sample from an older version using session_register instead of the newer $_SESSION['varname']
<?
//
//*********************main program block******************************
session_start(); //start the session
session_register('id'); //register the function id
session_register('pid'); //register the userID for updates or logins
session_register('log'); //logged in variable for session double checks
session_register('errtype'); //to track errors
$page='login'; //track the calling page for use in creating buttons
require("common.php");
$_SESSION['errtype']=0;
//if the cookie is present compare the UID to the db to validate the user
//then log the user in by setting the session variables
//if the cookie is not present, then redirect the user to the login page
//
if(!$HTTP_COOKIE_VARS['uid']){
if (is_null($_POST['submit'])){
//no values are set by the form so show the login form
login_form();
}elseif($_POST['submit']){
//submit passed - check to see what was passed and then run the appropriate function ie
if ((isset($_POST['username']))&&(isset($_POST['pass']))){
//both login username and password are present - so log the user in
login_user();
}else{
$SESSION['errtype']=4;
login_form();
}
}
}else{
$uid=$HTTP_COOKIE_VARS['uid'];
$sql="select * from basic_users where user_lognum='$uid'";
//run the query
$result=mysql_query($sql, $conn) or die ("Couldn't connect to database");
//get the result and check it shold be one row of data
if (mysql_num_rows($result)!=1){
//no rows returned or more than one (shouldn't happen as we dont allow the same user_name 2x)
//send the user back to the login form
//create the error record
$_SESSION['errtype']=1;
//unset the cookie function / redirect to login - will be reset after successful login in
kill_cookie();
die();
}else{
$row=mysql_fetch_row($result);
//set the session variables for future use
$_SESSION['pid']=$row[0];
$_SESSION['log']=1;
//redirect the user to the next page
//header("location:[url]http://www.setropets.com/main.php[/url]");
}
}
//*********************end main program block *********************************************
function kill_cookie()
{
setcookie('uid'); //kill the cookie
}
function login_user()
{
require("dbconn.php"); //external db connect information
//function to login the user
$uname=$_POST['username'];
$pass=$_POST['pass'];
if ((ereg("[a-zA-Z0-9_]",$uname))&&(ereg("[a-zA-Z0-9_]",$pass))){
//if the check above is okay then hit the db and check the values
$sql="select * from basic_users where user_name='$uname' and user_pass='$pass'";
//run the query
$result=mysql_query($sql, $conn) or die ("Couldn't connect to database");
//get the result and check it shold be one row of data
if (mysql_num_rows($result)!=1){
//no rows returned or more than one (shouldn't happen as we dont allow the same user_name 2x)
//send the user back to the login form
$_SESSION['errtype']=1;
login_form();
die();
}else{
$row=mysql_fetch_row($result);
//set the session variables for future use
$_SESSION['pid']=$row[0];
$_SESSION['log']=1;
//if the cookie option is choosen, set the cookie here
if(($_POST['remember']=='on')){
$UID=$row['user_lognum'];
//set the cookie for the forget me not (auto login) cookie value = uniqid
//cookie set for expiry in 1 year, you will need to change the pathtodir to match the folder for the
//site - just uncomment the first setcookie and comment the second one out
$lifetime = time()+86400*30*12; //set the cookie expiry in 12 months
//setcookie("uid",$UID, $lifetime,"/pathtodir/","/setropets.com/"); //real cookie
setcookie("uid",$UID, $lifetime,$domain); //test cookie
}
//successful login now reidirect the user to the main page
header("location:/update.php?id=update");
//echo "successful login";
} //end the if/then for the login attempt
}else{
//there is incorrect data in the login form - usually an attempt to hack the site
//send the user back to the login form and let them try again
$_SESSION['errtype']=1;
login_form();
die;
} //end the if/then ereg data check code
} //end the function
