Новый человек я в скриптописании
На суд честной выношу скрипт для авторизации пользователей
Что не так?
Коменты в скрипте на ином языке писаны - уж не осудите… Писал для американцев, коментил как мог…
<?php
session_start();
//set posted data from login input to variable $login
if (isset($_POST['login'])) { $login = $_POST['login']; if ($login == '') { unset($login);} }
//set entered password to var $password
if (isset($_POST['password'])) { $password=$_POST['password']; if ($password =='') { unset($password);} }
//if user didn't enter login and password then give an error
if (empty($login) or empty($password))
{
exit ("<br><br><br><br><center><font color=red>You entered not all information, go back and try again!</font>
<br><a href='index.php'>Back to Main</a></center>");
}
//if user exist then wew check login and password for special characters
$login = stripslashes($login);
$login = htmlspecialchars($login);
$login = str_replace("'","",$login);
$password = stripslashes($password);
$password = htmlspecialchars($password);
//trim spaces
$login = trim($login);
$password = trim($password);
// connect to database
include ("connect.php");// connect.php should be in one folder with index.php file
$str="SELECT * FROM users WHERE login='$login'";
$result = mysql_query("SELECT * FROM users WHERE login='$login'",$link);
$myrow = mysql_fetch_array($result);
if (empty($myrow['password']))
{
//if user with login does not exist
exit ("<br><br><br><br><center><font color=red>Sorry! Login and Password that you entered are incorrect!</font>
<br><a href='index.php'>Back to Main</a></center>");
}
else {
//if user exists then match passwords
if ($myrow['password']==$password) {
//if passwords match then start session
$_SESSION['login']=$myrow['login'];
$_SESSION['agent_name']=$myrow['name'];
$_SESSION['agent_id']=$myrow['id'];
$_SESSION['id']=md5('time()'.'$myrow[id]');
$_SESSION['auth']=$myrow['rights'];
$_SESSION['office']=$myrow['office'];
if ($_SESSION['auth']=="admin"){
// if user rights in db is admin
exit(Header("Location:admin_control_panel.php"));
}
else {
// if user rights in db is user
exit(Header("Location:user_control_panel.php"));
}
}
else {
//if passwords didn't match
exit ("Sorry! Password and Login that you entered are incorrect!<br><a href='index.php'>Back to Main</a>");
}
}
?>