<?php
/* Coopercentral Login 2.0 functions page
Please fill in the fields below and the run
this page. Once it's installed, please
delete this file
*/
// PLEASE ENTER THE LINES BELOW............................................
// names of the members table
$users_table = "users";
// mysql settings
$db_host = "localhost";
$db_user = "";
$db_pass = "";
$db_name = "";
$sess_name = "my_members"; // name of the session used when users are logged in
$path_to = "/members"; // put the folder name where these files are located. The default assumes the folder is on your base home directory
// DO NOT EDIT BELOW THIS LINE ...........................................
/* DB functions, no editing below this point */
session_start();
ob_start();
function isLoggedIn() {
global $sess_name;
// check if session is intact
if(isset($_SESSION[$sess_name])) {
return true;
} else {
return false;
}
}
function db_connect() {
global $db_host, $db_user, $db_pass, $db_name;
mysql_connect($db_host, $db_user, $db_pass);
mysql_select_db($db_name);
}
db_connect();
function show_login() {
global $users_table, $sess_name;
// if user is not logged in, show the login form
if($_GET[action] == "logout") {
logout();
}
if(!isLoggedIn()) {
// add header function if prefer
echo "<h2 align=\"center\">Member Login</h2>";
if(!isset($_POST[submit])) {
echo "<form method=\"POST\" action=\"".$_SERVER[PHP_SELF]."\">
<center>
<table>
<tr>
<td>Username:</td>
<td><input type=\"text\" name=\"username\"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type=\"password\" name=\"password\"></td>
</tr>
<tr>
<td colspan=2 align=center>
<input type=\"submit\" name=\"submit\" value=\"submit\"></td>
</tr>
</table>";
// add footer function here
die();
} else if(isset($_POST[submit]) && empty($_POST[username]) or empty($_POST[password])) {
// add header function here
echo "<center><font color=\"red\" align=\"center\"><b>Please enter a username/password to login</b></font></center>";
// add footer function here
die();
} else if(isset($_POST[submit]) && !empty($_POST[username]) && !empty($_POST[password])) {
// Validate their login
$result = @mysql_query("SELECT * FROM $users_table WHERE username='".$_POST[username]."' AND password='".md5($_POST[password])."'");
if(mysql_num_rows($result) < 1) {
//not in database
// add header function here
echo "<center><font color=\"red\" align=\"center\"><b>Invalid username/password combination. Please try again.</b></font></center>";
// add footer function here
die();
} else {
//entered correct, create session and refresh page
$_SESSION[$sess_name] = $_POST[username];
header("Location: $_SERVER[PHP_SELF]");
}
}
}
}
function logout() {
global $sess_name;
unset($_SESSION[$sess_name]);
session_destroy();
header("Location: http://".$_SERVER[SERVER_NAME]."");
}
function isAdmin() {
global $users_table, $sess_name;
//once user is logged in, check their "PRIV" value
//PRIV < 10 is regular admin
//PRIV >= 10 is an Administrator
$result = @mysql_query("SELECT priv FROM $users_table WHERE username='".$_SESSION[$sess_name]."'");
$row = mysql_fetch_array($result);
if($row[priv] < 10) {
//regular user
return false;
} else if($row[priv] >= 10) {
//is an admin
return true;
}
}
function checkEmail($email){
return preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$^", $email);
}
function db_field($field, $table, $condition) {
$result = @mysql_query("SELECT $field FROM $table WHERE $condition");
$row = mysql_fetch_array($result);
return $row[$field];
}
function db_num($table, $condition) {
$result = @mysql_query("SELECT * FROM $table WHERE $condition");
return mysql_num_rows($result);
}
?>