[PHP] session enkel gekend binnen 1 pagina

require 'db_connect.php';

if($logged_in == 1) {
    die('You are already logged in, '.$_SESSION['username'].'.');

}


?>
<html>
<head>
<title>Login</title>
</head>
<body>
<?php

if (isset($_POST['submit'])) { // if form has been submitted


    /* check they filled in what they were supposed to and authenticate */
    if(!$_POST['uname'] | !$_POST['passwd']) {
        die('You did not fill in a required field.');
    }

    // authenticate.

    if (!get_magic_quotes_gpc()) {
        $_POST['uname'] = addslashes($_POST['uname']);
    }

    $check = $db_object->query("SELECT username, password FROM users WHERE username = '".$_POST['uname']."'");

    if (DB::isError($check)) {
        die('That username does not exist in our database.');
    }

    $info = $check->fetchRow();

    // check passwords match

    $_POST['passwd'] = stripslashes($_POST['passwd']);
    $info['password'] = stripslashes($info['password']);
    $_POST['passwd'] = md5($_POST['passwd']);

    if ($_POST['passwd'] != $info['password']) {
        die('Incorrect password, please try again.');
    }

    // if we get here username and password are correct, 
    //register session variables and set last login time.

    $date = date('m d, Y');

    $update_login = $db_object->query("UPDATE users SET last_login = '$date' WHERE username = '".$_POST['uname']."'");

    $_POST['uname'] = stripslashes($_POST['uname']);
    $_SESSION['username'] = $_POST['uname'];
    $_SESSION['password'] = $_POST['passwd'];
    $db_object->disconnect();
    //redirect naar user area

    //header('Location: example.php');
?>

<h1>Logged in</h1>
<p>Welcome back <?php echo $_SESSION['username']; ?>, you are logged in.</p>

<?php
} else {    // if form hasn't been submitted

?>
<h1>Login</h1>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td>
<input type="text" name="uname" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="passwd" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
?>
</body>
</html>

<?php

//require the PEAR::DB classes.

require_once 'DB.php';


$db_engine = 'mysql';
$db_user = '***;
$db_pass = '***';
$db_host = 'localhost';
$db_name = '***';

$datasource = $db_engine.'://'.
              $db_user.':'.
              $db_pass.'@'.
              $db_host.'/'.
              $db_name;


$db_object = DB::connect($datasource, TRUE);

/* assign database object in $db_object, 

if the connection fails $db_object will contain

the error message. */

// If $db_object contains an error:

// error and exit.

if(DB::isError($db_object)) {
    die($db_object->getMessage());
}

$db_object->setFetchMode(DB_FETCHMODE_ASSOC);

// we write this later on, ignore for now.

include('check_login.php');

?>

<?php

/* check login script, included in db_connect.php. */

session_start();

if (!isset($_SESSION['username']) || !isset($_SESSION['password'])) {
    $logged_in = 0;
    return;
} else {
    
    // remember, $_SESSION['password'] will be encrypted.

    if(!get_magic_quotes_gpc()) {
        $_SESSION['username'] = addslashes($_SESSION['username']);
    }


    // addslashes to session username before using in a query.
    $pass = $db_object->query("SELECT password FROM users WHERE username = '".$_SESSION['username']."'");

    if(DB::isError($pass)) {
        $logged_in = 0;
        unset($_SESSION['username']);
        unset($_SESSION['password']);
        // kill incorrect session variables.
    }

    $db_pass = $pass->fetchRow();

    // now we have encrypted pass from DB in 
    //$db_pass['password'], stripslashes() just incase:

    $db_pass['password'] = stripslashes($db_pass['password']);
    $_SESSION['password'] = stripslashes($_SESSION['password']);



    //compare:



    if($_SESSION['password'] == $db_pass['password']) { 
        // valid password for username
        $logged_in = 1; // they have correct info
                    // in session variables.
    } else {
        $logged_in = 0;
        unset($_SESSION['username']);
        unset($_SESSION['password']);
        // kill incorrect session variables.
    }
}


// clean up
unset($db_pass['password']);

$_SESSION['username'] = stripslashes($_SESSION['username']);

?>

<?php

require 'db_connect.php';

// require our database connection
// which also contains the check_login.php
// script. We have $logged_in for use.
?>



<?php
if ($logged_in == 0) {
    die('Sorry you are not logged in, this area is restricted to registered members. <a href="login.php">Click here</a> to log in.');
}


// show content

$db_object->disconnect();
// when you are done.

?>