The first couple of lines includes the database connection file, which contains our database connection credentials, and also the functions file, which contains the functions that we are going to use for user verification. Some of the lines also enable us to initialize variables:

include "dbcon.php";

include "functions.php";

//initialise variables

$err=false;

$errmsg="";

The $err and $errmsg variables are used to collect error messages across the script, and depending on whether there are errors, will be displayed on the login form. The $err variable is of type Boolean, and is initially set to false. In most of the scripts in this application, it will decide whether or not SQL queries can be run. The next couple of lines basically checks to see if the form has been submitted:

//is form submitted?

if(isset($_POST['submit'])){

Then tests to see if the form fields are empty or not:

//check that the form values are not empty, if so, set errormsg value

if(empty($_POST['uname'])){

$errmsg="The username field is empty, please enter a username<br>";

$err=true;

}

If they are empty, the $err variable is set to true and the $errmsg variable is assigned a error message:

if(empty($_POST['upass'])){

$err=true;

$errmsg .="The password field is empty, please enter password<br>";

}

Another test is performed on the username that is submitted. The test is to verify that the username is in the correct format. Remember that our usernames must be in the format name.surname:

//check that the username is in correct format

if(!checkformat($_POST['uname'])){

$err=true;

$errmsg .="The username that you entered has a incorrect format.<br>";

}

The checkformat() function is located in the functions.php file and has the following code:

function checkformat($aUsername){

if(eregi('^[a-z]+[.]+[a-z]+$',$aUsername))

return TRUE;

else

return FALSE;

}

It makes use of regular expression by matching a pattern against a given string value. You can of course use other ways to verify the username format.