login.php
<?php
//ob
ob_start();
//session
session_start();
if (isset($_SESSION['username']))
{
header("Location: main.php");
exit();
}
//connect
$error = 'Could not connect to the database';
mysql_connect('localhost','root','') or die($error);
mysql_select_db('phpbb') or die($error);
//include functions.php phpbb script
require 'forum/includes/functions.php';
if ($_POST['login'])
{
//get form data
$username = addslashes(strip_tags(strtolower($_POST['username'])));
$password = addslashes(strip_tags($_POST['password']));
if (!$username||!$password)
echo "Please enter a username and password<p />";
else
{
//find username
$find = mysql_query("SELECT * FROM phpbb_users WHERE username_clean='$username'");
if (mysql_num_rows($find)==0)
echo "Username not found<p />";
else
{
while ($find_row = mysql_fetch_assoc($find))
{
// grab password hash for user
$password_hash = $find_row['user_password'];
}
$check = phpbb_check_hash($password, $password_hash);
if ($check==FALSE)
echo "Incorrect password<p />";
else if ($check==TRUE)
{
$_SESSION['username']=$username;
header("Location: main.php");
exit();
}
}
}
}
?>
<form action="login.php" method="POST">
Username:<br />
<input type="text" name="username"><p />
Password:<br />
<input type="password" name="password"><p />
<input type="submit" name="login" value="Log in">
</form>
//ob
ob_start();
//session
session_start();
if (isset($_SESSION['username']))
{
header("Location: main.php");
exit();
}
//connect
$error = 'Could not connect to the database';
mysql_connect('localhost','root','') or die($error);
mysql_select_db('phpbb') or die($error);
//include functions.php phpbb script
require 'forum/includes/functions.php';
if ($_POST['login'])
{
//get form data
$username = addslashes(strip_tags(strtolower($_POST['username'])));
$password = addslashes(strip_tags($_POST['password']));
if (!$username||!$password)
echo "Please enter a username and password<p />";
else
{
//find username
$find = mysql_query("SELECT * FROM phpbb_users WHERE username_clean='$username'");
if (mysql_num_rows($find)==0)
echo "Username not found<p />";
else
{
while ($find_row = mysql_fetch_assoc($find))
{
// grab password hash for user
$password_hash = $find_row['user_password'];
}
$check = phpbb_check_hash($password, $password_hash);
if ($check==FALSE)
echo "Incorrect password<p />";
else if ($check==TRUE)
{
$_SESSION['username']=$username;
header("Location: main.php");
exit();
}
}
}
}
?>
<form action="login.php" method="POST">
Username:<br />
<input type="text" name="username"><p />
Password:<br />
<input type="password" name="password"><p />
<input type="submit" name="login" value="Log in">
</form>
main.php
<?php
//ob
ob_start();
//session
session_start();
$session_username = $_SESSION['username'];
if (!isset($session_username))
{
header("Location: login.php");
exit();
}
else
{
echo "Hello, ".$session_username.". <a href='logout.php'>Log out</a>";
}
?>
//ob
ob_start();
//session
session_start();
$session_username = $_SESSION['username'];
if (!isset($session_username))
{
header("Location: login.php");
exit();
}
else
{
echo "Hello, ".$session_username.". <a href='logout.php'>Log out</a>";
}
?>
logout.php
<?php
session_start();
session_destroy();
header("Location: login.php");
?>
session_start();
session_destroy();
header("Location: login.php");
?>
