okay.
her får du koden:
<?php
include 'ConnectDB.php';
$CConn = new ConnectDB;
if(isset($_GET['generate']) && !isset($_POST['submit'])){
//generere automatisk et password og brugernavn
$passw= md5($pwd);
echo '<p> Brugernavn : '.$newuser.'</p>';// prints the password
echo '<p> Brug denne password: '.$pwd.'</p>';// prints the password
echo '<p> Med denne brugernavn og password vil du være bruger af gruppe 1</p>';
echo '<p> Password i krypterede form: '.$passw.'</p>';// prints the password
}
// if form has been submitted
if(isset($_POST['Submit'])) {
echo '<p> submit </p>';
if(isset($generate)){
$resultset = $CConn->query("SELECT Id FROM Person WHERE UserName='".$newuser."'");
if(!mysql_num_rows($resultset)){
$querystr = "INSERT INTO Person(UserName, Password)";
$querystr .= " values ('".$newuser."', '".$passw."')";
$CConn->query($querystr);
$resultsetID = $CConn->query("SELECT MAX(Id) FROM Person");
$rowId = mysql_fetch_row($resultsetID);
$personId = $rowId[0];
$querystreng = "INSERT INTO Person_Department";
$querystreng .= " values ('".$personId."', '1')";
$CConn->query($querystreng);
}
}
// check they filled in what they were supposed to and authenticate
$flag=true;
if(!isset($_POST['uname'])){
$flag= false;
}
if(!isset($_POST['passwd'])){
$flag= false;
}
if($flag==true){
// authenticate.
if(!get_magic_quotes_gpc()) {
$_POST['uname'] = addslashes($_POST['uname']);
}
$check = $CConn->query("SELECT * FROM Person WHERE UserName = '".$_POST['uname']."'");
if(!mysql_num_rows($check)){
$flag= false;
}
while($info = mysql_fetch_row($check)){
$info['0'] = stripslashes($info['0']);
$info['1'] = stripslashes($info['1']);
$info['2'] = stripslashes($info['2']);
}
mysql_free_result($check);
// check passwords match
$_POST['passwd'] = stripslashes($_POST['passwd']);
$info['1'] = stripslashes($info['1']);
$_POST['passwd'] = md5($_POST['passwd']);
if($_POST['passwd'] != $info['1']) {
$flag= false;
}
else if($info['2']=='9'){
$flag= false;
}
// if we get here username and password are correct, register session variables and set
$_POST['uname'] = stripslashes($_POST['uname']);
$_SESSION['Id'] = $info['0'];
$_SESSION['UserName'] = $_POST['uname'];
$_SESSION['Password'] = $_POST['passwd'];
$_SESSION['Level'] = $info['2'];
if($info['2']=='0'){
echo'<p>Vent et øjeblik, skal rette username and password</p>';
//bla bla
}
else if($info['2']=='1' ||$info['2']=='2'){
echo'<h1>Logged in</h1>';
echo'<p>Welcome back '.$_SESSION['username'].', you are logged in.</p>';
//redirect user to right place
}
}//END OF IF($flag==true)
}//END OF IF($_POST['submit'])
$CConn->close();
if(!isset($_GET['generate']) || !isset($_POST['Submit']) || !isset($flag)==true){
?>
<form name="form1" id="form1" method="POST" action="<?php $_SERVER['PHP_SELF']?>">
<table align="center" width="200" border="1" cellpadding="10">
<th colspan=2 align=left>Login</th>
<tr>
<td width="70">Username</td>
<td width="76"><input name="uname" type="text" size="30" maxlength="20" /></td>
</tr>
<tr>
<td>Password</td>
<td><input name="passwd" type="password" size="30" maxlength="20" /></td>
</tr>
<tr>
<td> </td>
<td align="center"><input type="submit" name="Submit" value="Submit" style='width: 80px ' /></td>
</tr>
</table>
</form>
<p> </p>
<p><a href="logon.php?generate">Generere password</a></p>
<p> </p>
<p>Brug eksisterende brugernavn & password</p>
<?php
}
?>
