique
$myquery = "SELECT * FROM $table WHERE $field = '$formvalue'";
$result = mysql_query($myquery);
if (!$result)
{
$error = "Cannot run Query";
return($error);
}
// Get number of Records found, should be 0 if $formvalue is unique
$unique = mysql_num_rows($result);
if ($unique > 0)
{
$error = $formvalue. " already in use";
return($error);
}
// Return true if $formvalue is unique
return("true");
}
?>
End of php coding
Thanks!!!
