signin.php
<?php
signin.php
include 'connect.php';
include 'header.php';
echo '<br>';
first, check if the user is already signed in. If that is the case, there is no need to display this page
if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true)
{
echo 'Ya has iniciado session</td></tr></table>';
}
else
{
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
/*the form hasn't been posted yet, display it
note that the action="" will cause the form to post to the same page it is on */
echo '<br><br><br><table><tr><td bgcolor="#00cc33"><center><h3>Ya eres miembro?</h3></td></tr><tr><td bgcolor="#ffffff"><center><br>te nos hiciste familiar,<br />';
echo ' inicia session<br /> <br /></td></tr><tr><td class="cell"><center><form method="post" action="">
Jugador: <br><input type="text" name="username" /><br />
Clave: <br><input type="password" name="password"><br /><br>
<input type="submit" value="Login" />
</form></td></tr></table>';
}
else
{
/* so, the form has been posted, we'll process the data in three steps:
1. Check the data
2. Let the user refill the wrong fields (if necessary)
3. Varify if the data is correct and return the correct response
- /
$errors = array(); /* declare the array for later use */
if(!isset($_POST['username']))
{
$errors[] = 'No pusiste el nombre de jugador.</td></tr></table>';
}
if(!isset($_POST['password']))
{
$errors[] = 'no pusiste la clave.</td></tr></table>';
}
if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
{
echo '<tr><td class="cell">falto llenar uno de estos espacios..<br /><br />';
echo '<ul>';
foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
{
echo '<li>' . $value . '</li>'; /* this generates a nice error list */
}
echo '</ul>';
}
else
{
the form has been posted without errors, so save it
notice the use of mysql_real_escape_string, keep everything safe!
also notice the sha1 function which hashes the password
$sql = "SELECT
id,
player
FROM
users
WHERE
player = '" . mysql_real_escape_string($_POST['username']) . "'
AND
password = '" . mysql_real_escape_string($_POST['password']) . "'";
$result = mysql_query($sql);
if(!$result)
{
something went wrong, display the error
echo '<tr><td class="cell">Something went wrong while signing in. Please try again later.</td></tr></table>';
echo mysql_error(); debugging purposes, uncomment when needed
}
else
{
the query was successfully executed, there are 2 possibilities
1. the query returned data, the user can be signed in
2. the query returned an empty result set, the credentials were wrong
if(mysql_num_rows($result) == 0)
{
echo '<tr><td class="cell">conbinacion de jugador y de clave incorrecta.</td></tr></table>';
}
else
{
set the $_SESSION['signed_in'] variable to TRUE
$_SESSION['signed_in'] = true;
we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
while($row = mysql_fetch_assoc($result))
{
$_SESSION['user_id'] = $row['id'];
$_SESSION['jugador'] = $row['player'];
}
echo "<script> window.location.assign('index.php'); </script>";
echo 'Hola, ' . $_SESSION['jugador'] . '. <br /><a href="index.php">Volver a Inicio</a></td></tr></table>.';
}
}
}
}
}
include 'footer.php';
?>
Comments