Here is a simple login script
PHP Login Script
<?php
$con = mysql_connect('localhost', 'root', '');
$db_select = mysql_select_db('db_name', $con);
if(!db_select){
die("Error: No DataBase Selected.\n");
}
if(!$con){
die("Error: ".mysql_error()."\n");
}
?>
<form action='./login.php' method='POST'>
<table border='0' align='center'>
<tr><td>Username </td><td><input type='text' name='user'></td></tr>
<tr><td>Password </td><td><input type='password' name='pass'></td></tr>
<tr><td colspan='2' align='right'><input type='submit' name='login' value='Login'></td></tr>
</table>
</form>
<?php
$u = $_POST['user'];
$p = $_POST['pass'];
$log = $_POST['login'];
if($log){
$sql = mysql_query("SELECT count(id) FROM `users` WHERE `username` = '$u' AND `password` = '$p'");
$result = mysql_result(sql, 0);
if($result!=1){
die("Invalid Login Information\n");
}else{
echo "Welcome ".$u."! You are now logged in.\n";
}
}
?>
vijaysankarbhat
0
Newbie Poster
great!! what an effort wonderful!!
somedude3488
228
Nearly a Posting Virtuoso
SQL injection holes. Not secure at all. I wouldn't use it.
phong1040572
0
Newbie Poster
it's not useful. SQL injection.!
sureronald
0
Junior Poster
Hey! this script i'm sure is meant for beginners. If you know about SQL injection then I guess you are not a beginner and you can even do this community a favour by posting another version of the script with SQL injection holes well taken care of.
Happy times!
ayesha789
7
Posting Pro in Training
nice ? but how we can add secret pages for different users
leviathan185
14
Junior Poster
mysql_real_escape_string(); will prevent injections.
e.g.
<?php
$string = 'user input';
$safer = mysql_real_escape_string($string);
// the variable $safer is less likely to cause you any problems from your users input.
?>it is always best practice to hash your passwords as well {sha1($string) }. when you create the user, hash the password into the data base. when you check against it hash the password and that will give you the same result but with safer password storage.
somedude3488
228
Nearly a Posting Virtuoso
If you are wanting a better login script look here:
cwarn23
387
Occupation: Genius
Team Colleague
Featured Poster
This script not only suffers from security holes but also has a but in recording incorrect data. If magic quotes are enabled then every recording of a slash be recorded. This means if you record the username te"s't then when you retrieve it from the database it will display te\"s\'t. To solve that you will need to use the stripslashes() function if magic quotes are enabled. Also note that the mysql_real_escape_string() function not only fixes security holes but also validates the string from potential bugs/errors. So the following is how to convert a variable ready for mysql.
<?php
$data = mysql_real_escape_string(stripslashes($_POST['data']));
?>
jalaladdin
0
Newbie Poster
please help me about php
j_limboo
0
Junior Poster in Training
multiple login issue with the same username and password
eltin_gee
0
Newbie Poster
hello am from ghana trying to learn some codes all by myself to meet me needs can some one out there give a helping hand
rajpathak2000
0
Newbie Poster
great....its a nice login script,but not completely secure.
manzarr
1
Light Poster
nice script
thanks to share us but this script not more secure
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.