Hi
I have a new script that works perfect now with signup, login and forget password, just got a few things to do that need help with if ok
1) How do I make the following code recognise that a user is still logged if they click off the page and back in again rather than asking them to log in again
2) How do I make the sign up coding prevent SQL injections, guess would need to do the same for the login page, that right
Below is the coding from the login page for issue 1
<?php
session_start();
ob_start();
?>
<div id="column-whole">
<h2 class="title">Affiliate Login</h2>
<hr class="carved" />
<form action="" method="post" class="signup">
<h2>Name*:</h2> <input type="text" name="username" />
<br>
<h2>Password*:</h2> <input type="password" name="password" />
<br>
<input type="submit" value="Login" id="submit" />
<a href="reset-pass.php">Forgot Password?</a> | <a href="new-affiliate-signup.php">Register</a>
</form>
<?php
include'config-db.php';
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = $_POST['username'];
$password = md5($_POST['password']);
//$id = $_GET['id']; Can't do this, because you don't pass the ID through GET. You can't really, as you don't know the ID when the user logs in.
//check data
//Cant check the ID here either, as you don't know it yet
$sql = "SELECT * FROM affiliates WHERE username='$username' AND password ='$password'";
$result = $conn->query($sql);
if ($result->num_rows > 0){
while($row = $result->fetch_assoc()) {
$username = $row["username"];
//Store the name in the session
$_SESSION['username'] = $username;
//You should be getting the ID HERE, as this is where you know who the User is.
$id = $row['id'];
header("location:affiliate-profile.php?id=$id");
exit();
}
}
else {
echo "<h2>Incorrect Username/Password</h2>";
}
}
?>
</div>
Below is the code for the signup page for issue 2
<div id="column-whole">
<h2 class="title">New Affiliate Signup</h2>
<hr class="carved" />
<form action="" method="post" class="signup">
<h2>Email*:</h2> <input type="email" name="email" />
<br>
<h2>Name*:</h2> <input type="text" name="username" />
<br>
<h2>Password*:</h2> <input type="password" name="password" />
<br>
<input type="submit" value="Register" id="submit" />
</form>
<?php
include'config-db.php';
if(!empty($_POST['email']) && !empty($_POST['username']) && !empty($_POST['password']))
{
$email = ($_POST['email']);
$username = ($_POST['username']);
$password = md5($_POST['password']);
//Check if username already exists
$sql = "SELECT * FROM affiliates WHERE username='$username'";
$result = $conn->query($sql);
if ($result->num_rows > 0){
echo "<h2>Username Already Exists. Use a different username</h2>";
}
//If username available then register
else {
$sql = "INSERT INTO affiliates (email, username, password)
VALUES ('$email', '$username', '$password')";
if ($conn->query($sql) === TRUE) {
$last_id = $conn->insert_id;
echo "<div class='success-msg'>";
echo "Successfully registered affiliate.";
echo "<br><br>";
echo "<a href='affiliate-login.php'>Affiliate Login</a>";
echo "</div>";
} else {
echo '<div class="success-msg">Something went wrong.</div>';
}
$to = "$email";
$subject = "Affiliate Signup Information";
$message = "
<html>
Hello <strong>$username</strong>
<h2>Below Is Your Affiliate Sign up Information</h2>
<p>Your Affiliate ID number: $last_id</p>
<p>Your Name: $username</p>
<p>Your Email: $email</p>
</html>
";
// Always set content-type when sending HTML email
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$headers .= 'From: <enquiries@it-doneright.co.uk>' . "\r\n";
mail($to,$subject,$message,$headers);
$conn->close();
}
}
?>
</div>
