function getPost($name, $default = NULL)
{
if (!postSet($name)) {
return $default;
}
return unescape_gpc($_POST[$name]);
}
<html>
<?php
require_once 'studentdb.php';
$db_server = mysql_connect($host, $username, $password);
if (!$db_server) {
die("Unable to connect to MySQL: " . mysql_error());
}
mysql_select_db($dbname) or die("Unable to select database: " . mysql_error());
if (postSet('user') && postSet('pass') && postSet('conf') && postSet('firstName') && postSet('lastName')) {
if (getPost('pass') != getPost('conf')) {
echo "<p style=\"color: red;\">Passwords do not match.</p>";
} else {
$user = getPost('user');
$pass = getPost('pass');
$first = getPost('firstName');
$last = getPost('lastName');
$query = "select * from student_info where username=\"{$user}\";";
$result = mysql_query($query, $db_server);
$row = mysql_fetch_row($result);
if (!$row) {
$query = "insert into student_info values('{$user}','{$pass}','{$first}','{$last}')";
if (!mysql_query($query, $db_server)) {
echo "<p style=\"color: red;\">Failed to sign up!</p>";
} else {
$_SESSION['user'] = $user;
?>
<script type="text/javascript">
window.location = "home.php";
</script>
<?php
}
<html>
<?php
session_start();
require_once 'studentdb.php';
$db_server = mysql_connect($host, $username, $password);
if (!$db_server) {
die("Unable to connect to MySQL: " . mysql_error());
}
mysql_select_db($dbname) or die("Unable to select database: " . mysql_error());
if (postSet('username') && postSet('password')) {
$user = getPost('username');
$pass = getPost('password');
$query = "select * from student_info where username=\"{$user}\";";
$result = mysql_query($query, $db_server);
if (!$result) {
echo "<p style=\"color: red;\">Invalid username.</p>";
} else {
$row = mysql_fetch_row($result);
if ($row[1] != $pass) {
echo "<p style=\"color: red;\">Incorrect username or password.</p>";
} else {
$_SESSION['user'] = $user;
?>
<script type="text/javascript">
window.location = "home.php";
</script>
<?php
}
}
}
$_POST['username'] = "";
