<?
// Replace the variable values below
// with your specific database information.
$host = "localhost";
$user = "UserName";
$pass = "Password";
$db   = "dbName";
 
// This part sets up the connection to the 
// database (so you don't need to reopen the connection
// again on the same page).
$ms = mysql_pconnect($host, $user, $pass);
if ( !$ms )
{
echo "Error connecting to database.\n";
}
 
// Then you need to make sure the database you want
// is selected.
mysql_select_db($db);
?> 

<?php
 
// dbConfig.php is a file that contains your
// database connection information. This
// tutorial assumes a connection is made from
// this existing file.
include ("dbConfig.php");
 
 
//Input vaildation and the dbase code
if ( $_GET["op"] == "reg" )
 {
 $bInputFlag = false;
 foreach ( $_POST as $field )
  {
  if ($field == "")
   {
   $bInputFlag = false;
   }
  else
   {
   $bInputFlag = true;
   }
  }
 // If we had problems with the input, exit with error
 if ($bInputFlag == false)
  {
  die( "Problem with your registration info. "
   ."Please go back and try again.");
  }
 
 // Fields are clear, add user to database
 //  Setup query
 $q = "INSERT INTO `dbUsers` (`username`,`password`,`email`) "
  ."VALUES ('".$_POST["username"]."', "
  ."PASSWORD('".$_POST["password"]."'), "
  ."'".$_POST["email"]."')";
 //  Run query
 $r = mysql_query($q);
 
 // Make sure query inserted user successfully
 if ( !mysql_insert_id() )
  {
  die("Error: User not added to database.");
  }
 else
  {
  // Redirect to thank you page.
  Header("Location: register.php?op=thanks");
  }
 } // end if
 
 
//The thank you page
elseif ( $_GET["op"] == "thanks" )
 {
 echo "<h2> Thanks for registering!</h2> ";
 }
 
//The web form for input ability
else
 {
 echo "<form action=\"?op=reg\" method=\"POST\"> \n";
 echo "Username: <input name=\"username\" MAXLENGTH=\"16\"> <br /> \n";
 echo "Password: <input type=\"password\" name=\"password\" MAXLENGTH=\"16\"> <br /> \n";
 echo "Email Address: <input name=\"email\" MAXLENGTH=\"25\"> <br /> \n";
 echo "<input type=\"submit\"> \n";
 echo "</form> \n";
 }
// EOF
?>

<?php
session_start();
// dBase file
include "dbConfig.php";
 
if ($_GET["op"] == "login")
 {
 if (!$_POST["username"] || !$_POST["password"])
  {
  die("You need to provide a username and password.");
  }
 
 // Create query
 $q = "SELECT * FROM `dbUsers` "
  ."WHERE `username`='".$_POST["username"]."' "
  ."AND `password`=PASSWORD('".$_POST["password"]."') "
  ."LIMIT 1";
 // Run query
 $r = mysql_query($q);
 
 if ( $obj = @mysql_fetch_object($r) )
  {
  // Login good, create session variables
  $_SESSION["valid_id"] = $obj->id;
  $_SESSION["valid_user"] = $_POST["username"];
  $_SESSION["valid_time"] = time();
 
  // Redirect to member page
  Header("Location: members.php");
  }
 else
  {
  // Login not successful
  die("Sorry, could not log you in. Wrong login information.");
  }
 }
else
 {
//If all went right the Web form appears and users can log in
 echo "<form action=\"?op=login\" method=\"POST\">";
 echo "Username: <input name=\"username\" size=\"15\"><br />";
 echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
 echo "<input type=\"submit\" value=\"Login\">";
 echo "</form>";
 }
?>

?php
session_start();
 
if (!$_SESSION["valid_user"])
{
// User not logged in, redirect to login page
Header("Location: login.php");
}
 
// Member only content
// ...
// ...
// ...
 
// Display Member information
echo "<p>User ID: " . $_SESSION["valid_id"];
echo "<p>Username: " . $_SESSION["valid_user"];
echo "<p>Logged in: " . date("m/d/Y", $_SESSION["valid_time"]);
 
// Display logout link
echo "<p><a href=\"logout.php\">Click here to logout!</a></p>";
?>

<?php
session_start();
session_unset();
 
session_destroy();
// Logged out, return home.
Header("Location: index.php");
?>