View more random threads:
Code:
<?php
/*
Login script example
- displays a form for entering username and password
- checks wheter username and password exist in database and match
- if no match is found, clears the form and displays an error message
- if exactly one match is found, redirects user to another page
Tip: make page look nicer with some CSS
For this login example you will need working database (mySql used here), and
some test data as per instructions below (or you can use phpmyadmin or similar app)
Test data (2 users):
username 1: misterx
password 1: secretpassword1
hashed password1: (d5f835dbe946b420e1dacde0558078b4eee36745)
username 2: mistery
password 2: secretpassword2
hashed password2: (fd021e83bf64b46a2a7b707441dd167bc43749d4)
Prepare database 'mydatabase' with table 'user' and some test data
1. Use this or similar query to create database 'mydatabase'
CREATE DATABASE `mydatabase` ;
2.create DB user named 'testdbuser' with password 'verysecretdbpassword' and
granthim privileges
CREATE USER 'testdbuser'@'%' IDENTIFIED BY 'verysecretdbpassword';
GRANT ALL PRIVILEGES ON * . * TO 'testdbuser'@'%'
IDENTIFIED BY 'verysecretdbpassword'
WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0
MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
3. Use this or similar query to create table 'users' in database 'mydatabase'
CREATE TABLE `mydatabase`.`users` (
`id` MEDIUMINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY COMMENT 'ID (primary key)',
`username` VARCHAR( 24 ) NOT NULL COMMENT 'Username (max 24 chars)',
`hpassword` CHAR( 40 ) NOT NULL COMMENT 'sha1 hashed password'
) ENGINE = InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci COMMENT = 'Users table';
4. Use this query to insert above test data into the table 'users'
INSERT INTO `users` (`id`, `username`, `hpassword`) VALUES (NULL , 'misterx', '298e6df75f76926af93925e7a34e060ea523a363');
INSERT INTO `users` (`id`, `username`, `hpassword`) VALUES (NULL , 'mistery', '05b68c5b67e2c7a95cc86e4ee26778e5d9c77c6c');
*/
// start session
session_start();
// set session variable that identifies valid user to 0 until user submits
// valid username and passwordusername
$_SESSION['valid_user'] = 0;
// a variable that will hold error message if needed
$msg = '';
// check wheter user has submitted a username and/or password
if(isset($_POST['username']) or isset($_POST['password'])) {
// if both username and password are submitted and not empty
if(isset($_POST['username']) and !empty($_POST['username']) and
isset($_POST['password']) and !empty($_POST['password'])) {
// asign posted values to variables and trim possible spacess before and
// after the strings
$username = trim($_POST['username']);
$password = trim($_POST['password']);
// passwords stored in the users database are hashed with sha1 therefore
// submited password has also be hashed so values can be compared
$hpassword = sha1($password);
// prepare database connection
$conn = mysqli_connect('localhost', 'testdbuser', 'verysecretdbpassword', 'mydatabase')
or die ('ERROR: Can not connect to the database!');
// prepare query to select a user with submitted username and hashed
// submitted password (to check for the match)
$query = "SELECT username, hpassword FROM users ";
$query .= "WHERE username='$username' AND hpassword='$hpassword'";
// get the result of the query
$res = mysqli_query($conn, $query);
// if mysqli_query was successful and if one row was returned from query
// we have a match, the username and password are OK
// (if no rows returned username and password did not match, if more than
// 1 row returned we have entered one user more times which is incorrect
if($res and mysqli_num_rows($res) == 1) {
// set session variable that identifies valid user to 1
$_SESSION['valid_user'] = 1;
// redirect user to login_success.php page
header("location:login_success.php");
//just in case anything goes wrong from here end the script
die();
}
// if no rows are returned username and password did not match
// (or if more than 1 row returned we have entered one user many times
// which is incorrect)
else {
// again set session variable that identifies valid user to 0
$_SESSION['valid_user'] = 0;
// prepare error message
$msg = 'Please enter correct username and password!';
}
}
// if only username or only password was submitted
else {
// again set session variable that identifies valid user to 0
$_SESSION['valid_user'] = 0;
// prepare error message
$msg = 'Please enter correct username and password!';
}
}
?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3c.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Login</title>
</head>
<body>
<!-- Form will be submitted to itself -->
<form action="#" method="post">
<p>Please login</p>
<div class="login"><input name="username" type="text" id="username" /></div>
<div class="login"><input name="password" type="password" id="password" /></div>
<div class="login"><input type="submit" name="submit" value="Login"></div>
<!-- Possible error messages will be displayed here -->
<div class="error-message"><p><?php echo $msg ?></p></div>
</form>
</body>
</html>
Sponsored Links