<?php
include 'db.inc';
include 'error.inc';
function authenticateUser($connection,
$username,
$password)
{
// Test that the username and password
// are both set and return false if not
if (!isset($username) || !isset($password))
return false;
// Get the two character salt from the username
$salt = substr($username, 0, 2);
// Encrypt the password
$crypted_password = crypt($password, $salt);
// Formulate the SQL query find the user
$query = "SELECT password FROM userinfo
WHERE user_name = '$username'
AND password = '$crypted_password'";
// Execute the query
$result = @ mysql_query ($query,
$connection)
or showerror();
// exactly one row? then we have found the user
if (mysql_num_rows($result) != 1)
return false;
else
return true;
}
// Main ----------
session_start();
$authenticated = false;
// Clean the data collected from the user
$appUsername =
clean($HTTP_POST_VARS["formUsername"], 10);
$appPassword =
clean($HTTP_POST_VARS["formPassword"], 10);
// Connext to the MySQL server
$connection = @ mysql_connect($hostname,
$username,
$password)
or die("cannot connect");
if (!mysql_selectdb($databaseName,
$connection))
showerror()
$authenticated = authenticateUser($connection,
$appUsername,
$appPassword);
if ($authenticated == true)
{
// register the customer id
session_register("authenticatedUser");
$authenticatedUser = $appUsername;
// Register the remote IP address
session_register("loginIpAddress");
$loginIpAddress = $REMOTE_ADDR;
}
else
{
// The authentication failed
session_register("loginMessage");
$loginMessage =
"Could not connect to the page " .
"database as \"$appUsername\\"";
}
// Relocate back to the login page
header("Location: example.9-8.php");
?>
