<?php
function con() {
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("main")or die(mysql_error());
$connected = $_SESSION['connected'] = true;
}
function getinfo() {
$string = "SELECT * FROM info";
$q = mysql_query($string) or die(mysql_error());
while($query = mysql_fetch_array($q)) {
echo "id: " . $query['id'] . $query['msg'] . "<BR>";
}
}
function writeform() {
echo '
<form action="" method="post">
<table bgcolor="#111" width="274" border="0" align="center">
<tr>
<td colspan="2" align="center" bgcolor="#333">Authentication Required</td>
</tr>
<tr>
<td width="94" align="center" bgcolor="#333">Username:</td>
<td width="170" align="center" bgcolor="#333"><input type="text" name="username"></td>
</tr>
<tr>
<td align="center" bgcolor="#333">Password :</td>
<td align="center" bgcolor="#333"><input type="password" name="password"></td>
</tr>
<tr>
<td colspan="2" align="center" bgcolor="#333"><input type="submit" name="submit" value="login"></td>
</tr>
</table>
</form>';
}
function checklogin() {
if(isset($_SESSION['loggedin']) and isset($_POST['username'])) {
$_SESSION['username'] = $username;
echo "Logged in as user : $username";
} else { include("news.php");}
}
function login() {
if(isset($_POST['username']) and isset($_POST['password'])) {
$username = $_POST['username'];
$username = stripslashes($username);
$username = mysql_real_escape_string($username);
$password = $_POST['password'];
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
}
$sql_string = "SELECT * FROM login WHERE username = '$username' and password = '$password'";
$sql_query = mysql_query($sql_string) or die (mysql_error());
if(mysql_num_rows>0){
echo "Logged in successfully";
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $username;
} //end mysql_num_rows
}
function secureuserpost() {
//testing$isset = Array(id,username,password,location,website,facebook,occupation,avatar,active)
$id = NULL;
$username = $_POST['username'];
$username = stripslashes($username);
$username = mysql_real_escape_string($username);
global $username;
$password = $_POST['password'];
$password = stripslashes($password);
$password = mysql_real_escape_string($password);
global $password;
$location = $_POST['location'];
$location = stripslashes($location);
$location = mysql_real_escape_string($location);
global $location;
$website = $_POST['website'];
$website = stripslashes($website);
$website = mysql_real_escape_string($website);
global $website;
$facebook = $_POST['facebook'];
$facebook = stripslashes($facebook);
$facebook = mysql_real_escape_string($facebook);
global $facebook;
$occupation = $_POST['occupation'];
$occupation = stripslashes($occupation);
$occupation = mysql_real_escape_string($occupation);
global $occupation;
$avatar = $_POST['avatar'];
$avatar = stripslashes($avatar);
$avatar = mysql_real_escape_string($avatar);
global $avatar;
}
function adminlogincheck() {
//fix later//
if(isset($_SESSION['loggedin']) and isset($_POST['username'])) {
if(isset($_POST['submit'])) {
if(isset($_POST['username']) and isset($_POST['password'])) {
$username = $_POST['username'];
$username = stripslashes($username);
$username = mysql_real_escape_string($username);
$password = $_POST['password'];
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
} //end if $_POST['username'] and password
$sql_string = "SELECT * FROM admin_login WHERE username = '$username' and password = '$password'";
$sql_query = mysql_query($sql_string) or die (mysql_error());
if(mysql_num_rows>0){
echo "Logged in successfully";
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $username;
} //end mysql_num_rows
}/*end isset $_POST['submit'] */ else {
echo "nothing submitted";
}
} //end login checkup
else writeform();
} //end function
function addinfo($data) {
con();
$msg = $_POST['msg'];
$msg = stripslashes($msg);
$msg = mysql_real_escape_string($msg);
$insert_query_line = "INSERT INTO info (id, msg) VALUES (NULL, '$msg')";
$data = mysql_query($insert_query_line) or die ("<center>" . "<pre>" . "Error Adding Values:" . mysql_error() . "</pre>" . "</center>");
}
function adduser($id,$username,$password,$location,$website,$facebook,$occupation,$avatar,$active) {
secureuserpost();
$q = "INSERT INTO login (id,username,password,location,website,facebook,occupation,avatar,active) VALUES ($id,$username,$password,$location,$website,$facebook,$occupation,$avatar,'no')";
$query = mysql_query($q) or die(mysql_error());
}
?>
views:
24answers:
1
A:
Not terrible, but I have some suggestions:
None of your functions have parameters. Instead, you use only global variables. There is no need to do this. You can have
function securepost($key) {
return isset($_POST[$key])
? stripslashes(mysql_real_escape_string($_POST[$key]))
: NULL
}
Then instead of sanitizing your post vars as you need them, you can just call
$var = post('password'); //etc.
functions are really supposed to be wrappers for common behavior, macros in a way. You don't need to define entire specific behavior and encapsulate them in functions.
mysql_connect("localhost", "root", "") or die(mysql_error()); is redundant. mysql_connect() already asserts a warning if it fails.
In getinfo(), you don't need to do SELECT *. Just select the data you need like SELECT id, msg ...
mysql_num_rows should be mysql_num_rows() I think.
tandu
2010-10-10 00:05:42