<?php
function form ()
{
print "<br><br>";
print "<form method=\"POST\" action=\"memlogin.php\">\n";
print "<table border=\"0\" cellpadding=\"3\" cellspacing=\"0\" valign=\"top\" align=\"center\">\n";
print "<tr nowrap>\n";
print "<td nowrap class=\"f10pt\" align=\"right\"><b>User Name:</b></td>\n";
print "<td nowrap class=\"f10pt\" align=\"left\"><input name=\"username\" type=\"text\" size=\"50\"> (email address)</td>\n";
print "</tr>\n";
print "<tr nowrap>\n";
print "<td nowrap class=\"f10pt\" align=\"right\"><b>Password:</b></td>\n";
print "<td nowrap class=\"f10pt\" align=\"left\"><input name=\"password\" type=\"password\" size=\"25\"> (email pw)</td>\n";
print "</tr>\n";
print "<tr nowrap>\n";
print "<td nowrap class=\"f10pt\" align=\"center\" colspan=\"2\"><input name=\"submit\" type=\"image\" src=\"images/login.jpg\" border=\"0\" alt=\"Log-In\" value=\"submit\"></td>\n";
print "</tr>\n";
print "</table>";
print "</form>";
}
if (!isset($_SESSION['mysession'])) {
$_SESSION['mysession'] = session_id();
}
$thissession=$_SESSION['mysession'];
print "<div align\"center\">";
if (!isset($_SESSION['member'])) {
//Member is not logged in - do form checks
if (!isset($_POST['username'])) {
// Log-In form has not been submited - echo form
form();
} else {
// Log-In form submited - Check Form for Entry
$errvalue=0;
$errormsg="";
$validEmail = "^[_.0-9a-z-]+@([0-9a-z][0-9a-z-]+.)+[a-z]{2,4}$";
if (!isset($_POST['username'])) {
$errvalue=1;
$errormsg.="<br><br><span class=\"f12pt\"><b>Please Fill in a valid User Name (email address)!</b></span>";
} else {
$uname=$_POST['username'];
if ($uname=="" | is_null($uname) | !eregi($validEmail, $uname)) {
$errvalue=1;
$errormsg.="<br><br><span class=\"f12pt\"><b>Please Fill in a valid User Name (email address)!</b></span>";
}
}
if (!isset($_POST['password'])) {
$errvalue=1;
$errormsg.="<br><br><span class=\"f12pt\"><b>Please Fill in the Password!</b></span>";
} else {
$upwd=$_POST['password'];
if ($upwd=="" | is_null($upwd)) {
$errvalue=1;
$errormsg.="<br><br><span class=\"f12pt\"><b>Please Fill in the Password!</b></span>";
}
}
if (!$errvalue) {
// Entry OK check members.txt for username and password
$userismem=0;
#Set link to db...
$dbh=mysql_connect ("xxxxx.com", "xxxxxxx", "xxxxx") or die ('I cannot connect to the database because: ' . mysql_error());
#$dbh=mysql_connect () or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("xxxxxxxxx");
$result = mysql_query("SELECT memberid, firstname, loginname, loginpw, referaffil FROM members WHERE loginname='$uname'");
if (mysql_num_rows($result)>0) {
#$upwdmdf=md5($upwd);
#if ($row['loginpw']==$upwd || $row['loginpw']==$upwdmdf) {
$userismem=1;
#Should be only 1 row
$row = mysql_fetch_array($result, MYSQL_BOTH);
$_SESSION['member']=$row['memberid'];
$memid=$_SESSION['member'];
$_SESSION['memfirst']=$row['firstname'];
#Set Affiliate if applicable
if(!isset($_SESSION['affil'])) {
if (!is_null($row['referaffil'])) $_SESSION['affil']=$row['referaffil'];
}
#Need to see if there are any cart items and adjust price
mysql_free_result($result);
$thissession=$_SESSION['mysession'];
$result = mysql_query("SELECT * FROM carts WHERE cartid='$thissession'");
$count = 0;
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
$itemcat=$row['itemid'];
$catprices = mysql_query("SELECT * FROM catprices WHERE itemid='$itemcat'");
$catrow = mysql_fetch_array($catprices, MYSQL_BOTH);
$pricetouse=2;
if ($row['cotm']==1) {
$pricetouse=4;
}
$itemprice=$catrow[$pricetouse];
mysql_free_result($catprices);
mysql_query("UPDATE carts SET itemamount='$itemprice', memberid='$memid' WHERE cuid=".$row['cuid']);
$count++;
}
#}
}
mysql_free_result($result);
if (!$userismem) {
$errvalue=1;
$errormsg.="<br><br><span class=\"f12pt\"><b>Your User Name and Password was not found in our database!<br>Please check your entries. If you are not a member,<br>you can sign up here:</b></span><br><a href=\"joinclub.php\"><img src=\"images/signup.jpg\" border=\"0\" alt=\"Join Candle Club\"></a>";
} else {
// User has succesfully logged in.
print "<br><br><span class=\"f14pt\"><b>You are logged in as a Candle Club Member!<br>All Items will have a 10% price reduction while you are logged in!<br><br>Thank You!</b></span>";
if ($count>0) print "<br><br><span class=\"f14pt\"><b>The Items in your cart will now reflect your 10% discount!</b></span>";
$errvalue=0;
}
}
if ($errvalue==1) {
print $errormsg;
form();
}
}
} else {
//Member is already logged in - echo status
print "<br><br><span class=\"f14pt\"><b>You are already logged in as a Member!<br><br>Thank You!</b></span>";
}
print "<br><a href=\"index.php\"><img src=\"images/contshop.jpg\" border=\"0\" alt=\"Continue Shopping\"></a>";
print "</div>";
?>
I have xxxxx'd out the db connection stuff... I am setting the variables like above and using them like this:
<?php
$memfn=" ";
if (isset($_SESSION['memfirst'])) {
$memfn.=$_SESSION['memfirst'];
}
print "Welcome" . $memfn;
?>
Both of these scripts are in the middle of a bunch of html. EVERY PAGE HAS A session_start(); AT THE TOP! No need to yell, sorry. I make sure this is there on every page. I have even re-itterated it on some of my script sections because they did not seem to want to grab the session vars without this:
<?php
if (!isset($_SESSION['mysession'])) {
$_SESSION['mysession'] = session_id();
}
$thissession=$_SESSION['mysession'];
That code seemed to "wake up" the session to allow me to grab the rest of the variables...hmmm.