$username = trim(mysql_prep($_POST['username'])); $password = trim(mysql_prep($_POST['password'])); $hashed_password = sha1($password); if (empty($errors)) { $query = "SELECT * "; $query .= "FROM users "; $query .= "WHERE username = '******' "; $query .= "AND hashed_password = '******' "; $query .= "LIMIT 1"; $result_set = mysql_query($query); confirm_query($result_set); if (mysql_num_rows($result_set) == 1) { $found_user = mysql_fetch_array($result_set); // **** Need to start session at beginning of page -- note the include session.php at top. // Store firstname, username and id -- more information now so we make fewer trips to database later. set_session_vars($found_user['id'], $found_user['username'], $found_user['admin']); // function is in session.php redirect_to("index.php"); } else { $message = "That password or username is incorrect."; $message .= "<br />" . mysql_error(); } } else { if (count($errors) == 1) { $message = "There was 1 error in the form."; } else { $message = "There were " . count($errors) . " errors in the form."; } } } else { // Form has not been submitted.
$firstname = trim(mysql_prep($_POST['firstname'])); $lastname = trim(mysql_prep($_POST['lastname'])); $username = trim(mysql_prep($_POST['username'])); $password = trim(mysql_prep($_POST['password'])); $hashed_password = sha1($password); // Make sure that this user name is unique if (!username_is_unique($username)) { $errors[] = "The user name you selected is already in use, so please try another."; } if (empty($errors)) { $query = "INSERT INTO users (\n\t\t\t\t\t\t\tfirstname, lastname, username, hashed_password\n\t\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t\t'{$firstname}', '{$lastname}', '{$username}', '{$hashed_password}'\n\t\t\t\t\t\t)"; $result = mysql_query($query, $connection); if ($result) { // Get a reference to the user ID just created: $user_id = mysql_insert_id(); set_session_vars($user_id, $username, $firstname); redirect_to("index.php?newuser=1"); } else { $message = "The user could not be created."; $message .= "<br />" . mysql_error(); } } else { if (count($errors) == 1) { $message = "There was 1 error in the form."; } else { $message = "There were " . count($errors) . " errors in the form."; } } } else { // Form has not been submitted. $firstname = "";