// CHECK SESSION ID AGAINST CURRENT SESSION ID RECORDED AT LOGIN
// IF SESSION ID IS DIFFERENT, THEN RETURN TO LOGIN

<?  
header("Pragma: ");  
header("Cache-Control: ");  
header("Expires: Mon, 26 Jul 1980 05:00:00 GMT");  
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");  
header("Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate");  
header("Cache-Control: post-check=0, pre-check=0", false);  
//set global variables  
global $username,$password;  
   
// EDIT HERE TO SUIT YOUR NEEDS  
//set usernames and passwords  
//only letters and numbers (no spaces) Known as can contain spaces  
$uname[1] = "demo";  
$upass[1] = "demo";  
$known_as[1] = "demo user";  
//additional users can be added  
//$uname[2] = "demo";  
//$upass[2] = "demo";  
//$known_as[2] = "demo";  
   
   
//the login page  
$login_page = "index.php";  
//where to go after login  
$success_page = "1.php";  
//the path to validate.php  
$validate_path = "path to validate.php";  
//login failed error message  
$login_err = '<div align="center">Your User Name or Password was incorrect</b></div>';  
//no fields filled in  
$empty_err = '<div align="center"><b>You need to login with your User Name and Password</b></div>';  
//something entered that wasn't a letter or number error message  
$chr_err = '<div align="center"><b>Please retry</b></div>';  
// DO NOT EDIT BELOW HERE  
   
//if the form is empty and the cookie isn't set  
//then display error message the return to login  
   if($username == "" && $password == "" && !isset($_COOKIE["this_cookie"])){  
     print($empty_err);  
     include($login_page);  
     exit();  
   }  
   
//if the form is not empty and the cookie isn't set  
//then make sure that only letters and numbers are entered  
//if there are then display error message the return to login  
   if($username != "" || $password != "" && !isset($_COOKIE["this_cookie"])){    
     if (preg_match ("/[^a-zA-Z0-9]/", $username.$password)){    
       print($chr_err);  
       include($login_page);  
       exit();  
     }  
   }  
   
//if the cookie isn't set  
if (!isset($_COOKIE["this_cookie"]) ){  
$user_count = count($uname);  
$user_exists = false;  
   
// check through all the users to see if they exist  
for ($i = 1; $i <= $user_count; $i++) {  
   if ($uname[$i] == $username && $upass[$i] == $password){  
   $user_id=$i;  
   //$welcome_name = $known_as[$i];  
   $user_exists = true;  
   }  
}  
   
if(!$user_exists){  
     print ($login_err);  
     include($login_page);  
     exit();  
}  
   
//if the login is correct then set the cookie  
$cookie_val=crypt($uname[$user_id]);  
//set the cookie so it dies when the browser is closed  
setcookie ("name", $known_as[$user_id], 0);  
setcookie ("this_cookie", $cookie_val, 0);  
header("Location: $success_page");  
exit();  
}  
   
//if a user tries to access validate.php directly and they are logged in  
if($REQUEST_URI == $validate_path){  
echo "<html>\n<head>\n";  
echo "<title>Yor are logged in</title>\n";  
echo "</head>\n";  
echo "<body bgcolor=\"white\">\n";  
echo "You are logged in. <a href=%22%22.$success_page.%22/%22>Continue</a>\n";  
echo "</body>\n";  
echo "</html>\n";  
}  
?>