The Login page - PHP

The login page is the main entrance to our site. Any user that wants to use our site needs to be authenticated by this script. We want only users that have registered to be allowed in, so we filter out those that are not registered through this script.

<?

session_start();

//someone registered?

if(isset($_GET['reg'])){

$reg="Your details have been added, please login";

}

$error=false;

$errmsg="";

//has form been submitted

if(isset($_POST['key'])){

//check that the username and password is not empty

if( empty($_POST['uname']) && (empty($_POST['upass']))){

print "Please enter your username and password.";

$errmsg="Please enter your username and password.";

$error=true;

}

//check that the username and password is string

if( is_numeric($_POST['uname']) && (is_numeric($_POST['upass']))){

print "Please enter a valid username and password.";

$errmsg=" Please enter a valid username and password.";

$error=true;

}

//if no error then start authentication process

if(!$error){

//transfer to shorter var

$n=$_POST['uname'];

$p=$_POST['upass'];

//if no error then start authentication process

//connect to db

include('../config.inc');

//clean using mysql cleaner

$cleanuname=mysql_real_escape_string($n);

$cleanupass=mysql_real_escape_string($p);

$query="select uname,pw from users where uname='$cleanuname' and pw='$cleanupass' ";

$result=mysql_query($query);

$num=mysql_num_rows($result);

if($num>0 ){

//put in session vars

session_start();

$mytime=time();

$mytime=date("H:i:s A",$mytime);

$_SESSION['time'] = $mytime;

$_SESSION['status'] = 'logged';

$_SESSION['username'] = $cleanuname;

//goto next page

header("location:welcome.php");

exit;

}

}else{

$_SESSION['status'] = 'not logged';

$errmsg="Your username ($n) and password do not match, please try again.";

}

}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/primary/Templates/was.dwt.php" codeOutsideHTMLIsLocked="false" -->

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<!-- InstanceBeginEditable name="doctitle" -->

<title>WebSecure::Login</title>

<!-- InstanceEndEditable -->

<!-- InstanceBeginEditable name="head" -->

<!-- InstanceEndEditable -->

<link href="Templates/was.css" rel="stylesheet" type="text/css" />

<script language="javascript" type="text/javascript">

function checkform(pform1){

if(pform1.uname.value==""){

alert("Please enter a username")

pform1.uname.focus()

return false

}

if(pform1.pw.value==""){

alert("Please enter a password")

pform1.pw.focus()

return false

}

if(pform1.pw.value=="" && pform1.uname.value==""){

alert("Please make sure that you have entered your username and password")

return false

}

return true

}

</script>

</head>

<body>

<table width="99%" border="1">

<tr>

<td bgcolor="#333333" class="header">Web Secure</td>

</tr>

<tr>

<td><!-- InstanceBeginEditable name="main" -->

<form name="form1" onSubmit="return checkform(this)" method="post" action="">

<table width="41%" border="0" align="center" cellpadding="0" cellspacing="3">

<tr class="listtop">

<td colspan="3">Login Status:<? if(isset($msg)){

echo "$msg";

}elseif(isset($reg)){

echo "$reg";

}?></td>

</tr>

<tr>

<td width="9%">Username</td>

<td width="41%"><input name="uname" type="text" id="uname" size="50"></td>

<td width="50%" rowspan="4">&nbsp;</td>

</tr>

<tr>

<td>Password</td>

<td><input name="upass" type="text" id="upass" size="50">

<input type="hidden" name="key" /></td>

</tr>

<tr>

<td>&nbsp;</td>

<td><a href="../password.php">Forgotten your password?</a>|<a href="register.php">Register</a></td>

</tr>

<tr>

<td>&nbsp;</td>

<td><input type="submit" name="Submit" value="Login"></td>

</tr>

</table>

</form>

<!-- InstanceEndEditable --></td>

</tr>

<tr>

<td class="copy">&copy;2008</td>

</tr>

</table>

</body>

<!-- InstanceEnd --></html>