21,886
社区成员
发帖
与我相关
我的任务
分享
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<LINK REL=stylesheet HREF="inc/my.css" TYPE="text/css">
<title>登录窗口</title>
</head>
<body>
<?php
include 'inc/header.php';
?>
<p> </p><p> </p>
<form name="form1" method="post" action="loginprocess.php">
<table border="0" align="center">
<tr>
<td><div align="right">用户名</div></td>
<td><input name="username" type="text" size="20" maxlength="20"></td>
</tr>
<tr>
<td><div align="right">密码</div></td>
<td><input name="password" type="password" size="20" maxlength="20"></td>
</tr>
<tr>
<td><div align="right">
<input type="submit" name="Submit" value="提交">
</div></td>
<td>
<div align="right">
<input type="Reset" name="Reset" value="取消">
</div></td>
</tr>
</table>
</form>
<p> </p>
<p> </p><p> </p><p> </p><p> </p><p> </p>
<?php
include "inc/tailer.php";
?>
</body>
</html>
<?php
include 'inc/conn.php';
include 'inc/para.php';
$username = $_REQUEST[username];
$password = $_REQUEST[password];
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$result=mysql_query("select id, pass,realname from user where username='" . $username . "' and pass= PASSWORD('" . $password . "');")
or die("Can't Query:". mysql_error());
if($row = mysql_fetch_array($result)){
//valid user processing
$id=$row[0];
//set cookie
$time=date("Y-m-d H:i:s",time());
$cookie=md5($row[1] . $time);
mysql_query("update user set lastlogintime='". $time . "' where id=" . $id .";") or die("Cannot Update lastlogintime:". mysql_error());
setcookie("Id",$id,time()+1800);
setcookie("Sno",$cookie,time()+1800);
setcookie("RealName",$row[2]);
mysql_free_result($result);
//redirect to upload
header("Location:http://" . $WebAddress . $WebDir ."xxxx.php");
} else {
mysql_free_result($result);
//invalid user processing
header("Location:http://" . $WebAddress . $WebDir ."loginerr.php");
}
?>