CoolwebTeacher: USOE/WebDevelopment2009/SimpleLogin

Simple CMS

part2.zip

This set of files will setup a site that restricts access to logged in users. It has a calendar, and comments page.

Create each of the following files and put the associated code in them.

head.php

<?php
 session_start();
 if($_SESSION['username']){
         // user is logged in
 }else{
         // redirect to login.php
         $_SESSION['destination'] = $_SERVER['REQUEST_URI'];
         header('Location: login.php');
 }
?>

login.php

<?php session_start();
require('db.php');
//print_r($_POST);
if($_POST['submit'] && $_POST['submit'] != ''){
        // form has been submitted
        $lookupQuery = "SELECT * FROM users WHERE username='".$_POST['username']."'";
        $res = mysql_query($lookupQuery);
        if($res){
        $user = mysql_fetch_assoc($res);
                if($_POST['password'] == $user['password']){
                        $_SESSION['username']=$_POST['username'];
                        $updateLastLogin = "UPDATE users SET lastLogin = NOW() WHERE username=".$_POST['username'];
                }
        }else{
                // There is no user by that username
        }
}
include('top.php');  // Include the top part of the xhtml
if($_SESSION['username']){
        print "You are logged in.
        Do you want to <a href='logout.php'>logout</a>?";
        print "<a href='".$_SESSION['destination']."'>Continue</a>";
}else{
        print "<form action=' ' method='post'>
        Username: <input type='textbox' name='username'/>
        <br/>
        Password: <input type='password' name='password'/>
        <br/>
        <input type='submit' name='submit' value='submit'/>
        </form>";
}
include('bottom.php');
?>

logout.php

<?php
session_start();
session_destroy();
$pageTitle = "Logout";
include("top.php");
?>
You are now logged out.  <a href='login.php'>Login</a>?
<?php include("bottom.php"); ?>

db.php

<?php
$database='webdev';
$hostname='localhost';
$username='root';
$password='<password>';
mysql_connect($hostname,$username,$password);
mysql_select_db($database);
?>

top.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="https://www.w3.org/1999/xhtml" xml:lang="en">
<head>
    <title><?php print $pageTitle?></title>
        <link rel='stylesheet' type='text/css'
                href='css/calendar.css'></link>
</head>
<body>
<div id='wrapper'>
    <div id='header'><h1>Kevin's Page</h1></div>
    <div id='sidebar'>
    <ul>
        <li><a href='calendar.php'>Calendar</a></li>
        <li><a href='comments.php'>Comments</a></li>
    </ul>
</div>
    <div id='content'>

bottom.php

    <!-- end of content div -->
    </div>
<!-- end of the wrapper div -->
</div>
</body>
</html>

comments.php

<?php
require('head.php');
require('db.php');
$pageTitle="Comments";
include('top.php');
if($_POST['submit'] && $_POST['submit']!=''){
        $comment = mysql_escape_string($_POST['comment']);
        $username = $_SESSION['username'];
        $insertQuery = "INSERT INTO comments (user_id,comment_text)
                                VALUES((SELECT id FROM users WHERE username='$username' ),'$comment')";
    //print $insertQuery;
    mysql_query($insertQuery);
}
$commentsList = "SELECT * FROM comments LEFT JOIN users on (comments.user_id = users.id)";
$res = mysql_query($commentsList);
while($comment = mysql_fetch_assoc($res)){
        print "<h2 class='comment-user'>".$comment['username']."</h2>";
        print "<p class='comment'>[".$comment['created']."] "
                .$comment['comment_text']."</p>";
}
?>
<form action='' method='POST'>
        <textarea name='comment' cols='30' rows='10'></textarea>
        <input type='submit' name='submit' value='submit'/>
</form>
<?php
include('bottom.php');
?>