Ad:

PHP Code Snippet
Views: 5455

PHP Login Script

by DealthRune on Aug 22nd, 2009

Here is a simple login script

<?php
$con = mysql_connect('localhost', 'root', '');
$db_select = mysql_select_db('db_name', $con);
if(!db_select){
die("Error: No DataBase Selected.\n");
}
if(!$con){
die("Error: ".mysql_error()."\n");
}
?>
<form action='./login.php' method='POST'>
<table border='0' align='center'>
<tr><td>Username </td><td><input type='text' name='user'></td></tr>
<tr><td>Password </td><td><input type='password' name='pass'></td></tr>
<tr><td colspan='2' align='right'><input type='submit' name='login' value='Login'></td></tr>
</table>
</form>
<?php
$u = $_POST['user'];
$p = $_POST['pass'];
$log = $_POST['login'];
if($log){
$sql = mysql_query("SELECT count(id) FROM `users` WHERE `username` = '$u' AND `password` = '$p'");
$result = mysql_result(sql, 0);
if($result!=1){
die("Invalid Login Information\n");
}else{
echo "Welcome ".$u."! You are now logged in.\n";
}
}
?>

Comments on this Code Snippet

Permalink

Sep 22nd, 2009

Re: PHP Login Script

great!! what an effort wonderful!!

vijaysankarbhat

Newbie Poster

Offline

1 posts
since Sep 2009

Permalink

Sep 23rd, 2009

Re: PHP Login Script

SQL injection holes. Not secure at all. I wouldn't use it.

kkeith29

Nearly a Posting Virtuoso

Offline

1,315 posts
since Jun 2007

Permalink

Sep 29th, 2009

-1

Re: PHP Login Script

it's not useful. SQL injection.!

phong1040572

Newbie Poster

Offline

1 posts
since Jun 2009

Permalink

Sep 30th, 2009

Re: PHP Login Script

Hey! this script i'm sure is meant for beginners. If you know about SQL injection then I guess you are not a beginner and you can even do this community a favour by posting another version of the script with SQL injection holes well taken care of.
Happy times!

sureronald

Junior Poster

Offline

139 posts
since May 2008

Permalink

Sep 30th, 2009

Re: PHP Login Script

nice ? but how we can add secret pages for different users

ayesha789

Posting Pro in Training

Offline

485 posts
since Jun 2009

Permalink

Sep 30th, 2009

Re: PHP Login Script

mysql_real_escape_string(); will prevent injections.

e.g.

php Syntax (Toggle Plain Text)
<?php
$string = 'user input';
$safer = mysql_real_escape_string($string);
// the variable $safer is less likely to cause you any problems from your users input.
?>
<?php
$string = 'user input';
$safer = mysql_real_escape_string($string);
// the variable $safer is less likely to cause you any problems from your users input.
?>

it is always best practice to hash your passwords as well {sha1($string) }. when you create the user, hash the password into the data base. when you check against it hash the password and that will give you the same result but with safer password storage.

Last edited by leviathan185; Sep 30th, 2009 at 8:35 am. Reason: forgot something

leviathan185

Junior Poster

Offline

105 posts
since May 2009

Permalink

Sep 30th, 2009

Re: PHP Login Script

If you are wanting a better login script look here:

http://www.daniweb.com/forums/post95...tml#post951182

kkeith29

Nearly a Posting Virtuoso

Offline

1,315 posts
since Jun 2007

Permalink

Oct 1st, 2009

Re: PHP Login Script

This script not only suffers from security holes but also has a but in recording incorrect data. If magic quotes are enabled then every recording of a slash be recorded. This means if you record the username te"s't then when you retrieve it from the database it will display te\"s\'t. To solve that you will need to use the stripslashes() function if magic quotes are enabled. Also note that the mysql_real_escape_string() function not only fixes security holes but also validates the string from potential bugs/errors. So the following is how to convert a variable ready for mysql.

php Syntax (Toggle Plain Text)
<?php
$data = mysql_real_escape_string(stripslashes($_POST['data']));
?>
<?php
$data = mysql_real_escape_string(stripslashes($_POST['data']));
?>