PHP Login script tutorial
In
this tutorial, I create three php files for testing our code.1.
main_login.php
2. checklogin.php
3.
login_success.php
Steps
1.
Create table "members" in database "test".
2.
Create file main_login.php.
3. Create file checklogin.php.
4.
Create file login_success.php.
5. Create file logout.php
STEP 1: Create table "members"
For
testing this code, we need to create database "test" and
create table "members".
CREATE
TABLE `members` (
`id` int(4) NOT NULL auto_increment,
`username` varchar(65) NOT NULL default '',
`password` varchar(65) NOT NULL default '',
PRIMARY KEY (`id`)
) TYPE=MyISAM AUTO_INCREMENT=2 ;
`id` int(4) NOT NULL auto_increment,
`username` varchar(65) NOT NULL default '',
`password` varchar(65) NOT NULL default '',
PRIMARY KEY (`id`)
) TYPE=MyISAM AUTO_INCREMENT=2 ;
--
-- Dumping data for table `members`
--
-- Dumping data for table `members`
--
INSERT
INTO `members` VALUES (1, 'john', '1234');
STEP 2: Create file main_login.php
The
first file we need to create is "main_login.php" which is a
login form.
Code
<table
width="300" border="0" align="center"
cellpadding="0" cellspacing="1"
bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
STEP 3: Create file checklogin.php
We
have a login form in step 2, when a user submit their username and
password, PHP code in checklogin.php will check that this user exist
in our database or not.
If
user has the right username and password, then the code will register
username and password in the session and redirect to
"login_success.php". If username or password is wrong the
system will show "Wrong Username or Password".
Code
<?php
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name
//
Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
//
username and password sent from
form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
//
To protect MySQL injection (more
detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT
* FROM $tbl_name WHERE username='$myusername' and
password='$mypassword'";
$result=mysql_query($sql);
$result=mysql_query($sql);
//
Mysql_num_row is counting table
row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
STEP 4: Create file login_success.php
User
can't view this page if the session is not registered.
Code
//
Check if session is not registered, redirect back to main page.
// Put this code in first line of web page.
<?php
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>
<html>
<body>
Login Successful
</body>
</html>
// Put this code in first line of web page.
<?php
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>
<html>
<body>
Login Successful
</body>
</html>
STEP 5: Create file Logout.php
If
you want to logout, create this file.
The code in this file will destroy the session.
// Put this code in first line of web page.
<?php
session_start();
session_destroy();
?>
// Put this code in first line of web page.
<?php
session_start();
session_destroy();
?>
For PHP5 User - checklogin.php
Code
<?php
ob_start();
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name
ob_start();
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name
//
Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
//
Define $myusername and
$mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
//
To protect MySQL injection (more
detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT
* FROM $tbl_name WHERE username='$myusername' and
password='$mypassword'";
$result=mysql_query($sql);
$result=mysql_query($sql);
//
Mysql_num_row is counting table
row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
?>
Encrypting Password - Make your Login More Secure
Encrypting Password using md5() function
Using md5(); function to make your login system more secure.
Syntax
$password="123456";
md5($password);
Use md5(); to encrypts password to make it more secure
md5($password);
Use md5(); to encrypts password to make it more secure
Overview
Look
at these two databases, it's the same person and same info, the first
one we don't encrypt his password, but the second one we encrypted
his password.
.gif)
When
you encryte "john856" using this code, you'll see the
result
"ad65d5054042fda44ba3fdc97cee80c6"
This is not a random result, every time you encrypt the same password you will get the same result.
$password="john856";
$encrypt_password=md5($password);
"ad65d5054042fda44ba3fdc97cee80c6"
This is not a random result, every time you encrypt the same password you will get the same result.
$password="john856";
$encrypt_password=md5($password);
echo
$encrypt_password;
0 comments:
Post a Comment