i have this code for login using a database
Expand|Select|Wrap|Line Numbers
- <?php
- $username="********";
- $password="********";
- $database="auctionTemps";
- // Connect to server and select databse.
- $connection=mysql_connect("localhost" ,"$username", "$password") or die("Unable to connect!");
- mysql_select_db("$database") or die("Unable to select database!");
- // username and password sent from form
- $myusername=$_POST['myusername'];
- $mypassword=$_POST['mypassword'];
- // To protect MySQL injection (more detail about MySQL injection)
- $myusername = stripslashes($myusername);
- $mypassword = stripslashes($mypassword);
- $myusername = mysql_real_escape_string($myusername);
- $mypassword = mysql_real_escape_string($mypassword);
- $sql="SELECT * FROM users WHERE username='$myusername' and password='$mypassword'";
- $result=mysql_query($sql);
- // Mysql_num_row is counting table row
- $count=mysql_num_rows($result);
- // If result matched $myusername and $mypassword, table row must be 1 row
- if($count==1){
- // Register $myusername, $mypassword and redirect to file "login_success.php"
- session_register("myusername");
- session_register("mypassword");
- header("location:tsandcs.php");
- }
- else {
- header("location:incorrect.php");
- }
- ?>
Expand|Select|Wrap|Line Numbers
- <?
- session_start();
- if(!session_is_registered(myusername)){
- header("location:index.php");
- }
- ?>
the system im building goes like this.
1. user clicks register
2. they enter user details email, password and username
3. then the enter their name and postal details which are passed to paypal.
4. they then enter their payment details for the subscription.
5. once completed paypal they are directed back to a page where they confirm their email address.
6. once confirmed they are able to login.
the aim is to make sure that people don't get access to the site without completing the full process as it's a subscription site