# This bit of code may be freely used on condition that I will not be responsible for any mishap it might cause
# If $pass_stop = 1, check if you can log in, but do not exit!! Do not ask HTTP Password!
# Required - sometimes you want to show a page whether user is logged in or not to know which message to send.
# Password checking via
# 1 Form input
# 2 HTTP input
# 3 Cookie return
# Cookie set at end to last 1 year
# 1 overides 2 overrides 3
# Variables for form:
# f_userID User ID
# f_pass Password
# rem_cookie Remember username and password for the future in a cookie? (if 1 yes else no)
$logged_in = false;
# Function to request http password.
function http_pass(){
GLOBAL $pass_stop;
if ($pass_stop != 1){
$unauthstring = "You did not enter a valid Username/Password combination
Header("WWW-Authenticate: Basic realm=\"Registered users Only\"");
Header("HTTP/1.0 401 Unauthorized");
echo "$unauthstring"; exit;
} # if ($pass_stop == 1)
} # end function http_pass
# set some control variables
$userID = '';
$passwd = '';
$userstat = '';
# Is form variable set?
# if so set process variables and skip http and cookies
if ((isset($f_userID)) && (isset($f_pass))) {
$userID = $f_userID;
$passwd = $f_pass;
$userstat = 1;
} # end ((isset($f_userID) && isset($f_pass))
# Is HTTP variable set?
# if so set process variables and skip cookies
if (isset($PHP_AUTH_USER) && isset($PHP_AUTH_PW) && ($userstat == '')) {
$userID = $PHP_AUTH_USER;
$passwd = $PHP_AUTH_PW;
$userstat = 1;
} # end if ((isset($PHP_AUTH_USER) && isset($PHP_AUTH_PW) && ($userstat == ''))
# Is Cookie variable set?
# if so set process variables
if (isset($download) && ($userstat == '')) {
$tt1 = explode("|",$download);
$userID = $tt1[0];
$passwd = $tt1[1];
$userstat = 1;
} # end ((isset($download) && ($userstat == ''))
# If no username or password - ask for it! And exit
if ($userstat == '')
{http_pass(); }
# Now we should have a username/password combination
# is it valid??
# Connect to DB
$db = mysql_connect("localhost", "root", "");
if ( mysql_select_db("userDB",$db) ) {
# Connect Ok
;
} else {
echo "Failed to connect to database
";exit;};
# get data from DB
$query = "SELECT * FROM users WHERE uname = '$userID'";
$result = mysql_query($query);
if ($result) { $x=1;} else {echo "PASSWORD SEARCH FAILED
result= $result
sql = $query
";};
if ($memberrow = mysql_fetch_array($result)) {
$dbpasswd = $memberrow["passwd"];
$userpasswd = md5($passwd);
if (!$userid) { $userid= $memberrow["uname"]; } ;
if ($dbpasswd != $userpasswd) {http_pass();} #End
if ($dbpasswd == $userpasswd) {$logged_in=true;}
} # End if (!$userid) { $userid= $memberrow["uname"]; }
else
{
http_pass;} #Ende else memberrow
# Now we know who this guy is!
# Set cookie for future
# If not set - did he give permission?
# If set, rewrite with new expiry date
$cookie_value = $userID.'|'.$passwd;
if ($logged_in && (($rem_cookie == 1) || isset($download))) {SetCookie("download",$cookie_value,time()+31622400); # Set Cookie for 366 days
$download= $cookie_value;
}
?>
#Use this form snippet to provide the user with a login screen.
include('Code_Above');
# Login insert
?>