954,561 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?

PHP Login Script

0
By DealthRune on Aug 22nd, 2009 10:07 pm

Here is a simple login script

<?php
$con = mysql_connect('localhost', 'root', '');
$db_select = mysql_select_db('db_name', $con);
if(!db_select){
die("Error: No DataBase Selected.\n");
}
if(!$con){
die("Error: ".mysql_error()."\n");
}
?>
<form action='./login.php' method='POST'>
<table border='0' align='center'>
<tr><td>Username </td><td><input type='text' name='user'></td></tr>
<tr><td>Password </td><td><input type='password' name='pass'></td></tr>
<tr><td colspan='2' align='right'><input type='submit' name='login' value='Login'></td></tr>
</table>
</form>
<?php
$u = $_POST['user'];
$p = $_POST['pass'];
$log = $_POST['login'];
if($log){
$sql = mysql_query("SELECT count(id) FROM `users` WHERE `username` = '$u' AND `password` = '$p'");
$result = mysql_result(sql, 0);
if($result!=1){
die("Invalid Login Information\n");
}else{
echo "Welcome ".$u."! You are now logged in.\n";
}
}
?>
2 Years Ago
0

great!! what an effort wonderful!!

vijaysankarbhat
Newbie Poster
1 post since Sep 2009
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0

SQL injection holes. Not secure at all. I wouldn't use it.

kkeith29
Nearly a Posting Virtuoso
1,357 posts since Jun 2007
Reputation Points: 235
Solved Threads: 194
 
2 Years Ago
Show Comments
-1

it's not useful. SQL injection.!

phong1040572
Newbie Poster
1 post since Jun 2009
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0

Hey! this script i'm sure is meant for beginners. If you know about SQL injection then I guess you are not a beginner and you can even do this community a favour by posting another version of the script with SQL injection holes well taken care of.
Happy times!

sureronald
Junior Poster
139 posts since May 2008
Reputation Points: 11
Solved Threads: 19
 
2 Years Ago
0

nice ? but how we can add secret pages for different users

ayesha789
Posting Pro in Training
496 posts since Jun 2009
Reputation Points: 17
Solved Threads: 7
 
2 Years Ago
0

mysql_real_escape_string(); will prevent injections.

e.g.

<?php
$string = 'user input';
$safer = mysql_real_escape_string($string);
// the variable $safer is less likely to cause you any problems from your users input.
?>


it is always best practice to hash your passwords as well {sha1($string) }. when you create the user, hash the password into the data base. when you check against it hash the password and that will give you the same result but with safer password storage.

leviathan185
Junior Poster
105 posts since May 2009
Reputation Points: 19
Solved Threads: 15
 
2 Years Ago
Show Comments
1

If you are wanting a better login script look here:

http://www.daniweb.com/forums/post951182.html#post951182

kkeith29
Nearly a Posting Virtuoso
1,357 posts since Jun 2007
Reputation Points: 235
Solved Threads: 194
 
2 Years Ago
0

This script not only suffers from security holes but also has a but in recording incorrect data. If magic quotes are enabled then every recording of a slash be recorded. This means if you record the username te"s't then when you retrieve it from the database it will display te\"s\'t. To solve that you will need to use the stripslashes() function if magic quotes are enabled. Also note that the mysql_real_escape_string() function not only fixes security holes but also validates the string from potential bugs/errors. So the following is how to convert a variable ready for mysql.

<?php
$data = mysql_real_escape_string(stripslashes($_POST['data']));
?>
cwarn23
Occupation: Genius
Team Colleague
3,033 posts since Sep 2007
Reputation Points: 413
Solved Threads: 259
 
2 Years Ago
Show Comments
-2

please help me about php

jalaladdin
Newbie Poster
2 posts since Oct 2009
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
0

multiple login issue with the same username and password

j_limboo
Junior Poster in Training
70 posts since Sep 2009
Reputation Points: 10
Solved Threads: 0
 
2 Years Ago
Show Comments
-1

hello am from ghana trying to learn some codes all by myself to meet me needs can some one out there give a helping hand

eltin_gee
Newbie Poster
2 posts since Oct 2009
Reputation Points: 10
Solved Threads: 0
 
1 Year Ago
0

great....its a nice login script,but not completely secure.

rajpathak2000
Newbie Poster
1 post since Jun 2010
Reputation Points: 10
Solved Threads: 0
 
1 Year Ago
0

nice script
thanks to share us but this script not more secure

manzarr
Light Poster
39 posts since Jul 2010
Reputation Points: 11
Solved Threads: 1
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed