Jump to content
Sign in to follow this  
NA05

login in php

Recommended Posts

how i login in php through oracle database. please experts help me in login form php through oracle perfect code

    <?php
    $username = $_POST["username"];
    $password = $_POST["password"];
    $con = oci_connect("user","pswrd","db");
    if(! $con)
    {
        die('Connection Failed'.oci_error());
    }
    $query = "SELECT username, password FROM users
    WHERE username=$username";
    $stmt = oci_parse($conn, $query);
    $row = oci_fetch_array($stmt, OCI_NUM);;
    if($row["username"]==$username && $row["password"]==$password)
        echo"You are a validated user.";
    else
        echo"Sorry, your credentials are not valid, Please try again.";
    ?>

and my html code is here...

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 

    "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>form</title>
</head>
<body>
<form method="post" action="login.php" >
  <table border="1" >
            <tr>
                <td><label for="username">username</label></td>
                <td><input type="text" 

                  name="username" id="username"></td>
            </tr>
            <tr>
                <td><label for="password">Password</label></td>
                <td><input name="password" 

                  type="password" id="password"></input></td>
            </tr>
            <tr>
                <td><input type="submit" value="Submit"/>
                <td><input type="reset" value="Reset"/>
            </tr>
    </table>
  </form>
</body>
</html>
Edited by NA05

Share this post


Link to post
Share on other sites

Like all SQL products, code like this is susceptible to SQL injection.

 

You want to utilize bind(bound) variables.   This page talks about the OCI drivers support for this:  http://php.net/manual/en/function.oci-bind-by-name.php

 

This is a pet peeve of mine, but I don't like to use double quotes, when I can use single quotes.  

 

if($row['username'] == $username && $row['password'] == $password)
    echo"You are a validated user.";
else
    echo 'Sorry, your credentials are not valid, Please try again.';
Use double quotes when you want interpolation (variable substitution). The obvious thing here is what you are going to do with this login. Often people will set some variables in a session.

 

 

if($row['username'] == $username && $row['password'] == $password) {
    echo"You are a validated user.";
    $_SESSION['username'] = $row['username'];
    $_SESSION['isLoggedIn'] = true;
} else {
    echo 'Sorry, your credentials are not valid, Please try again.';
    unset($_SESSION['username'];
    unset($_SESSION['isLoggedIn']);
}
Last but not least, your variable should be hashed or encrypted. This code assumes plain text passwords. No system should be storing plain text passwords.

 

Fortunately, PHP has made good password storage practices very easy for you -- use these:

 

https://secure.php.net/manual/en/function.password-hash.php

https://secure.php.net/manual/en/function.password-verify.php

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.