Jump to content

very simple login system for novice

abhikerl

By abhikerl
in PHP Coding Help

 Share

Recommended Posts

abhikerl Newbie

abhikerl

Posted
Posted

Before having so much experience in php, I search for a login/logout script but couldn't get one as simple as possible just to help me understand the basic of login/logout script. So dear, after being more experience now, I am posting a very simple login/logout code that can help novice to understand.

 

login.html

 

<form action='process.php' method='POST' >

<table > <tr> <td >Username:  </td> <td > <input name="username" size="15"> </td></tr>

 

<tr><td >Password: </td> <td ><input type="password" name="password" size="15">  </td></tr>

<tr><td > <input type="submit" value="Login"> </td></tr>

</table>

 

</form>

 

process.php

 

<?php

session_start();

$username=$_POST["username"];

$password=$_POST["password"];

$enpassword=md5($pass);

 

include("databaseConnection.php");

 

 

$result = mysql_query("SELECT * FROM tblUser WHERE username='$username'AND password='$enpassword'");

 

if($row = mysql_fetch_array($result))

  {

  header("location:index.php");

  $_SESSION["valid_user"] = $username;

  $_SESSION["valid_id"]= $row['userid'];

 

}

  else

    {

header("location:login.html");

    }

 

?>

 

logout.php

 

<?php

session_start();

unset($_SESSION["valid_user"]);

unset($_SESSION['valid_id']);

header("location:login.html");

?>

 

Hope this will help !!!!!

 

 

Link to comment
Share on other sites
Andy-H Advanced Member

Andy-H

Posted
Posted

Why try and help people with this stuff, and don't show them how to do it properly. If they find it hard to understand, just keep the code neat and add comments to explain EVERYTHING. Showing people how to code and showing bad programming practice defeats the object of helping them in the first place...

Link to comment
Share on other sites
waynew Advanced Member

waynew

Posted
Posted 


if($row = mysql_fetch_array($result))
  {
  header("location:index.php");
   $_SESSION["valid_user"] = $username;
  $_SESSION["valid_id"]= $row['userid'];

}

 

And nobody seen the problem with this?

 

Also, stop SQL injection by:

 

$username=mysql_real_escape_string($_POST["username"]);
$password=mysql_real_escape_string($_POST["password"]);

 

Make sure you put:

 

include("databaseConnection.php");

 

ABOVE the mysql_real_escape_string as it needs a connection to work.

Link to comment
Share on other sites
Andy-H Advanced Member

Andy-H

Posted
Posted

db.php

<?php
/*    BLOCK COMMENT(multi-line)
replace `sql_user` with your mysql database user,`sql_pass` with your mysql password
and `sql_database` with the name of your mysql database.
*/

$mysql_user = "sql_usr";
$mysql_password = "sql_pass";
$mysql_database = "sql_db";

///// SINGLE LINE COMMENT --> create a connection or give an error reading if not possible.

$link = mysql_connect("localhost",$mysql_user,$mysql_password)
or die ("Unable to connect to MySQL server." . mysql_error);

///// Select your mysql database or give an error reading if not possible.

$db = mysql_select_db($mysql_database)
or die ("Unable to select requested database." . mysql_error);

?>

 

login.php

<?php
///// start a session to store $_SESSION variables which can be passed to any script with session_start() in it.
session_start();
///// require the db.php file to secure a connection to the mysql database.
require("db.php");

///// Store the postdata from the form into php variables.

$name = $_POST['username'];
$pass = $_POST['password'];

///// Secure the username variable $name from sql injection and encrypt the data stored in the $pass variable
///// it now doesn't need to be escaped from sql injection as md5() encrypts it to alpha-numeric characters.

$name = mysql_real_escape_string($name);  
///// for more info on this function visit >>> http://uk2.php.net/mysql_real_escape_string
$pass = md5($pass);
///// for more info on this function visit >>> http://uk2.php.net/md5

///// If submit button is clicked.

if (htmlspecialchars($_POST['submit']){

///// check if the variables have any data posted and stored in them...

if ( empty($name) && empty($pass) ){ ///// for more info on this function visit >>> http://uk2.php.net/empty
///// If the variables are empty echo an error reading.
echo "Please fill in all fields with the required information."; ///// echo the string in the "quotationmarks"
///// If the variables are not(!) empty.
}else{

///// Selects the given fields from the table of the database where the username is equal to the name given
///// in the pist data.

$query = "SELECT username , password FROM users WHERE username='$name' LIMIT 1";

///// querys the database or gives a mysql error if this isn't possible.

$result = mysql_query($query)or die(mysql_error());

/*
for more info on these function's visit 
>>> http://uk2.php.net/mysql_query
>>> http://uk2.php.net/mysql_error
*/

///// Returns the number or rows returned by a database query.

$num = mysql_numrows($result); ///// >>> http://uk2.php.net/mysql_numrows

if ($num == 0){ ///// If the number of rows returned by the query is equal to (==) zero(0)
///// Echo an error reading
echo "The username " . stripslashes(htmlentities($name, "ENT_QUOTES")) . " is not logged in our database.";
/*
>>> http://uk2.php.net/stripslashes     Does what it says on the tin.....
>>> http://uk2.php.net/htmlentities     Basically is a secure way of displaying user input (never trust your users)
*/
}else{ ///// If returned rows are greater that (>) zero(0).

$row = mysql_fetch_row($result); 
/*
Retrieve the data from the quiried row in the database.
>>> http://uk2.php.net/mysql_fetch_row
*/

$realName = $row[0]; ///// This is to start a session with correctly capitalised data. (get the username).
$realPass = $row[1];
/////Get the correct password (stored data should already be encrypted with md5() from registration).

if ($pass != $realPass){ ///// If given password is incorrect echo error reading.
echo "The password you have given is incorrect.";
}else{ ///// If password is correct and matched with the password in the database.

///// Begin a session `username` with the correctly capitalised username from the database.

$_SESSION['username'] = $realName;

///// Direct the user to the members area of your site.

Header("Location: membersArea.php");

}}}}
?>
///// The form for your login page.
<p align="center">
<form action="" method="post">
Username:	<input type="text" name="username" value="Username" onFocus="this.value='';" /><br />
Password:	<input type="password" name="password" value="password" onFocus="this.value='';" /><br />
<input type="submit" name="submit" value="Login" />
</form>
</p>

 

 

logout.php

 

<?php
session_start();				///// >>> http://uk2.php.net/session_start
session_destroy();				///// >>> http://uk2.php.net/session_destroy
Header("Location: index.php");	///// >>> http://uk2.php.net/header
?>

 

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.