Authentication Php

//Put in your own info for username, password, DB, email@address, Cookiename,
//the name of this page (currently login.php) and the name of your subscribe
//or new user page (currently new.php). I went ahead and included all the HTML
//so this page should work as is, with only the changes described above needed
$dblink = mysql_pconnect("localhost","username","password");
mysql_select_db("DB");
$headers=0; //Make Sure HTML Headers are in place before the form
//after Authenticating the script automatically sends the browser to
//the webpage of your choice (note if your page calls this
//script with ?redirect="foobar.php" it will automatically
//redirect to foobar.php after authenticating. Set the default
//redirect page here
if ( !isset($redirect))
{
$redirect = "index.php";
}
if (isset($UserID) && isset($Password)) {
$query = "select * from members where UserID = \"$UserID\" and Password =
\"$Password\"";
if ( !($dbq = mysql_query($query, $dblink))) {
echo "Unable to query database. Please Contact href=\"mailto:email@address\">email@address.\n";
exit;
}
$lim = mysql_num_rows( $dbq );
if ($lim != 1) {
$headers=1; //HTML headers in place
echo "Login Page";
echo "Invalid User ID or Password. Please Try again
";
}
if ($lim == 1) {
//make unique session id and store it in Database
$timer = md5(time());
$sid = $UserID . "+" . $timer;
SetCookie("Cookiename",$sid,time()+2592000); //Set Cookie for 30 days
$query = "update members set sid=\"$timer\" where UserID=\"$UserID\"";
if( !($dbq = mysql_query( $query, $dblink))) {
echo "Unable to update database. Please contact href=\"mailto:email@address\">email@address.\n";
exit;
}
$headers=1;
header("Location: $redirect");
exit;
}
}
if (isset($Cookiename)) {
$headers=1; //make sure HTML headers are in place before the form
$sidarray = explode("+", "$Cookiename");
$query = "select * from members where UserID = \"$sidarray[0]\" and sid = \"$sidarray[1]
\"";
if ( !($dbq = mysql_query($query, $dblink))) {
echo "Unable to find database. Please Contact href=\"mailto:email@address\">email@address.\n";
exit;
}
if (mysql_num_rows( $dbq ) == 1) {
echo "Login Page";
echo "You are already logged in as $sidarray[0].
";
echo "You may logon as another user or simply begin using our services with your current
session.
";
echo "Click Here to return to our
homepage.";
}
}
if ($headers == 0) {
echo "Login Page";
}
echo "
";
echo "

User Name

";
echo "";
echo "
";
echo "

Password

";
echo "";
echo "
";
echo "";
echo "";
echo "
";
?>
Create an Account


//Header for Authenticator with Cookies:
//I received some e-mail asking what code should be placed on other pages of the website using my Authenticator
//with Cookies and Redirect. This should appear before the HTML Tag on any page you want protected.
//Put in your own info for username, password, DB, email@address, Cookiename,
//the name of this page (currently thispage.php), and the name of the login page (currently
login.php).
//Cookiename MUST be the same as Cookiename in the login page.
$dblink = mysql_pconnect("localhost","username","password");
mysql_select_db("DB");
if( !(isset( $CookieName )))
{
header("Location: http://www.yourdomain.com/login.php3?redirect=thispage.php");
exit;
}
$sidarray = explode("+","$CookieName");
$query = "select * from members where UserID = \"$sidarray[0]\" and sid = \"$sidarray[1]\"";
if ( !($dbq = mysql_query( $query, $dblink))) {
echo "Unable to find database. Please Contact HREF=\"mailto:email@address\">email@address.\n";
exit;
}
if (mysql_num_rows( $dbq ) != 1) {
header("Location: http://www.yourdomain.com/login.php3?redirect=thispage.php");
exit;
}
?>