Sponsored Links


Results 1 to 2 of 2

Thread: PHP Login page and MySql 2011

  1. #1
    Administrator Vuhelper's Avatar
    Join Date
    Apr 2011
    Posts
    8,835

    Icon51 PHP Login page and MySql 2011

    Sponsored Links


    Code:
        <?php
        /*
        Login script example
        - displays a form for entering username and password
        - checks wheter username and password exist in database and match
        - if no match is found, clears the form and displays an error message
        - if exactly one match is found, redirects user to another page
         
        Tip: make page look nicer with some CSS
         
        For this login example you will need working database (mySql used here), and
        some test data as per instructions below (or you can use phpmyadmin or similar app)
         
        Test data (2 users):
         
        username 1: misterx
        password 1: secretpassword1
        hashed password1: (d5f835dbe946b420e1dacde0558078b4eee36745)
         
        username 2: mistery
        password 2: secretpassword2
        hashed password2: (fd021e83bf64b46a2a7b707441dd167bc43749d4)
         
        Prepare database 'mydatabase' with table 'user' and some test data
         
        1. Use this or similar query to create database 'mydatabase'
        CREATE DATABASE `mydatabase` ;
         
        2.create DB user named 'testdbuser' with password 'verysecretdbpassword' and
         granthim privileges
        CREATE USER 'testdbuser'@'%' IDENTIFIED BY 'verysecretdbpassword';
        GRANT ALL PRIVILEGES ON * . * TO 'testdbuser'@'%'
        IDENTIFIED BY 'verysecretdbpassword'
        WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0
          MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
         
        3. Use this or similar query to create table 'users' in database 'mydatabase'
        CREATE TABLE `mydatabase`.`users` (
        `id` MEDIUMINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY COMMENT 'ID (primary key)',
        `username` VARCHAR( 24 ) NOT NULL COMMENT 'Username (max 24 chars)',
        `hpassword` CHAR( 40 ) NOT NULL COMMENT 'sha1 hashed password'
        ) ENGINE = InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci COMMENT = 'Users table';
         
        4. Use this query to insert above test data into the table 'users'
        INSERT INTO `users` (`id`, `username`, `hpassword`) VALUES (NULL , 'misterx', '298e6df75f76926af93925e7a34e060ea523a363');
        INSERT INTO `users` (`id`, `username`, `hpassword`) VALUES (NULL , 'mistery', '05b68c5b67e2c7a95cc86e4ee26778e5d9c77c6c');
        */
         
        // start session
        session_start();
         
        // set session variable that identifies valid user to 0 until user submits
        // valid username and passwordusername
        $_SESSION['valid_user'] = 0;
         
        // a variable that will hold error message if needed
        $msg = '';
         
        // check wheter user has submitted a username and/or password
        if(isset($_POST['username']) or isset($_POST['password'])) {
         
        // if both username and password are submitted and not empty
        if(isset($_POST['username']) and !empty($_POST['username']) and
        isset($_POST['password']) and !empty($_POST['password'])) {
         
        // asign posted values to variables and trim possible spacess before and
        // after the strings
        $username = trim($_POST['username']);
        $password = trim($_POST['password']);
         
        // passwords stored in the users database are hashed with sha1 therefore
        // submited password has also be hashed so values can be compared
        $hpassword = sha1($password);
         
        // prepare database connection
        $conn = mysqli_connect('localhost', 'testdbuser', 'verysecretdbpassword', 'mydatabase')
        or die ('ERROR: Can not connect to the database!');
         
        // prepare query to select a user with submitted username and hashed
        // submitted password (to check for the match)
        $query = "SELECT username, hpassword FROM users ";
        $query .= "WHERE username='$username' AND hpassword='$hpassword'";
         
        // get the result of the query
        $res = mysqli_query($conn, $query);
         
        // if mysqli_query was successful and if one row was returned from query
        // we have a match, the username and password are OK
        // (if no rows returned username and password did not match, if more than
        // 1 row returned we have entered one user more times which is incorrect
        if($res and mysqli_num_rows($res) == 1) {
         
        // set session variable that identifies valid user to 1
        $_SESSION['valid_user'] = 1;
         
        // redirect user to login_success.php page
        header("location:login_success.php");
         
        //just in case anything goes wrong from here end the script
        die();
        }
         
        // if no rows are returned username and password did not match
        // (or if more than 1 row returned we have entered one user many times
        // which is incorrect)
        else {
         
        // again set session variable that identifies valid user to 0
        $_SESSION['valid_user'] = 0;
         
        // prepare error message
        $msg = 'Please enter correct username and password!';
        }
        }
         
        // if only username or only password was submitted
        else {
         
        // again set session variable that identifies valid user to 0
        $_SESSION['valid_user'] = 0;
         
        // prepare error message
        $msg = 'Please enter correct username and password!';
        }
        }
        ?>
        <!DOCTYPE html
        PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3c.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
        <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
         
        <head>
        <title>Login</title>
        </head>
         
        <body>
         
        <!-- Form will be submitted to itself -->
        <form action="#" method="post">
         
        <p>Please login</p>
         
        <div class="login"><input name="username" type="text" id="username" /></div>
         
        <div class="login"><input name="password" type="password" id="password" /></div>
         
        <div class="login"><input type="submit" name="submit" value="Login"></div>
         
        <!-- Possible error messages will be displayed here -->
        <div class="error-message"><p><?php echo $msg ?></p></div>
         
        </form>
         
        </body>
         
        </html>


    Sponsored Links

  2. Sponsored Links
  3. #2
    Junior Member
    Join Date
    Apr 2011
    Posts
    3
    Hard work pays
    Quote Originally Posted by Vuhelper View Post
    Code:
        <?php
        /*
        Login script example
        - displays a form for entering username and password
        - checks wheter username and password exist in database and match
        - if no match is found, clears the form and displays an error message
        - if exactly one match is found, redirects user to another page
         
        Tip: make page look nicer with some CSS
         
        For this login example you will need working database (mySql used here), and
        some test data as per instructions below (or you can use phpmyadmin or similar app)
         
        Test data (2 users):
         
        username 1: misterx
        password 1: secretpassword1
        hashed password1: (d5f835dbe946b420e1dacde0558078b4eee36745)
         
        username 2: mistery
        password 2: secretpassword2
        hashed password2: (fd021e83bf64b46a2a7b707441dd167bc43749d4)
         
        Prepare database 'mydatabase' with table 'user' and some test data
         
        1. Use this or similar query to create database 'mydatabase'
        CREATE DATABASE `mydatabase` ;
         
        2.create DB user named 'testdbuser' with password 'verysecretdbpassword' and
         granthim privileges
        CREATE USER 'testdbuser'@'%' IDENTIFIED BY 'verysecretdbpassword';
        GRANT ALL PRIVILEGES ON * . * TO 'testdbuser'@'%'
        IDENTIFIED BY 'verysecretdbpassword'
        WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0
          MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
         
        3. Use this or similar query to create table 'users' in database 'mydatabase'
        CREATE TABLE `mydatabase`.`users` (
        `id` MEDIUMINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY COMMENT 'ID (primary key)',
        `username` VARCHAR( 24 ) NOT NULL COMMENT 'Username (max 24 chars)',
        `hpassword` CHAR( 40 ) NOT NULL COMMENT 'sha1 hashed password'
        ) ENGINE = InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci COMMENT = 'Users table';
         
        4. Use this query to insert above test data into the table 'users'
        INSERT INTO `users` (`id`, `username`, `hpassword`) VALUES (NULL , 'misterx', '298e6df75f76926af93925e7a34e060ea523a363');
        INSERT INTO `users` (`id`, `username`, `hpassword`) VALUES (NULL , 'mistery', '05b68c5b67e2c7a95cc86e4ee26778e5d9c77c6c');
        */
         
        // start session
        session_start();
         
        // set session variable that identifies valid user to 0 until user submits
        // valid username and passwordusername
        $_SESSION['valid_user'] = 0;
         
        // a variable that will hold error message if needed
        $msg = '';
         
        // check wheter user has submitted a username and/or password
        if(isset($_POST['username']) or isset($_POST['password'])) {
         
        // if both username and password are submitted and not empty
        if(isset($_POST['username']) and !empty($_POST['username']) and
        isset($_POST['password']) and !empty($_POST['password'])) {
         
        // asign posted values to variables and trim possible spacess before and
        // after the strings
        $username = trim($_POST['username']);
        $password = trim($_POST['password']);
         
        // passwords stored in the users database are hashed with sha1 therefore
        // submited password has also be hashed so values can be compared
        $hpassword = sha1($password);
         
        // prepare database connection
        $conn = mysqli_connect('localhost', 'testdbuser', 'verysecretdbpassword', 'mydatabase')
        or die ('ERROR: Can not connect to the database!');
         
        // prepare query to select a user with submitted username and hashed
        // submitted password (to check for the match)
        $query = "SELECT username, hpassword FROM users ";
        $query .= "WHERE username='$username' AND hpassword='$hpassword'";
         
        // get the result of the query
        $res = mysqli_query($conn, $query);
         
        // if mysqli_query was successful and if one row was returned from query
        // we have a match, the username and password are OK
        // (if no rows returned username and password did not match, if more than
        // 1 row returned we have entered one user more times which is incorrect
        if($res and mysqli_num_rows($res) == 1) {
         
        // set session variable that identifies valid user to 1
        $_SESSION['valid_user'] = 1;
         
        // redirect user to login_success.php page
        header("location:login_success.php");
         
        //just in case anything goes wrong from here end the script
        die();
        }
         
        // if no rows are returned username and password did not match
        // (or if more than 1 row returned we have entered one user many times
        // which is incorrect)
        else {
         
        // again set session variable that identifies valid user to 0
        $_SESSION['valid_user'] = 0;
         
        // prepare error message
        $msg = 'Please enter correct username and password!';
        }
        }
         
        // if only username or only password was submitted
        else {
         
        // again set session variable that identifies valid user to 0
        $_SESSION['valid_user'] = 0;
         
        // prepare error message
        $msg = 'Please enter correct username and password!';
        }
        }
        ?>
        <!DOCTYPE html
        PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3c.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
        <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
         
        <head>
        <title>Login</title>
        </head>
         
        <body>
         
        <!-- Form will be submitted to itself -->
        <form action="#" method="post">
         
        <p>Please login</p>
         
        <div class="login"><input name="username" type="text" id="username" /></div>
         
        <div class="login"><input name="password" type="password" id="password" /></div>
         
        <div class="login"><input type="submit" name="submit" value="Login"></div>
         
        <!-- Possible error messages will be displayed here -->
        <div class="error-message"><p><?php echo $msg ?></p></div>
         
        </form>
         
        </body>
         
        </html>

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 1
    Last Post: 01-17-2013, 01:36 AM
  2. checkbox and mysql in php 2011
    By Vuhelper in forum Php & Mysql
    Replies: 0
    Last Post: 09-18-2011, 07:16 PM
  3. what is Reduced on this page: MySQL 25.00%
    By Xpert in forum Java forum
    Replies: 0
    Last Post: 06-26-2011, 05:34 PM
  4. Java comparison with PHP and MySql 2011
    By Xpert in forum Java forum
    Replies: 0
    Last Post: 05-11-2011, 04:58 PM
  5. SSC 2011 Exam Date Sheets Page for BISE Bannu Board
    By Xpert in forum rawalpindi board 10th class
    Replies: 0
    Last Post: 03-02-2011, 05:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
-: Vuhelp Disclaimer :-
None of the files shown here are hosted or transmitted by this server. The links are provided solely by this site's users. The administrator's or staff of Vuhelp.net cannot be held responsible for what its users post, or any other actions of its users. You may not use this site to distribute or download any material when you do not have the legal rights to do so. It is your own responsibility to adhere to these terms. If you have any doubts about legality of content or you have any suspicions, feel free to contact us.
Online Education | JhelumSoft