phploginform

Question

npandu_24 0 Newbie Poster

15 Years Ago

how to create php login form like sql connction ans others

php

4 Contributors
4 Replies
101 Views
1 Day Discussion Span
Latest Post 15 Years Ago Latest Post by cwarn23

nav33n 472 Purple hazed!

15 Years Ago

Google "login form php". You will find atleast 10000 links.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

cwarn23 387 Occupation: Genius Team Colleague Featured Poster · Answer 1 · 2009-02-20T16:42:18+00:00

Below is a standard template I have made.

login.php

<? session_start();
$dbhost='localhost'; //database host (usually localhost)
$accountname='root'; //database username.
$password=''; //database password
$database='my_database'; //database name - not table
//configure the above variables.
 
 
$linkID = @mysql_connect($dbhost,$accountname,$password)
or die("Could not connect to MySQL server");
@mysql_select_db($database) or die("Could not select database");
 
//adjust mysql query accordingly 
$result=mysql_query("SELECT * FROM `users` WHERE `username`='".$_POST['username']."' AND `password`='".$_POST['password']."'");
 
if (isset($_POST['username']) && mysql_num_rows($result)==1)
    {
    $row=mysql_fetch_array($result);
    $_SESSION['username111']==$row['username'];
    unset($row);
    header('Location: index.php');
    //there should be no browser output before this line.
    }
?>
<form method='post'>
<input type='text' value='Admin' name='username'><br>
<input type='text' value='password' name='password'>
<input type='submit' value='submit'>
</form>

The above will redirect the user to index.php on login.

index.php

<?
session_start();
//below is how to check if a user is logged in.
if (!isset($_SESSION['username111']))
    {
    echo "You are not logged in.";
    //if not logged in this will occure.
    } else {
    //if logged in this will occure.
    echo "This is password protected content ".$_SESSION['username111'];
    }
?>

Hope that answers it.

jedi_ralf 0 Newbie Poster · Answer 2 · 2009-02-21T03:34:01+00:00

//adjust mysql query accordingly 
$result=mysql_query("SELECT * FROM `users` WHERE `username`='".$_POST['username']."' AND `password`='".$_POST['password']."'");

This doesn't seem very safe...

//adjust mysql query accordingly 
$result=mysql_query("SELECT * FROM `users` WHERE `username`='".mysql_real_escape_string($_POST['username'])."' AND `password`='".mysql_real_escape_string($_POST['password'])."'");

You need to use mysql_real_escape_string() to stop injection attacks.
http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php

cwarn23 387 Occupation: Genius Team Colleague Featured Poster · Answer 3 · 2009-02-21T13:26:43+00:00

This doesn't seem very safe...
//adjust mysql query accordingly 
$result=mysql_query("SELECT * FROM `users` WHERE `username`='".mysql_real_escape_string($_POST['username'])."' AND `password`='".mysql_real_escape_string($_POST['password'])."'");
You need to use mysql_real_escape_string() to stop injection attacks.
http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php

I guess I should have made a few security modifications to the code by now because it was a long time ago when I wrote that script and was new to mysql at the time. But yes, some security modifications may need to be made as it is a very basic script.