mijn script:
<?php
error_reporting(E_ALL);
session_start();
include("config.php");
include("functions.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">;
<html xmlns="http://www.w3.org/1999/xhtml">;
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title></title>
<style type="text/css">
body {
background-color:#000000;
font-family: Arial, Helvetica, sans-serif;
font-weight: normal;
font-style: normal;
line-height: 18px;
color: #FF0000;
}
</style>
</head>
<body>
<?php
if(!isset($_COOKIE['last_active']))
{
if(isset($_SESSION['user_id']))
{
mysql_query("UPDATE tbl_users SET user_lastactive = NOW() WHERE user_id = '" . $_SESSION['user_id'] . "'") or die(mysql_error());
setcookie("last_active",true,time()+5);
}
}
if(!isset($_SESSION['user_id']))
{
if(isset($_POST['login']))
{
$query = mysql_query("SELECT * FROM tbl_users WHERE user_name = '" . $_POST['user'] . "' AND user_pass = '" . md5($_POST['pass']) . "'");
$result = mysql_num_rows($query);
if(empty($result))
{
echo "<script>alert('Login Incorrect.'); document.location.href=('index.php')</script>";
}
else
{
while($row = mysql_fetch_assoc($query))
{
$user_id = $row['user_id'];
}
header("Location: index.php");
$_SESSION['user_id'] = $user_id;
}
}
else
{
?>
<h1>Log In</h1>
<form method="POST">
<input type="hidden" value="1" name="login">
Username : <input type="text" name="user" maxlength="15"><br>
Password : <input type="password" name="pass" maxlength="15"><br><br>
<input type="Submit" value="Login"><br><br>
<img src="icons/register.gif"> <a href="register.php">Register</a><br>
<img src="icons/memberlist.gif"> <a href="memberlist.php">Memberlist</a><br>
<img src="icons/admin.gif"> <a href="admin.php">admin</a>
<?
}
}
else
{
$query = mysql_query("SELECT * FROM tbl_users WHERE user_id = '" . $_SESSION['user_id'] . "'");
while($row = mysql_fetch_assoc($query))
{
echo "Username : <b>" . $row['user_name']. "</b>";
if($row['user_pm'])
{
$msg = mysql_result(mysql_query("SELECT COUNT(1) FROM tbl_msg WHERE msg_to = '" . $_SESSION['user_id'] . "'"),0);
if(empty($msg))
{
$msg = "<font color=\"#008000\">Empty</font>";
}
elseif($msg >= $cfg['max_msg'])
{
$msg = "<font color=\"#FF0000\">FULL</font>";
}
else
{
$msg = $msg . " / " . $cfg['max_msg'];
}
echo "<br>\n";
echo "Inbox : <b>". $msg ."</b> ( <a href=\"msg.php?act=inbox\">Open</a> )";
}
}
echo "<br>\n<br>\n";
if(isset($_SESSION['admin_login']))
{
echo "<img src=\"icons/admin.gif\"> <a href=\"admin.php\">Admin Page</a>";
echo "<br>\n";
}
echo "<img src=\"icons/memberlist.gif\"> <a href=\"memberlist.php\">Memberlist</a>";
echo "<br>\n";
echo "<img src=\"icons/profile.gif\"> <a href=\"profile.php?act=edit_profile\">Change Profile</a>";
echo "<br>\n";
echo "<img src=\"icons/profile.gif\"> <a href=\"profile.php?act=view&user_id=" . $_SESSION['user_id'] . "\">My Profile</a>";
echo "<br>\n";
echo "<img src=\"icons/logoff.gif\"> <a href=\"logoff.php\">Log Off</a>";
}
?>
</body>
</html>
de site waar hij op staat:http://members.lycos.nl/jordy01/index.php
test account
gebruikersnaam : test
wachtwoord:test3214
773 views
