Rogerio Posted August 19, 2016 Share Posted August 19, 2016 Hello.. I'm learning php and after seeing tutorials, made my first code to login. I need your help to find out if what I did is right, what needs to be improved (or even if everything is wrong) .. very grateful for your help / opinion . Thank you //This is my login page <?php session_start(); ?> <!DOCTYPE html> <html> <head> <title>Rede Social</title> <link rel="stylesheet" type="text/css" href="home.css"> </head> <body> <?php if(isset($_SESSION["tentarLogin"])){ unset($_SESSION["tentarLogin"]); } else{ $_SESSION["msg"]=""; $_SESSION["user"]=""; } ?> <h1 id="welcome">WELCOME!</h1> <form method="post" action="login.php" method="POST"> <div class="login" id="login"> <?php echo '<p id="welcome1">'.$_SESSION["msg"].'</p><br>' ;?> <input type = "text" id = "user" name="user" class="login-data" placeholder = "Username" value=<?php echo $_SESSION["user"]?>><br> <input type = "password" id = "pass" name = "pass"class="login-data" placeholder = "Password" ><br> <div class="submit"> <input type="submit" class ="submitButton" id="loginButton" value="LOGIN"><br> <input type="button" class ="submitButton" id="registarButton" onclick="location.href='/Rede%20Social/registar/registar.php'" value="REGISTAR"> </div> </div> </form> </body> </html> //This is my login form <?php session_start(); $user = $_POST["user"]; $pass = $_POST["pass"]; $_SESSION["tentarLogin"] = "true"; if(strcmp($user,"roger")==0){ if(strcmp($pass,"abreu")==0){ header('Location: http://www.google.pt'); } else{ $_SESSION["user"]="roger"; $_SESSION["msg"]="*Password errada!"; header('location: /Rede%20Social/home/home.php'); } } else{ $_SESSION["msg"]="*Username inexistente!"; header('location: /Rede%20Social/home/home.php'); } ?> Hello.. I'm learning php and after seeing tutorials, made my first code to login. I need your help to find out if what I did is right, what needs to be improved (or even if everything is wrong) .. very grateful for your help / opinion . Thank you Quote Link to comment https://forums.phpfreaks.com/topic/301940-login-code-php/ Share on other sites More sharing options...
benanamen Posted August 19, 2016 Share Posted August 19, 2016 That is not any kind of login code. Quote Link to comment https://forums.phpfreaks.com/topic/301940-login-code-php/#findComment-1536329 Share on other sites More sharing options...
Rogerio Posted August 19, 2016 Author Share Posted August 19, 2016 benanamen ok. Can please help me understand what is wrong? Why isn't a login code? Quote Link to comment https://forums.phpfreaks.com/topic/301940-login-code-php/#findComment-1536330 Share on other sites More sharing options...
Solution Jacques1 Posted August 19, 2016 Solution Share Posted August 19, 2016 (edited) The code is currently too trivial for any kind of meaningful feedback. You have an HTML form, hard-coded dummy credentials and a few session values. That's great, but it doesn't really show anything. It would be a lot more interesting if you had an actual log-in system with a database and password hashes. Until then, all I can say is this: Learn and apply the basics of security as early as possible, especially when you write a log-in form. This includes HTML-escaping values before you insert them into your HTML markup so that an attacker cannot inject malicious JavaScript code. Keep PHP and HTML separate. It makes no sense to do session management in the middle of the body element. You should have a block of PHP code on top of the script and then all HTML markup at the bottom. The only time you use PHP within HTML is when you need to display dynamic data (like the username from the session). The register button which changes the location through JavaScript is odd. Use a plain old link instead. When you redirect the user with a header() call, you must stop the script with an exit statement. Otherwise the code will keep running, which can have dangerous side effects. Don't use spaces in URLs (or other characters which have to be encoded), and don't mix lowercase and uppercase letters. “Rede%20Social” is difficult to read and just ugly. Why not “rede-social”? Edited August 19, 2016 by Jacques1 1 Quote Link to comment https://forums.phpfreaks.com/topic/301940-login-code-php/#findComment-1536333 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.