PDA

View Full Version : User Login Sytem [HELP!]


Rockstar
05-12-2007, 02:43 PM
Ok,
Im doing a User Login System and In the users Page witch Is done in PHP Im getting loads of little errors
Someone help please

users.php

<?PHP
###########################################
#-----------Users login system------------#
###########################################
/*=========================================\

include ("functions.php");

// the Default function.
//note for functions: if you want to include a value of some variables inside the funtions,
//then you have to GLOBAL it first.
function index($user) {
global $db, $prefix;

//check if the user is logged in or not.
if (is_logged_in($user)) {
include("header.php");

//get_my_info($user);
$cookie_read = explode("|", base64_decode($user));
//define variables to hold cookie values.
$userid = $cookie_read[0];
$username = $cookie_read[1];
$password = $cookie_read[2];
$ipaddress = $cookie_read[3];
$lastlogin_date = $cookie_read[4];
$lastlogin_time = $cookie_read[5];
if($ipaddress == "") $ipaddress = ""._NOT_YET."";

//print wilcome message
echo ""._WELCOME." <b>$username</b>, "._LAST_LOGIN." "._FROM.": [$ipaddress] "._ON." [$lastlogin_date @ $lastlogin_time] (<a href=users.php?maa=Logout>"._LOGOUT."</a>)";
echo "<br><br><br><br>";
navigation_menu();

include("footer.php");
}else{
//if the user is not logged in then show the login form.
// header("Location: users.php?maa=Login"); die();
include("header.php");
login_form();
include("footer.php");
}
}
################################################## ##############################
#------------------------------------------------------------------------------#
# navigation menu
#------------------------------------------------------------------------------#
################################################## ##############################
function navigation_menu(){
echo " <center>"
." [ <a href=\"index.php\">"._HOME."</a> ] "
." [ <a href=\"users.php\">"._MY_ACCOUNT."</a> ] "
." [ <a href=\"users.php?maa=EditMyInfo\">"._CHANGE_MY_INFO."</a> ]"
." [ <a href=\"users.php?maa=ChangePWD\">"._CHANGE_MY_PASSWORD."</a> ]"
." [ <a href=\"users.php?maa=Logout\">"._LOGOUT."</a> ]"
." </center><br>";
}
################################################## ##############################
#------------------------------------------------------------------------------#
# login
#------------------------------------------------------------------------------#
################################################## ##############################
//the login form
// in this form there is hidden field (<input type=\"hidden\" name=\"maa\" value=\"do_login\">)
//this used to do the login process
function login_form(){
global $username,$user_err,$pass_err,$error_msg;

echo "<center><font class=\"title\">"._PLEASE_ENTER_YOUR_USER."</font></center>\n";
echo "
<center>
<form method=\"POST\" action=\"users.php\" name=\"loginform\">
<table border=\"0\" cellspacing=\"2\" cellpadding=\"4\">
<tr>
<td bgcolor=\"#E2E2E2\">"._USERNAME." : </td>
<td bgcolor=\"#E2E2E2\"><input type=\"text\" name=\"username\" value=\"$username\" size=\"11\"> $user_err</td>
</tr>
<tr>
<td bgcolor=\"#E2E2E2\">"._PASSWORD." : </td>
<td bgcolor=\"#E2E2E2\"><input type=\"password\" name=\"password\" size=\"11\"> $pass_err</td>
</tr>
<tr>
<td colspan=2>"._REMEBER_ME." <input type=\"checkbox\" name=\"remember\" value=\"ON\"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td> <input type=\"hidden\" name=\"maa\" value=\"do_login\">
<input type=\"submit\" value=\""._LOGIN."\"></p>
</td>
</tr>
</table> $error_msg
</form>[<a href=\"index.php\">"._HOME."</a>] [ <a href=\"users.php?maa=Register\">"._REGISTER."</a> <img src=\"images/register.gif\"> ] [ <a href=\"users.php?maa=Forgot_pwd\">"._FORGOT_PASSWORD."</a> <img src=\"images/forgot_pwd.gif\"> ]<br><br>";
}

//a login function to call the login form.
function Login(){
include("header.php");
login_form();
include("footer.php");
}

//this function will do the login porcess for you.
function do_login(){
// define the values from the form.
//note for functions: if you want to include a value of some variables inside the funtions,
//then you have to GLOBAL it first.
global $prefix,$db,$username,$password, $remember, $user_err,$pass_err,$error_msg,$REMOTE_ADDR;

//check username and password fields.
if((!$username) || (!$password)){
include("header.php");

$reqmsg= "(<font class=\"error\">"._REQUIRED."</font>)";
if(trim(empty($username))){
$user_err= $reqmsg;
}
if(empty($password)){
$pass_err= $reqmsg;
}

//load the login form again.
login_form();
include("footer.php");
exit();
}

##--nothing empty? lets do the login
//encyrpt password for more Security
$md5_pass = md5($password);
$sql = $db->sql_query("SELECT * FROM ".$prefix."_users WHERE username='$username' AND password='$md5_pass'");
$login_check = $db->sql_numrows($sql);
///////////////////////////////////////////////////////////////////////
//if the entered informations are correct, then login and create the cookies.
if($login_check > 0){
while($row = $db->sql_fetchrow($sql)){

$userid = $row['userid'];
$username = $row['username'];
$password = $row['password'];
$ipaddress = $row['ipaddress'];

$lastlogin = explode(" ", $row['lastlogin']);
$lastlogin_date = $lastlogin[0];
$lastlogin_time = $lastlogin[1];

$info = base64_encode("$userid|$username|$password|$ipaddress|$lastlogin_ date|$lastlogin_time");
if (isset($remember)){
setcookie("user","$info",time()+1209600);
}else{
setcookie("user","$info",0);
}
$db->sql_query("UPDATE ".$prefix."_users SET ipaddress='$REMOTE_ADDR', lastlogin=NOW() WHERE userid='$userid'");

//print success message and redirect browser
msg_redirect(""._LOGIN_SUCCESS."","users.php","5");
}
//if the entered informations are wrong, then print error message.
}else{
//include("header.php");
$error_msg = "<font class=\"error\">"._LOGIN_ERROR."</font>";
unset($username);
unset($password);

include("header.php");
login_form();
include("footer.php");
exit();
}
}


################################################## ##############################
#------------------------------------------------------------------------------#
# logout
#------------------------------------------------------------------------------#
################################################## ##############################
function Logout($user) {
global $db, $prefix;

unset($user);
setcookie("user", false);
$user = "";
header("Location: users.php");

}
################################################## ##############################
#------------------------------------------------------------------------------#
# Register
#------------------------------------------------------------------------------#
################################################## ##############################
function Register(){

include("header.php");
register_form();
include("footer.php");
}

function register_form(){
global $username, $password, $password2, $email, $fullname, $user_taken_err, $email_taken_err;
echo "<center><font class=\"title\">"._REG_FORM."</font></center><br>\n";
//onsubmit='return CheckRegisterForm(RegisterForm)'
echo "<center>"._FILED_STAR_REQUIRED."
<form name=\"RegisterForm\" method=\"POST\" action=\"users.php\">
<table align=\"center\" border=\"1\" width=\"400\" id=\"table1\" cellpadding=\"2\" bordercolor=\"#C0C0C0\">
<tr>
<td width=\"150\" align=\"right\">"._USERNAME." :</td>
<td><input type=\"text\" name=\"username\" size=\"18\" value=\"$username\"> * $user_taken_err</td>
</tr>
<tr>
<td align=\"right\">"._PASSWORD." :</td>
<td><input type=\"password\" name=\"password\" size=\"18\" value=\"$password\"> *</td>
</tr>
<tr>
<td align=\"right\">"._RETYPE_PASSWORD." :</td>
<td><input type=\"password\" name=\"password2\" size=\"18\" value=\"$password2\"> *</td>
</tr>
<tr>
<td align=\"right\">"._EMAIL." :</td>
<td><input type=\"text\" name=\"email\" size=\"27\" value=\"$email\"> * $email_taken_err</td>
</tr>
<tr>
<td align=\"right\">"._FULLNAME." :</td>
<td><input type=\"text\" name=\"fullname\" size=\"27\" value=\"$fullname\"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td> <input type=\"hidden\" name=\"maa\" value=\"do_Register\">
<input type=\"submit\" value=\""._REGISTER."\"></td>
</tr>
</table>
</form>
<center>"._GOBACK." "._GOHOME."</center>";
}
function do_Register(){
global $db, $prefix, $username, $password, $password2, $email, $fullname, $user_taken_err, $email_taken_err;
global $site_name, $site_email, $site_url;

//this function will check fields incase of javascript not working.
if((!$username) || (!$password) || (!$password2) || (!$email)){

if(trim(empty($username))){

}
if(empty($password)){

}
if(empty($password2)){

}
if(trim(empty($email))){

}
//print the error message and load the form.
include("header.php");


echo "<center><font class=\"error\">"._ERROR_PLEASE_FILL_FIELDS."</font></center>\n";
register_form();
include("footer.php");
exit();
}
//this code will check if the 2 passwords are match or not.
if($password != $password2){
//print the error message and load the form.
include("header.php");

register_form();
echo "<center><font class=\"error\">"._ERROR_PASSWORD_DOESNT_MATCH."</font></center>\n";

include("footer.php");
exit();
}
//this code will check if the email is correct or not
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){
//print the error message and load the form.
include("header.php");

register_form();
echo "<center><font class=\"error\">"._ERROR_INVALID_EMAIL."</font></center>\n";

include("footer.php");
exit();
}


//--nothing empty? everything is okay? lets do the register.
$sql_email_check = $db->sql_query("SELECT email FROM ".$prefix."_users WHERE email='$email'");
$sql_username_check = $db->sql_query("SELECT username FROM ".$prefix."_users WHERE username='$username'");
$email_check = $db->sql_numrows($sql_email_check);
$username_check = $db->sql_numrows($sql_username_check);

if(($email_check > 0) || ($username_check > 0)){

//define error message for usage in multi plces.
$exist_msg= "<font class=\"error\">"._ALREADY_TAKEN."</font>";

if($email_check > 0){
$email_taken_err = $exist_msg;
unset($email);
}

if($username_check > 0){
$user_taken_err = $exist_msg;
unset($username);
}

//if the username or email already been taken load the form and print errors.
include("header.php");
register_form();
include("footer.php");
exit();
}
$md5_password = md5($password);
$result = $db->sql_query("INSERT INTO ".$prefix."_users ( username,password,email,fullname,regdate)
VALUES('$username','$md5_password','$email','$full name',NOW())");
$subject = ""._YOUR_INFO_AT." $site_name";
$message = "\n";
$message .= ""._WELCOME_TO." $site_name \n";
$message .= "\n";
$message .= ""._PLZ_KEEP_THIS_EMAIL." \n";
$message .= "\n";
$message .= "---------------------------- \n";
$message .= ""._USERNAME.": $username \n" ;
$message .= ""._PASSWORD.": $password \n";
$message .= "---------------------------- \n";
$message .= "\n" ;
$message .= ""._YOUR_ACCOUNT_IS_CURRENTLY_ACTIVE." \n";
$message .= "\n" ;
$message .= "$site_url \n";
$message .= "\n";
$message .= ""._PLZ_DONT_FORGOT_PWD." \n";
$message .= " \n";
$message .= ""._THANKS_FOR_REGISTERING." \n";
$message .= "\n";
$message .= "-- \n";
$message .= "- $site_name \n";
$message .= "$site_url \n";
$message .= "\n";
$message .= "\n";
$message .= ""._THIS_EMAIL_AUTO_GENERATED." \n" ;
$message .= ""._DONT_RESPOND_WILL_IGNORED." \n";

if(!mail($email,$subject,$message, "FROM: $site_name <$site_email>")){
die (""._EMAIL_DIE."");
}else{
include("header.php");
echo "<div align=\"center\" class=\"div\">"._REG_SUCCESS."</div>";
login_form();
include("footer.php");
}
}

################################################## ##############################
#------------------------------------------------------------------------------#
# Forgot Password
#------------------------------------------------------------------------------#
################################################## ##############################
function Forgot_pwd_form(){
global $error_msg;

echo "<center><font class=\"title\">"._SEND_NEW_PASSWORD."</font>
<form method='POST' action='users.php'>
<table border='0' cellpadding='4'>
<tr>
<td bgcolor='#E2E2E2'>"._USERNAME." :</td>
<td bgcolor='#E2E2E2'><input type='text' name='username' size='11'></td>
</tr>
<tr>
<td bgcolor='#E2E2E2'>"._EMAIL." :</td>
<td bgcolor='#E2E2E2'><input type='text' name='email' size='11'></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>
<input type='hidden' name='maa' value='do_Forgot_pwd'>
<input type='submit' value='"._SEND_PASSWORD."'></p>
</td>
</tr>
</table><center>$error_msg</center>
</form>";
}

function Forgot_pwd(){
global $user, $prefix, $db;

include("header.php");
Forgot_pwd_form();
include("footer.php");
}

function do_Forgot_pwd(){
global $user, $prefix, $db, $email, $username, $error_msg, $site_name ,$site_email, $site_url;

$result = $db->sql_query("SELECT * FROM ".$prefix."_users WHERE username='$username' AND email='$email'");
$check = $db->sql_numrows($result);
if($check == 1){

function new_pwd() {
$chars = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double)microtime()*1000000);
$i = 0;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pwd = $pwd . $tmp;
$i++;
}
return $pwd;
}
$new_pwd = new_pwd();
$md5_password = md5($new_pwd);
$sql = $db->sql_query("UPDATE ".$prefix."_users SET password='$md5_password' WHERE email='$email'");

$subject = ""._NEW_PASSWORD."";
$message = " \n";
$message .= ""._HELLO." $username, \n";
$message .= " \n";
$message .= ""._YOU_ARE_RECEIVING_EMAIL." $site_name. \n";
$message .= " \n";
$message .= ""._HERE_ISIT_BELOW." \n";
$message .= "-------------------------- \n";
$message .= ""._USERNAME.": $username \n";
$message .= ""._PASSWORD.": $new_pwd \n";
$message .= "-------------------------- \n";
$message .= ""._YOU_MAY_LOGIN_BELOW." \n";
$message .= "$site_url \n";
$message .= " \n";
$message .= ""._YOU_CAN_OFCOURSE_CHANGE_PWS." \n";
$message .= " \n";
$message .= "-- \n";
$message .= "-"._THANKS." \n";
$message .= "$site_name \n";
$message .= " \n";
$message .= ""._THIS_EMAIL_AUTO_GENERATED." \n";
$message .= ""._DONT_RESPOND_WILL_IGNORED." \n";

if(!mail($email,$subject,$message, "FROM: $site_name <$site_email>")){
die (""._EMAIL_DIE."");
}

//print success message and redirect browser
msg_redirect(""._NEW_PWD_SENT_TO_YOUR_EMAIL."","users.php","10");

//this else for : if($check == 1){
}else{
include("header.php");
Forgot_pwd_form();
echo "<center><font class=\"error\">"._WRONG_USEREMAIL."</font></center><br>";
include("footer.php");
}
}

################################################## ##############################
#------------------------------------------------------------------------------#
# Change Password
#------------------------------------------------------------------------------#
################################################## ##############################
function change_pwd_form(){
global $user;
if (is_logged_in($user)) {
navigation_menu();

echo "<center><font class=\"title\">"._CHANGE_MY_PWD."</font>
<br> "._ONCE_CHANGED_LOGOUT."
<form method='POST' action='users.php'>
<table border='0' cellpadding='4'>
<tr>
<td bgcolor='#E2E2E2'>"._OLD_PWD." :</td>
<td bgcolor='#E2E2E2'><input type='password' name='old_pwd' size='11'></td>
</tr>
<tr>
<td bgcolor='#E2E2E2'>"._NEW_PWD." :</td>
<td bgcolor='#E2E2E2'><input type='password' name='new_pwd1' size='11'></td>
</tr>
<tr>
<td bgcolor='#E2E2E2'>"._CONFIRM_NEW_PWD." :</td>
<td bgcolor='#E2E2E2'><input type='password' name='new_pwd2' size='11'></td>
</tr>
<tr>
<td align=center colspan=2>
<input type='hidden' name='maa' value='do_ChangePWD'>
<input type='submit' value='"._CHANGE_PWD."'></p>
</td>
</tr>
</table>
</form>";
}else{
echo "<br /><center><font class=\"title\">"._NOT_AUTHORIZED."</font>";
}
}
function ChangePWD(){
global $user, $prefix, $db;

include("header.php");
change_pwd_form();
include("footer.php");
}
function do_ChangePWD(){
global $user, $prefix, $db, $old_pwd, $new_pwd1, $new_pwd2;

if (is_logged_in($user)) {

//check empty fields
if((empty($old_pwd)) or (empty($new_pwd1)) or (empty($new_pwd2))){
include("header.php");
change_pwd_form();
echo "<center><font class=\"error\">"._ERROR_PLEASE_FILL_FIELDS."</font>";
include("footer.php");
exit();
}

$cookie_read = explode("|", base64_decode($user));
$userid = $cookie_read[0];

$old_pwd_md5 = md5($old_pwd);
$result = $db->sql_query("SELECT userid,password FROM ".$prefix."_users WHERE userid='$userid' AND password='$old_pwd_md5'");

if($db->sql_numrows($result) == 0){

include("header.php");
change_pwd_form();
echo "<center><font class=\"error\">"._OLD_PWD_DONT_MATCH."</font></center><br>";
include("footer.php");
exit();

}else{

if($new_pwd1 != $new_pwd2){

include("header.php");
change_pwd_form();
echo "<center><font class=\"error\">"._ERROR_NEW_PWD_DOESNT_MATCH."</font></center><br>";
include("footer.php");
exit();

}else{

$md5_password = md5($new_pwd1);
$sql = $db->sql_query("UPDATE ".$prefix."_users SET password='$md5_password' WHERE userid='$userid'");

$msg = ""._SUCCESS_PWD_CHANGED." <br> "._PLZ_REMEBER_NEW_PWS." ";
//print success message and redirect browser
msg_redirect("$msg","users.php","10");
}
}
}else{
echo "<br /><center><font class=\"title\">"._NOT_AUTHORIZED."</font>";
}

}
################################################## ##############################
#------------------------------------------------------------------------------#
# Change MyInfo
#------------------------------------------------------------------------------#
################################################## ##############################
function EditMyInfo(){

include("header.php");
EditMyInfo_form();
include("footer.php");
}

function EditMyInfo_form(){
global $user, $db, $prefix, $username, $password, $email, $fullname, $user_taken_err, $email_taken_err;

if (is_logged_in($user)) {
navigation_menu();

$cookie_read = explode("|", base64_decode($user));
$userid = $cookie_read[0];
$result = $db->sql_query("SELECT * FROM ".$prefix."_users WHERE userid='$userid'");
$row = $db->sql_fetchrow($result);

echo "<center><font class=\"title\">"._CHANGE_MY_INFORMATION."</font></center><br>\n";
echo "<center>"._FILED_STAR_REQUIRED."
<form name=\"EditMyInfoForm\" method=\"POST\" action=\"users.php\">
<table align=\"center\" border=\"1\" width=\"500\" id=\"table1\" cellpadding=\"2\" bordercolor=\"#C0C0C0\">
<tr>
<td width=\"100\" align=\"right\">"._USERNAME." :</td>
<td><input type=\"text\" disabled=\"true\" name=\"username\" size=\"18\" value=\"$row[username]\"></td>
</tr>
<tr>
<td align=\"right\">"._EMAIL." :</td>
<td><input type=\"text\" name=\"email\" size=\"27\" value=\"$row[email]\"> * $email_taken_err</td>
</tr>
<tr>
<td align=\"right\">"._FULLNAME." :</td>
<td><input type=\"text\" name=\"fullname\" size=\"27\" value=\"$row[fullname]\"></td>
</tr>
<tr>
<td align=\"right\">"._WEBSITE." :</td>
<td><input type=\"text\" name=\"site\" size=\"27\" value=\"$row[site]\"> "._EG." http://www.site.com</td>
</tr>
<tr>
<td align=\"right\">"._COUNTRY." :</td>
<td><input type=\"text\" name=\"country\" size=\"27\" value=\"$row[country]\"></td>
</tr>
<tr>
<td align=\"right\">"._CITY.":</td>
<td><input type=\"text\" name=\"city\" size=\"27\" value=\"$row[city]\"></td>
</tr>
<tr>
<td align=\"right\">"._TEL_MOBILE." :</td>
<td><input type=\"text\" name=\"tel\" size=\"27\" value=\"$row[tel]\"></td>
</tr>
<tr>
<td align=\"right\">"._PROFILE.":</td>
<td><textarea rows=\"5\" name=\"profile\" cols=\"30\">$row[profile]</textarea></td>
</tr>
<tr>
<td>&nbsp;</td>
<td> <input type=\"hidden\" name=\"maa\" value=\"do_EditMyInfo\">
<input type=\"submit\" value=\""._SAVE_CHANGES."\"></td>
</tr>
</table></form>";

}else{
echo "<br /><center><font class=\"title\">"._NOT_AUTHORIZED."</font>";
}

}
function do_EditMyInfo(){
global $user, $db, $prefix, $email, $fullname, $email_taken_err;
global $site, $country, $city, $tel, $profile;
global $site_name, $site_email, $site_url;

if (is_logged_in($user)) {
//this function will check fields incase of javascript not working.
if(trim(empty($email))){
//print the error message and load the form.
include("header.php");

EditMyInfo_form();
echo "<center><font class=\"error\">"._ERROR_PLEASE_FILL_FIELDS."</font></center>\n";
include("footer.php");
exit();
}

$cookie_read = explode("|", base64_decode($user));
$userid = $cookie_read[0];

/*--nothing empty? everything is okay? lets do the changes--*/
$sql_email_check = $db->sql_query("SELECT email FROM ".$prefix."_users WHERE email='$email' AND userid!='$userid'");
$email_check = $db->sql_numrows($sql_email_check);
//define error message for usage in multi plces.
$exist_msg= "<font class=\"error\">("._THE_EMAIL." $email: "._ALREADY_TAKEN.")</font>";

if($email_check > 0){
$email_taken_err = $exist_msg;
unset($email);
//if the email already been taken load the form and print errors.
include("header.php");
EditMyInfo_form();
include("footer.php");
exit();
}

$result = $db->sql_query("UPDATE ".$prefix."_users
SET email='$email',
fullname='$fullname',
site='$site',
country='$country',
city='$city',
tel='$tel',
profile='$profile'
WHERE userid='$userid'");

//print success message and redirect browser
msg_redirect(""._YOUR_INFO_HAS_BEEN_CHANGES."","users.php","5");
}else{
echo "<br /><center><font class=\"title\">"._NOT_AUTHORIZED."</font>";
}


}

################################################## ##############################
#------------------------------------------------------------------------------#
# a switch for switching between functions
#------------------------------------------------------------------------------#
################################################## ##############################
switch ($maa){

case "EditMyInfo":
EditMyInfo();
break;

case "do_EditMyInfo":
do_EditMyInfo();
break;

case "ChangePWD":
ChangePWD();
break;

case "do_ChangePWD":
do_ChangePWD();
break;

case "Forgot_pwd":
Forgot_pwd();
break;

case "do_Forgot_pwd":
do_Forgot_pwd();
break;

case "Register":
Register();
break;

case "do_Register":
do_Register();
break;

case "Logout":
Logout($user);
break;

case "Login":
Login();
break;

case "do_login":
do_login();
break;
//load the default function.
Default:
index($user);
Break;
}

//last update DEC 04, 2007 @ 9:30 PM by Jack. (+10 GMT)
?>
MrCraig
05-12-2007, 02:48 PM
why is the first half of the script commented out :S
Blob
05-12-2007, 05:14 PM
<?PHP
###########################################
#-----------Users login system------------#
###########################################
/*=========================================*/

include ("functions.php");

// the Default function.
//note for functions: if you want to include a value of some variables inside the funtions,
//then you have to GLOBAL it first.

function index($user) {
global $db, $prefix;

//check if the user is logged in or not.
if (is_logged_in($user)) {
include("header.php");

//get_my_info($user);
$cookie_read = explode("|", base64_decode($user));
//define variables to hold cookie values.
$userid = $cookie_read[0];
$username = $cookie_read[1];
$password = $cookie_read[2];
$ipaddress = $cookie_read[3];
$lastlogin_date = $cookie_read[4];
$lastlogin_time = $cookie_read[5];
if($ipaddress == "") $ipaddress = ""._NOT_YET."";

//print wilcome message
echo ""._WELCOME." <b>$username</b>, "._LAST_LOGIN." "._FROM.": [$ipaddress] "._ON." [$lastlogin_date @ $lastlogin_time] (<a href=users.php?maa=Logout>"._LOGOUT."</a>)";
echo "<br><br><br><br>";
navigation_menu();

include("footer.php");
}else{
//if the user is not logged in then show the login form.
// header("Location: users.php?maa=Login"); die();
include("header.php");
login_form();
include("footer.php");
}
}
################################################## ##############################
#------------------------------------------------------------------------------#
# navigation menu
#------------------------------------------------------------------------------#
################################################## ##############################
function navigation_menu(){
echo " <center>"
." [ <a href=\"index.php\">"._HOME."</a> ] "
." [ <a href=\"users.php\">"._MY_ACCOUNT."</a> ] "
." [ <a href=\"users.php?maa=EditMyInfo\">"._CHANGE_MY_INFO."</a> ]"
." [ <a href=\"users.php?maa=ChangePWD\">"._CHANGE_MY_PASSWORD."</a> ]"
." [ <a href=\"users.php?maa=Logout\">"._LOGOUT."</a> ]"
." </center><br>";
}
################################################## ##############################
#------------------------------------------------------------------------------#
# login
#------------------------------------------------------------------------------#
################################################## ##############################
//the login form
// in this form there is hidden field (<input type=\"hidden\" name=\"maa\" value=\"do_login\">)
//this used to do the login process
function login_form(){
global $username,$user_err,$pass_err,$error_msg;

echo "<center><font class=\"title\">"._PLEASE_ENTER_YOUR_USER."</font></center>\n";
echo "
<center>
<form method=\"POST\" action=\"users.php\" name=\"loginform\">
<table border=\"0\" cellspacing=\"2\" cellpadding=\"4\">
<tr>
<td bgcolor=\"#E2E2E2\">"._USERNAME." : </td>
<td bgcolor=\"#E2E2E2\"><input type=\"text\" name=\"username\" value=\"$username\" size=\"11\"> $user_err</td>
</tr>
<tr>
<td bgcolor=\"#E2E2E2\">"._PASSWORD." : </td>
<td bgcolor=\"#E2E2E2\"><input type=\"password\" name=\"password\" size=\"11\"> $pass_err</td>
</tr>
<tr>
<td colspan=2>"._REMEBER_ME." <input type=\"checkbox\" name=\"remember\" value=\"ON\"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td> <input type=\"hidden\" name=\"maa\" value=\"do_login\">
<input type=\"submit\" value=\""._LOGIN."\"></p>
</td>
</tr>
</table> $error_msg
</form>[<a href=\"index.php\">"._HOME."</a>] [ <a href=\"users.php?maa=Register\">"._REGISTER."</a> <img src=\"images/register.gif\"> ] [ <a href=\"users.php?maa=Forgot_pwd\">"._FORGOT_PASSWORD."</a> <img src=\"images/forgot_pwd.gif\"> ]<br><br>";
}

//a login function to call the login form.
function Login(){
include("header.php");
login_form();
include("footer.php");
}

//this function will do the login porcess for you.
function do_login(){
// define the values from the form.
//note for functions: if you want to include a value of some variables inside the funtions,
//then you have to GLOBAL it first.
global $prefix,$db,$username,$password, $remember, $user_err,$pass_err,$error_msg,$REMOTE_ADDR;

//check username and password fields.
if((!$username) || (!$password)){
include("header.php");

$reqmsg= "(<font class=\"error\">"._REQUIRED."</font>)";
if(trim(empty($username))){
$user_err= $reqmsg;
}
if(empty($password)){
$pass_err= $reqmsg;
}

//load the login form again.
login_form();
include("footer.php");
exit();
}

##--nothing empty? lets do the login
//encyrpt password for more Security
$md5_pass = md5($password);
$sql = $db->sql_query("SELECT * FROM ".$prefix."_users WHERE username='$username' AND password='$md5_pass'");
$login_check = $db->sql_numrows($sql);
///////////////////////////////////////////////////////////////////////
//if the entered informations are correct, then login and create the cookies.
if($login_check > 0){
while($row = $db->sql_fetchrow($sql)){

$userid = $row['userid'];
$username = $row['username'];
$password = $row['password'];
$ipaddress = $row['ipaddress'];

$lastlogin = explode(" ", $row['lastlogin']);
$lastlogin_date = $lastlogin[0];
$lastlogin_time = $lastlogin[1];

$info = base64_encode("$userid|$username|$password|$ipaddress|$lastlogin_ date|$lastlogin_time");
if (isset($remember)){
setcookie("user","$info",time()+1209600);
}else{
setcookie("user","$info",0);
}
$db->sql_query("UPDATE ".$prefix."_users SET ipaddress='$REMOTE_ADDR', lastlogin=NOW() WHERE userid='$userid'");

//print success message and redirect browser
msg_redirect(""._LOGIN_SUCCESS."","users.php","5");
}
//if the entered informations are wrong, then print error message.
}else{
//include("header.php");
$error_msg = "<font class=\"error\">"._LOGIN_ERROR."</font>";
unset($username);
unset($password);

include("header.php");
login_form();
include("footer.php");
exit();
}
}


################################################## ##############################
#------------------------------------------------------------------------------#
# logout
#------------------------------------------------------------------------------#
################################################## ##############################
function Logout($user) {
global $db, $prefix;

unset($user);
setcookie("user", false);
$user = "";
header("Location: users.php");

}
################################################## ##############################
#------------------------------------------------------------------------------#
# Register
#------------------------------------------------------------------------------#
################################################## ##############################
function Register(){

include("header.php");
register_form();
include("footer.php");
}

function register_form(){
global $username, $password, $password2, $email, $fullname, $user_taken_err, $email_taken_err;
echo "<center><font class=\"title\">"._REG_FORM."</font></center><br>\n";
//onsubmit='return CheckRegisterForm(RegisterForm)'
echo "<center>"._FILED_STAR_REQUIRED."
<form name=\"RegisterForm\" method=\"POST\" action=\"users.php\">
<table align=\"center\" border=\"1\" width=\"400\" id=\"table1\" cellpadding=\"2\" bordercolor=\"#C0C0C0\">
<tr>
<td width=\"150\" align=\"right\">"._USERNAME." :</td>
<td><input type=\"text\" name=\"username\" size=\"18\" value=\"$username\"> * $user_taken_err</td>
</tr>
<tr>
<td align=\"right\">"._PASSWORD." :</td>
<td><input type=\"password\" name=\"password\" size=\"18\" value=\"$password\"> *</td>
</tr>
<tr>
<td align=\"right\">"._RETYPE_PASSWORD." :</td>
<td><input type=\"password\" name=\"password2\" size=\"18\" value=\"$password2\"> *</td>
</tr>
<tr>
<td align=\"right\">"._EMAIL." :</td>
<td><input type=\"text\" name=\"email\" size=\"27\" value=\"$email\"> * $email_taken_err</td>
</tr>
<tr>
<td align=\"right\">"._FULLNAME." :</td>
<td><input type=\"text\" name=\"fullname\" size=\"27\" value=\"$fullname\"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td> <input type=\"hidden\" name=\"maa\" value=\"do_Register\">
<input type=\"submit\" value=\""._REGISTER."\"></td>
</tr>
</table>
</form>
<center>"._GOBACK." "._GOHOME."</center>";
}
function do_Register(){
global $db, $prefix, $username, $password, $password2, $email, $fullname, $user_taken_err, $email_taken_err;
global $site_name, $site_email, $site_url;

//this function will check fields incase of javascript not working.
if((!$username) || (!$password) || (!$password2) || (!$email)){

if(trim(empty($username))){

}
if(empty($password)){

}
if(empty($password2)){

}
if(trim(empty($email))){

}
//print the error message and load the form.
include("header.php");


echo "<center><font class=\"error\">"._ERROR_PLEASE_FILL_FIELDS."</font></center>\n";
register_form();
include("footer.php");
exit();
}
//this code will check if the 2 passwords are match or not.
if($password != $password2){
//print the error message and load the form.
include("header.php");

register_form();
echo "<center><font class=\"error\">"._ERROR_PASSWORD_DOESNT_MATCH."</font></center>\n";

include("footer.php");
exit();
}
//this code will check if the email is correct or not
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){
//print the error message and load the form.
include("header.php");

register_form();
echo "<center><font class=\"error\">"._ERROR_INVALID_EMAIL."</font></center>\n";

include("footer.php");
exit();
}


//--nothing empty? everything is okay? lets do the register.
$sql_email_check = $db->sql_query("SELECT email FROM ".$prefix."_users WHERE email='$email'");
$sql_username_check = $db->sql_query("SELECT username FROM ".$prefix."_users WHERE username='$username'");
$email_check = $db->sql_numrows($sql_email_check);
$username_check = $db->sql_numrows($sql_username_check);

if(($email_check > 0) || ($username_check > 0)){

//define error message for usage in multi plces.
$exist_msg= "<font class=\"error\">"._ALREADY_TAKEN."</font>";

if($email_check > 0){
$email_taken_err = $exist_msg;
unset($email);
}

if($username_check > 0){
$user_taken_err = $exist_msg;
unset($username);
}

//if the username or email already been taken load the form and print errors.
include("header.php");
register_form();
include("footer.php");
exit();
}
$md5_password = md5($password);
$result = $db->sql_query("INSERT INTO ".$prefix."_users ( username,password,email,fullname,regdate)
VALUES('$username','$md5_password','$email','$full name',NOW())");
$subject = ""._YOUR_INFO_AT." $site_name";
$message = "\n";
$message .= ""._WELCOME_TO." $site_name \n";
$message .= "\n";
$message .= ""._PLZ_KEEP_THIS_EMAIL." \n";
$message .= "\n";
$message .= "---------------------------- \n";
$message .= ""._USERNAME.": $username \n" ;
$message .= ""._PASSWORD.": $password \n";
$message .= "---------------------------- \n";
$message .= "\n" ;
$message .= ""._YOUR_ACCOUNT_IS_CURRENTLY_ACTIVE." \n";
$message .= "\n" ;
$message .= "$site_url \n";
$message .= "\n";
$message .= ""._PLZ_DONT_FORGOT_PWD." \n";
$message .= " \n";
$message .= ""._THANKS_FOR_REGISTERING." \n";
$message .= "\n";
$message .= "-- \n";
$message .= "- $site_name \n";
$message .= "$site_url \n";
$message .= "\n";
$message .= "\n";
$message .= ""._THIS_EMAIL_AUTO_GENERATED." \n" ;
$message .= ""._DONT_RESPOND_WILL_IGNORED." \n";

if(!mail($email,$subject,$message, "FROM: $site_name <$site_email>")){
die (""._EMAIL_DIE."");
}else{
include("header.php");
echo "<div align=\"center\" class=\"div\">"._REG_SUCCESS."</div>";
login_form();
include("footer.php");
}
}

################################################## ##############################
#------------------------------------------------------------------------------#
# Forgot Password
#------------------------------------------------------------------------------#
################################################## ##############################
function Forgot_pwd_form(){
global $error_msg;

echo "<center><font class=\"title\">"._SEND_NEW_PASSWORD."</font>
<form method='POST' action='users.php'>
<table border='0' cellpadding='4'>
<tr>
<td bgcolor='#E2E2E2'>"._USERNAME." :</td>
<td bgcolor='#E2E2E2'><input type='text' name='username' size='11'></td>
</tr>
<tr>
<td bgcolor='#E2E2E2'>"._EMAIL." :</td>
<td bgcolor='#E2E2E2'><input type='text' name='email' size='11'></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>
<input type='hidden' name='maa' value='do_Forgot_pwd'>
<input type='submit' value='"._SEND_PASSWORD."'></p>
</td>
</tr>
</table><center>$error_msg</center>
</form>";
}

function Forgot_pwd(){
global $user, $prefix, $db;

include("header.php");
Forgot_pwd_form();
include("footer.php");
}

function do_Forgot_pwd(){
global $user, $prefix, $db, $email, $username, $error_msg, $site_name ,$site_email, $site_url;

$result = $db->sql_query("SELECT * FROM ".$prefix."_users WHERE username='$username' AND email='$email'");
$check = $db->sql_numrows($result);
if($check == 1){

function new_pwd() {
$chars = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double)microtime()*1000000);
$i = 0;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pwd = $pwd . $tmp;
$i++;
}
return $pwd;
}
$new_pwd = new_pwd();
$md5_password = md5($new_pwd);
$sql = $db->sql_query("UPDATE ".$prefix."_users SET password='$md5_password' WHERE email='$email'");

$subject = ""._NEW_PASSWORD."";
$message = " \n";
$message .= ""._HELLO." $username, \n";
$message .= " \n";
$message .= ""._YOU_ARE_RECEIVING_EMAIL." $site_name. \n";
$message .= " \n";
$message .= ""._HERE_ISIT_BELOW." \n";
$message .= "-------------------------- \n";
$message .= ""._USERNAME.": $username \n";
$message .= ""._PASSWORD.": $new_pwd \n";
$message .= "-------------------------- \n";
$message .= ""._YOU_MAY_LOGIN_BELOW." \n";
$message .= "$site_url \n";
$message .= " \n";
$message .= ""._YOU_CAN_OFCOURSE_CHANGE_PWS." \n";
$message .= " \n";
$message .= "-- \n";
$message .= "-"._THANKS." \n";
$message .= "$site_name \n";
$message .= " \n";
$message .= ""._THIS_EMAIL_AUTO_GENERATED." \n";
$message .= ""._DONT_RESPOND_WILL_IGNORED." \n";

if(!mail($email,$subject,$message, "FROM: $site_name <$site_email>")){
die (""._EMAIL_DIE."");
}

//print success message and redirect browser
msg_redirect(""._NEW_PWD_SENT_TO_YOUR_EMAIL."","users.php","10");

//this else for : if($check == 1){
}else{
include("header.php");
Forgot_pwd_form();
echo "<center><font class=\"error\">"._WRONG_USEREMAIL."</font></center><br>";
include("footer.php");
}
}

################################################## ##############################
#------------------------------------------------------------------------------#
# Change Password
#------------------------------------------------------------------------------#
################################################## ##############################
function change_pwd_form(){
global $user;
if (is_logged_in($user)) {
navigation_menu();

echo "<center><font class=\"title\">"._CHANGE_MY_PWD."</font>
<br> "._ONCE_CHANGED_LOGOUT."
<form method='POST' action='users.php'>
<table border='0' cellpadding='4'>
<tr>
<td bgcolor='#E2E2E2'>"._OLD_PWD." :</td>
<td bgcolor='#E2E2E2'><input type='password' name='old_pwd' size='11'></td>
</tr>
<tr>
<td bgcolor='#E2E2E2'>"._NEW_PWD." :</td>
<td bgcolor='#E2E2E2'><input type='password' name='new_pwd1' size='11'></td>
</tr>
<tr>
<td bgcolor='#E2E2E2'>"._CONFIRM_NEW_PWD." :</td>
<td bgcolor='#E2E2E2'><input type='password' name='new_pwd2' size='11'></td>
</tr>
<tr>
<td align=center colspan=2>
<input type='hidden' name='maa' value='do_ChangePWD'>
<input type='submit' value='"._CHANGE_PWD."'></p>
</td>
</tr>
</table>
</form>";
}else{
echo "<br /><center><font class=\"title\">"._NOT_AUTHORIZED."</font>";
}
}
function ChangePWD(){
global $user, $prefix, $db;

include("header.php");
change_pwd_form();
include("footer.php");
}
function do_ChangePWD(){
global $user, $prefix, $db, $old_pwd, $new_pwd1, $new_pwd2;

if (is_logged_in($user)) {

//check empty fields
if((empty($old_pwd)) or (empty($new_pwd1)) or (empty($new_pwd2))){
include("header.php");
change_pwd_form();
echo "<center><font class=\"error\">"._ERROR_PLEASE_FILL_FIELDS."</font>";
include("footer.php");
exit();
}

$cookie_read = explode("|", base64_decode($user));
$userid = $cookie_read[0];

$old_pwd_md5 = md5($old_pwd);
$result = $db->sql_query("SELECT userid,password FROM ".$prefix."_users WHERE userid='$userid' AND password='$old_pwd_md5'");

if($db->sql_numrows($result) == 0){

include("header.php");
change_pwd_form();
echo "<center><font class=\"error\">"._OLD_PWD_DONT_MATCH."</font></center><br>";
include("footer.php");
exit();

}else{

if($new_pwd1 != $new_pwd2){

include("header.php");
change_pwd_form();
echo "<center><font class=\"error\">"._ERROR_NEW_PWD_DOESNT_MATCH."</font></center><br>";
include("footer.php");
exit();

}else{

$md5_password = md5($new_pwd1);
$sql = $db->sql_query("UPDATE ".$prefix."_users SET password='$md5_password' WHERE userid='$userid'");

$msg = ""._SUCCESS_PWD_CHANGED." <br> "._PLZ_REMEBER_NEW_PWS." ";
//print success message and redirect browser
msg_redirect("$msg","users.php","10");
}
}
}else{
echo "<br /><center><font class=\"title\">"._NOT_AUTHORIZED."</font>";
}

}
################################################## ##############################
#------------------------------------------------------------------------------#
# Change MyInfo
#------------------------------------------------------------------------------#
################################################## ##############################
function EditMyInfo(){

include("header.php");
EditMyInfo_form();
include("footer.php");
}

function EditMyInfo_form(){
global $user, $db, $prefix, $username, $password, $email, $fullname, $user_taken_err, $email_taken_err;

if (is_logged_in($user)) {
navigation_menu();

$cookie_read = explode("|", base64_decode($user));
$userid = $cookie_read[0];
$result = $db->sql_query("SELECT * FROM ".$prefix."_users WHERE userid='$userid'");
$row = $db->sql_fetchrow($result);

echo "<center><font class=\"title\">"._CHANGE_MY_INFORMATION."</font></center><br>\n";
echo "<center>"._FILED_STAR_REQUIRED."
<form name=\"EditMyInfoForm\" method=\"POST\" action=\"users.php\">
<table align=\"center\" border=\"1\" width=\"500\" id=\"table1\" cellpadding=\"2\" bordercolor=\"#C0C0C0\">
<tr>
<td width=\"100\" align=\"right\">"._USERNAME." :</td>
<td><input type=\"text\" disabled=\"true\" name=\"username\" size=\"18\" value=\"$row[username]\"></td>
</tr>
<tr>
<td align=\"right\">"._EMAIL." :</td>
<td><input type=\"text\" name=\"email\" size=\"27\" value=\"$row[email]\"> * $email_taken_err</td>
</tr>
<tr>
<td align=\"right\">"._FULLNAME." :</td>
<td><input type=\"text\" name=\"fullname\" size=\"27\" value=\"$row[fullname]\"></td>
</tr>
<tr>
<td align=\"right\">"._WEBSITE." :</td>
<td><input type=\"text\" name=\"site\" size=\"27\" value=\"$row[site]\"> "._EG." http://www.site.com</td>
</tr>
<tr>
<td align=\"right\">"._COUNTRY." :</td>
<td><input type=\"text\" name=\"country\" size=\"27\" value=\"$row[country]\"></td>
</tr>
<tr>
<td align=\"right\">"._CITY.":</td>
<td><input type=\"text\" name=\"city\" size=\"27\" value=\"$row[city]\"></td>
</tr>
<tr>
<td align=\"right\">"._TEL_MOBILE." :</td>
<td><input type=\"text\" name=\"tel\" size=\"27\" value=\"$row[tel]\"></td>
</tr>
<tr>
<td align=\"right\">"._PROFILE.":</td>
<td><textarea rows=\"5\" name=\"profile\" cols=\"30\">$row[profile]</textarea></td>
</tr>
<tr>
<td>&nbsp;</td>
<td> <input type=\"hidden\" name=\"maa\" value=\"do_EditMyInfo\">
<input type=\"submit\" value=\""._SAVE_CHANGES."\"></td>
</tr>
</table></form>";

}else{
echo "<br /><center><font class=\"title\">"._NOT_AUTHORIZED."</font>";
}

}
function do_EditMyInfo(){
global $user, $db, $prefix, $email, $fullname, $email_taken_err;
global $site, $country, $city, $tel, $profile;
global $site_name, $site_email, $site_url;

if (is_logged_in($user)) {
//this function will check fields incase of javascript not working.
if(trim(empty($email))){
//print the error message and load the form.
include("header.php");

EditMyInfo_form();
echo "<center><font class=\"error\">"._ERROR_PLEASE_FILL_FIELDS."</font></center>\n";
include("footer.php");
exit();
}

$cookie_read = explode("|", base64_decode($user));
$userid = $cookie_read[0];

/*--nothing empty? everything is okay? lets do the changes--*/
$sql_email_check = $db->sql_query("SELECT email FROM ".$prefix."_users WHERE email='$email' AND userid!='$userid'");
$email_check = $db->sql_numrows($sql_email_check);
//define error message for usage in multi plces.
$exist_msg= "<font class=\"error\">("._THE_EMAIL." $email: "._ALREADY_TAKEN.")</font>";

if($email_check > 0){
$email_taken_err = $exist_msg;
unset($email);
//if the email already been taken load the form and print errors.
include("header.php");
EditMyInfo_form();
include("footer.php");
exit();
}

$result = $db->sql_query("UPDATE ".$prefix."_users
SET email='$email',
fullname='$fullname',
site='$site',
country='$country',
city='$city',
tel='$tel',
profile='$profile'
WHERE userid='$userid'");

//print success message and redirect browser
msg_redirect(""._YOUR_INFO_HAS_BEEN_CHANGES."","users.php","5");
}else{
echo "<br /><center><font class=\"title\">"._NOT_AUTHORIZED."</font>";
}


}

################################################## ##############################
#------------------------------------------------------------------------------#
# a switch for switching between functions
#------------------------------------------------------------------------------#
################################################## ##############################
switch ($maa){

case "EditMyInfo":
EditMyInfo();
break;

case "do_EditMyInfo":
do_EditMyInfo();
break;

case "ChangePWD":
ChangePWD();
break;

case "do_ChangePWD":
do_ChangePWD();
break;

case "Forgot_pwd":
Forgot_pwd();
break;

case "do_Forgot_pwd":
do_Forgot_pwd();
break;

case "Register":
Register();
break;

case "do_Register":
do_Register();
break;

case "Logout":
Logout($user);
break;

case "Login":
Login();
break;

case "do_login":
do_login();
break;
//load the default function.
Default:
index($user);
Break;
}

//last update DEC 04, 2007 @ 9:30 PM by Jack. (+10 GMT)
?>
Beau
05-12-2007, 10:35 PM
An easy mistake to make if you don't have an IDE that will show you in plain colour the difference between commented code and active code.

Want to hide these adverts? Register an account for free!