Member area
Upload/Download
NEWS & EVENTS
/* PHP Login Page Written by MG This is the SQL statement to create the database required for this application. create table barc_users ( id int(6) unsigned zerofill NOT NULL, barc_username varchar(20) not null, barc_password varchar(20), barc_logins int(10) unsigned, primary key (id,barc_username) ); The only 216 colors that look the same no matter what, are the colors made out of pairs of 00, 33, 66, 99, CC and FF (hex). 0, 51, 102, 153, 204, 255 (dec). */ //////////////////////////////// // This checks to see if we need to connect to database for authentication. $notall = 0; $notauthenticated = 0; $badchar = 0; if (isset($_POST["barc_username"])) { //////////////////////////////// // This loop removed "dangerous" characters from the posted data // and puts backslashes in front of characters that might cause // problems in the database. //////////////////////////////// for(reset($_POST); $key=key($_POST); next($_POST)) { $counts = count_chars($_POST[$key],0); $bad1 = $counts[ord(">")]; $bad2 = $counts[ord("<")]; $bad3 = $counts[ord("|")]; if ($bad1 != 0 || $bad2 != 0 || $bad3 != 0) { // unset($_POST["barc_username"]); unset($_POST["barc_password"]); $badchar = 1; } } if ($badchar != 1) { //////////////////////////////// // This will catch if someone is trying to submit a blank // or incomplete form. //////////////////////////////// $barc_username=$_POST["barc_username"]; $barc_password=$_POST["barc_password"]; if ($barc_username && $barc_password) { //////////////////////////////// // This is the authentication code //////////////////////////////// mysql_connect("89.46.111.187","Sql1426292","e5833162ji") or die("Unable to connect to SQL server"); mysql_select_db("Sql1426292_1") or die("Unable to select database"); $query = "SELECT * FROM barc_users "; $query .= "WHERE barc_username='$barc_username' and barc_password=password('$barc_password')"; $user=mysql_query($query); $num = mysql_num_rows($user); $user=mysql_fetch_array($user); if ($num != "0") { $id=$user["id"]; $barc_logins=$user["barc_logins"]; if ($barc_logins == 0){ session_start(); $_SESSION['id']=$id; $_SESSION['disclaimer']="n"; header("Location: disclaimer.php"); exit; } else { $barc_logins++; mysql_connect("89.46.111.187","Sql1426292","e5833162ji") or die("Unable to connect to SQL server"); mysql_select_db("Sql1426292_1") or die("Unable to select database"); $query = "UPDATE barc_users SET barc_logins='$barc_logins' WHERE id='$id'"; mysql_query($query) or die("Insert Failed!!!!!"); session_start(); $_SESSION['id']=$id; $_SESSION['disclaimer']="y"; header("Location: memberhome.php"); exit; } } else { $notauthenticated = 1; } } else { //////////////////////////////// // If they didn't include all the required fields set a variable // and keep going. //////////////////////////////// $notall = 1; } } } ?>