Login script much less demanding on resources

.htaccess

@@ -24,3 +24,15 @@ RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule . /index.php [L]
 </IfModule>
+
+### activate mod_expires
+ExpiresActive On
+### Expire .gif's 1 month from when they're accessed
+ExpiresByType image/gif A2592000
+### Expire everything else 1 day from when it's last modified
+### (this uses the Alternative syntax)
+ExpiresDefault "modification plus 1 day"
+### Apply a Cache-Control header to all files
+<Files *>
+Header append Cache-Control "public, must-revalidate"
+</Files>

functions.inc.php

@@ -175,14 +175,14 @@ function jumpMenu(){
 function addToDatabase($post){
 	include_once('db.inc.php');
 
-	$datetime = $post['datetime'];
-	$business_id = $post['business_id'];
-	$payment_type = $post['payment_type'];
-	$card = $post['card'];
-	$currency = $post['currency'];
-	$amount = $post['amount'];
-	$purpose = $post['purpose'];
-	$items = $post['items'];
+	$datetime = clean($post['datetime']);
+	$business_id = clean($post['business_id']);
+	$payment_type = clean($post['payment_type']);
+	$card = clean($post['card']);
+	$currency = clean($post['currency']);
+	$amount = clean($post['amount']);
+	$purpose = clean($post['purpose']);
+	$items = clean($post['items']);
 
 	if($card == "NULL"){
 		$query = "INSERT INTO `".PURCHASES_TABLE."` (`id`, `datetime`, `business_id`, `payment_type`, `card`, `currency`, `amount`, `purpose`, `items`) VALUES (NULL, '$datetime', '$business_id', '$payment_type', NULL, '$currency', '$amount', '$purpose', '$items')";
@@ -197,15 +197,15 @@ function addToDatabase($post){
 function updateInDatabase($post){
 	include_once('db.inc.php');
 
-	$id = $post['id'];
-	$datetime = $post['datetime'];
-	$business_id = $post['business_id'];
-	$payment_type = $post['payment_type'];
-	$card = $post['card'];
-	$currency = $post['currency'];
-	$amount = $post['amount'];
-	$purpose = $post['purpose'];
-	$items = $post['items'];
+	$id = clean($post['id']);
+	$datetime = clean($post['datetime']);
+	$business_id = clean($post['business_id']);
+	$payment_type = clean($post['payment_type']);
+	$card = clean($post['card']);
+	$currency = clean($post['currency']);
+	$amount = clean($post['amount']);
+	$purpose = clean($post['purpose']);
+	$items = clean($post['items']);
 
 	if($card == "NULL"){
 		$query = "UPDATE `".PURCHASES_TABLE."` SET `datetime` = '$datetime', `business_id` = '$business_id', `payment_type` = '$payment_type', `card` = NULL, `currency` = '$currency', `amount` = '$amount', `purpose` = '$purpose', `items` = '$items' WHERE `montreal_purchases`.`id` = $id";
@@ -218,9 +218,9 @@ function updateInDatabase($post){
 
 function addBusiness($post){
 	include_once('db.inc.php');
-	$place_name = $post['place_name'];
-	$address = $post['address'];
-	$phone = $post['phone'];
+	$place_name = clean($post['place_name']);
+	$address = clean($post['address']);
+	$phone = clean($post['phone']);
 	if($phone == "+1"){
 		$phone = "";
 	}
@@ -240,10 +240,10 @@ function addBusiness($post){
 
 function updateBusiness($post){
 	include_once('db.inc.php');
-	$id = $post['id'];
-	$place_name = $post['place_name'];
-	$address = $post['address'];
-	$phone = $post['phone'];
+	$id = clean($post['id']);
+	$place_name = clean($post['place_name']);
+	$address = clean($post['address']);
+	$phone = clean($post['phone']);
 	if($phone == "+1"){
 		$phone = "";
 	}
@@ -267,6 +267,16 @@ function clean_search($search_query){
 	return $search_query;
 }
 
+# clean up some user input (forms)
+function clean($dirty){
+	if (get_magic_quotes_gpc()) {
+		$clean = mysql_real_escape_string(stripslashes($dirty));	 
+	}else{
+		$clean = mysql_real_escape_string($dirty);	
+	} 
+	return $clean;
+}
+
 # reroute
 function reroute($new_page){
 	header("Location:$new_page");

login.css

@@ -0,0 +1,16 @@
+html, body {
+	margin:0;
+	padding:0;
+	font-family: "Geneva", "Lucida Grande", Helvetica, sans-serif;
+	clear:both;
+}
+
+div#container {
+	width:1000px;
+	margin:0 auto;
+	padding:0;
+}
+
+input {
+	font-size: 18px;
+}

login_logout.php

@@ -5,30 +5,30 @@
 }else{
 	if(isset($_POST['username']) && isset($_POST['password'])){
 		if($_POST['username'] == USERNAME && $_POST['password'] == USERPASS){
-			setcookie("loggedin", "true", time()+(60*60*12));
+			setcookie("loggedin", "true", time()+(60*60*12)); // 12 hours
 			header("http://mtl.parkr.me");
 		}else{
 			$error = "<h3>Username/Password was incorrect</h3>";
 		}
 	}else{ ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
-   "http://www.w3.org/TR/html4/loose.dtd">
-
-<html lang="en">
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
 <head>
-	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-	<title>Log In: Montreal</title>
+	<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
 	<meta name="author" content="Parker Moore">
-	<link href="default.css" rel="stylesheet" media="screen">
-	<script src="http://code.jquery.com/jquery-1.4.4.js" type="text/javascript"></script> 
-	<script src="/mtl.js" type="text/javascript"></script>
+	<title>Log In: Montreal</title>
+	<link href="/login.css" rel="stylesheet" media="screen">
 	<!-- Date: 2010-12-27 -->
 </head>
 <body>
 	<div id="container">
 		<h1>Log In</h1>
 		<?php echo isset($error) ? $error : ""; ?>
-		<form action="/login" method="post"><input name="username" type="text" /><input name="password" type="password" /><input type="submit"></form>
+		<form action="/login" method="post">
+			<input name="username" type="text">
+			<input name="password" type="password">
+			<input type="submit">
+		</form>
 	</div>
 </body>
 </html>