Jump to content

login in php


NA05

Recommended Posts

how i login in php through oracle database. please experts help me in login form php through oracle perfect code

    <?php
    $username = $_POST["username"];
    $password = $_POST["password"];
    $con = oci_connect("user","pswrd","db");
    if(! $con)
    {
        die('Connection Failed'.oci_error());
    }
    $query = "SELECT username, password FROM users
    WHERE username=$username";
    $stmt = oci_parse($conn, $query);
    $row = oci_fetch_array($stmt, OCI_NUM);;
    if($row["username"]==$username && $row["password"]==$password)
        echo"You are a validated user.";
    else
        echo"Sorry, your credentials are not valid, Please try again.";
    ?>

and my html code is here...

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 

    "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>form</title>
</head>
<body>
<form method="post" action="login.php" >
  <table border="1" >
            <tr>
                <td><label for="username">username</label></td>
                <td><input type="text" 

                  name="username" id="username"></td>
            </tr>
            <tr>
                <td><label for="password">Password</label></td>
                <td><input name="password" 

                  type="password" id="password"></input></td>
            </tr>
            <tr>
                <td><input type="submit" value="Submit"/>
                <td><input type="reset" value="Reset"/>
            </tr>
    </table>
  </form>
</body>
</html>
Link to comment
Share on other sites

Like all SQL products, code like this is susceptible to SQL injection.

 

You want to utilize bind(bound) variables.   This page talks about the OCI drivers support for this:  http://php.net/manual/en/function.oci-bind-by-name.php

 

This is a pet peeve of mine, but I don't like to use double quotes, when I can use single quotes.  

 

if($row['username'] == $username && $row['password'] == $password)
    echo"You are a validated user.";
else
    echo 'Sorry, your credentials are not valid, Please try again.';
Use double quotes when you want interpolation (variable substitution). The obvious thing here is what you are going to do with this login. Often people will set some variables in a session.

 

 

if($row['username'] == $username && $row['password'] == $password) {
    echo"You are a validated user.";
    $_SESSION['username'] = $row['username'];
    $_SESSION['isLoggedIn'] = true;
} else {
    echo 'Sorry, your credentials are not valid, Please try again.';
    unset($_SESSION['username'];
    unset($_SESSION['isLoggedIn']);
}
Last but not least, your variable should be hashed or encrypted. This code assumes plain text passwords. No system should be storing plain text passwords.

 

Fortunately, PHP has made good password storage practices very easy for you -- use these:

 

https://secure.php.net/manual/en/function.password-hash.php

https://secure.php.net/manual/en/function.password-verify.php

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.