Jump to content

Login Code - PHP


Go to solution Solved by Jacques1,

Recommended Posts

Hello.. I'm learning php and after seeing tutorials, made ​​my first code to login. I need your help to find out if what I did is right, what needs to be improved (or even if everything is wrong) .. very grateful for your help / opinion .

Thank you

//This is my login page

<?php 
	session_start();
?>

<!DOCTYPE html>
<html>
<head>
	<title>Rede Social</title>
	<link rel="stylesheet" type="text/css" href="home.css">
</head>
<body>
	<?php 
		if(isset($_SESSION["tentarLogin"])){ 
			unset($_SESSION["tentarLogin"]); 
		}
		else{
			$_SESSION["msg"]="";
			$_SESSION["user"]="";
		}


	?>

	<h1 id="welcome">WELCOME!</h1>
	<form method="post" action="login.php" method="POST">
		<div class="login" id="login">
			<?php echo '<p id="welcome1">'.$_SESSION["msg"].'</p><br>' ;?>
			<input type = "text" id = "user" name="user" class="login-data" placeholder = "Username"  value=<?php echo $_SESSION["user"]?>><br>
			<input type = "password" id = "pass" name = "pass"class="login-data" placeholder = "Password" ><br>
			<div class="submit">
				<input type="submit" class ="submitButton" id="loginButton" value="LOGIN"><br>
				<input type="button" class ="submitButton" id="registarButton" onclick="location.href='/Rede%20Social/registar/registar.php'" value="REGISTAR">
			</div>
		</div>
	</form>
</body>
</html>
//This is my login form

<?php  
session_start();
$user = $_POST["user"];
$pass = $_POST["pass"];
$_SESSION["tentarLogin"] = "true";
if(strcmp($user,"roger")==0){

	if(strcmp($pass,"abreu")==0){
		header('Location: http://www.google.pt');
	}
	else{
		$_SESSION["user"]="roger";
		$_SESSION["msg"]="*Password errada!";
		header('location: /Rede%20Social/home/home.php');
	}
}
else{
	$_SESSION["msg"]="*Username inexistente!";
		header('location: /Rede%20Social/home/home.php');
	}



?>

Hello.. I'm learning php and after seeing tutorials, made ​​my first code to login. I need your help to find out if what I did is right, what needs to be improved (or even if everything is wrong) .. very grateful for your help / opinion . Thank you

Link to comment
https://forums.phpfreaks.com/topic/301940-login-code-php/
Share on other sites

  • Solution

The code is currently too trivial for any kind of meaningful feedback.

 

You have an HTML form, hard-coded dummy credentials and a few session values. That's great, but it doesn't really show anything. It would be a lot more interesting if you had an actual log-in system with a database and password hashes.

 

Until then, all I can say is this:

  • Learn and apply the basics of security as early as possible, especially when you write a log-in form. This includes HTML-escaping values before you insert them into your HTML markup so that an attacker cannot inject malicious JavaScript code.
  • Keep PHP and HTML separate. It makes no sense to do session management in the middle of the body element. You should have a block of PHP code on top of the script and then all HTML markup at the bottom. The only time you use PHP within HTML is when you need to display dynamic data (like the username from the session).
  • The register button which changes the location through JavaScript is odd. Use a plain old link instead.
  • When you redirect the user with a header() call, you must stop the script with an exit statement. Otherwise the code will keep running, which can have dangerous side effects.
  • Don't use spaces in URLs (or other characters which have to be encoded), and don't mix lowercase and uppercase letters. “Rede%20Social” is difficult to read and just ugly. Why not “rede-social”?
Edited by Jacques1
  • Like 1
Link to comment
https://forums.phpfreaks.com/topic/301940-login-code-php/#findComment-1536333
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.