php script - mysql

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head lang="en"><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><meta name="robots" content="noindex,nofollow"><meta name="Description" content="test page for user login screening of a forum create thread system in early stages of process design"><meta name="Keywords" content=""><meta name="Author" content="Samuel A Marchant nicephotog@gmail.com 2009"><title>create thread wild-canidae-conservation-forum.netne.net</title><!-- <link href="CSS-FILE-NAME.css" type="text/css" rel="stylesheet"> --></head><body id="" style=":;"><!--created by SUcommanderXer Last Pre Beta www.nicephotog-jsp.netThis php page script name: "createbean.php" is an adaptation of the in-page php - MySQL logged-in screening userbean from the now no longer, www.nicephotog-jvm.net site that issuperceded by the www.nicephotog-jsp.net site.--><?if(!isset($HTTP_GET_VARS['usern'])){# print message here or return to index or message page e.g. location: header re: login and no password}else{# now setup database link to check login and postID's etc# THE SCRIPT HERE is FOR EMBEDDING IN THE PAGES THAT ARE USED AFTER LOGIN# make php heredoc$formhtm = <<<FRMD<form name="createthread" action="create.php" method="POST"><input name="createname" type="text" size="100" value=""><textarea name="createinf" cols="100" rows="20" value=""></textarea><input name="createsend" type="button" value="start thread"><input name="usern" type="hidden" value="$val_name"></form>FRMD;$val_name=$HTTP_GET_VARS['usern']; # to be from the $get-var# $val_name=$HTTP_GET_VARS['pssw']; ## test url http://wild-canidae-conservation-forum.netne.net/createbean.php?usern=nicephotog# set the column to choose from in the query condition for comparison$col_name="namescolumn"; # column name# ready the loop as running $checkbool=1;# ready db connection $dbqy = mysql_connect("mysql.host.somewhere.com","SOMEdbUSERNAME","s0m1ep2a3s4s5w6o7d"); # 3306 is the default port# or die('Signup script signup.php did not connect to database',''.mysql_error()); ## select the db and open db connectionmysql_select_db('DATABASEnameTOuse',$dbqy);# build the query command line with the recieved information from the ?URL$sqlqry = 'select if('.$col_name.'=\''.$val_name.'\',\'USEREXISTS\',\'NOUSENAME\') from tableNAMEtoUSE where ('.$col_name.'=\''.$val_name.'\' || '.$col_name.'=\'anonymous\')';# "anonymous" is a dummy in the namescolumn# commit the query$sql_entry_status = mysql_query($sqlqry,$dbqy);$template='USEREXISTS'; # comparitor in the IF statement that we want to find#while(($rw = mysql_fetch_array($sql_entry_status,MYSQL_NUM)) && ($checkbool!=0)){ ## terminate when user found## print($rw[0]."\n"."\n"."<br>");if(!eregi(($template."+"),$rw[0])){ # commit a regex function that returns a boolean to find the user$checkbool=1; # this remains if no user is found}else{$checkbool=0; # stop the loop and allow the process below to proceed} #enels} # enwhl#if($checkbool==1){ # terminate the script NO ACCEPTABLE USER PARAMETERS WERE FOUNDprint("You do not appear to be listed in the database , Please sign up to use this site");mysql_free_result($sql_entry_status);mysql_close($dbqy);exit();}mysql_free_result($sql_entry_status);mysql_close($dbqy);#if($checkbool==0){print($formhtm);}else{print("the information does not appear to be valid");}}# end if is not isset?></body></html>