Sure thing, but to start I'd like to claim that I've never been trained, only RTFM'd. So be critical in everyway, I've no shame.
Here is the incomplete code I have working so far:
/****************************************
| Authentication |
****************************************/
function authenticate($usernamefunction, $passwordfunction) {
global $userdata;
$result = @mysql_query("SELECT * FROM users WHERE username =\"".$usernamefunction."\"");
if (!$result || (mysql_numrows($result) < 1)) {
return 1; //username failure
}
$userdata = @mysql_fetch_array($result);
$userdata['password'] = trim($userdata['password']);
if ($passwordfunction == $userdata['password']) {
return 0; // success
} else {
return 2; //password failure
}
}
function check_cookie() {
global $is_logged_in;
if (isset($_COOKIE['cookieusername']) && isset($_COOKIE['cookiepassword'])) {
$_SESSION['username'] = $_COOKIE['cookieusername'];
$_SESSION['password'] = $_COOKIE['cookiepassword'];
}
if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
if (authenticate($_SESSION['username'], $_SESSION['password']) != 0) {
unset($_SESSION['username']);
unset($_SESSION['password']);
return false;
}
$is_logged_in = 1;
return true;
} else {
return false;
}
}
function create_cookie() {
setcookie("cookieusername", $_SESSION['username'], time()+60*60*24*100, "/");
setcookie("cookiepassword", $_SESSION['password'], time()+60*60*24*100, "/");
}
function delete_cookie() {
}
function insert_userdata($usernamefunction, $passwordfunction, $useremailfunction) {
global $error;
if (strlen($username) > 15) {
$error = "Username must be less than 15 characters.";
return;
}
$result = @mysql_query("SELECT username FROM users WHERE username =\"".$usernamefunction."\"");
if (mysql_numrows($result) > 0) {
$error = "Username already taken.";
return;
}
foreach ($username_banned as $nametest) {
if ($usernamefunction == $nametest) {
$error = "That username forbidden.";
return;
}
}
if (preg_match("/^(?![0-9]{8})[0-9a-zA-Z]{8,15}$/", $passwordfunction)) {
$error = "Password must be between 8 and 15 characters, cannot be composed entirely of numbers, but can contain numbers.";
return;
} else {
string_encode($passwordfunction);
}
}
function update_userdata() {
}
function delete_userdate() {
}
function login($usernamefunction, $passwordfunction) {
global $error;
global $is_logged_in;
if (!isset($usernamefunction) || !isset($passwordfunction)) {
$error = "You must fill in all fields";
return;
}
$passwordencode = string_encode($passwordfunction);
$passwordencode = trim($passwordencode);
$status = authenticate($usernamefunction, $passwordencode);
if ($status == 1) {
$error = "That username does not exist";
return;
} elseif ($status == 2) {
$error = "The password is incorrect";
return;
} else {
$_SESSION['username'] = $usernamefunction;
$_SESSION['password'] = $passwordencode;
}
$is_logged_in = 1;
create_cookie();
}
if ($loginaction == "login") {
login(strtolower($usernameinput), $passwordinput);
}
check_cookie();
if ($is_logged_in == 1) {
$_SESSION['userlevel'] = $userdata['auth_level'];
$_SESSION['useremail'] = $userdata['useremail'];
}
Specifically, the cookie section:
function create_cookie() {
setcookie("cookieusername", $_SESSION['username'], time()+60*60*24*100, "/");
setcookie("cookiepassword", $_SESSION['password'], time()+60*60*24*100, "/");
}
Thanks,
Herk
