Member Avatar for veledrom

Hi,

I'll create a Login.php page to check uid and password and let user login to the system. Now, do i check uid and password in same Login.php or i post uid and password to next page to be checked there?

What is the best way?

Thanks

  • 4 Contributors
  • 4 Replies
  • 115 Views
  • 23 Hours Discussion Span
  • Latest Post Latest Post by veledrom

Recommended Answers

All 4 Replies

Member Avatar for kbfirebreather

What I like to do is have a "router" page, which deals with logging in, changing the website, etc.

So for the login it would have...

<form action="r.php?c=1" method="POST">

then in r.php, I have a switch before any html output for $_GET;
Also, in each case, I have a $responseMessage, and a $header variable which store the response message on what they're trying to do and the url I'm going to forward them to respectively.

then case 1, deals with logging in. If the user is verified, then the reponse message will say you have successfully logged in, and the header will direct them to the proper place.

Otherwise, they're informed they weren't successfully logged in and taken back to login page.

then down in the html code I have....

<html>
<head>
<meta http-quiv="refresh" content="3"; url="<?php echo $header;?>"/>
</head>
<body>
<table height="50%" align="center">
<tr>
<td valign="bottom">
<?php echo $reponseMessage;?>
<br/><br/> Please wait while we transfer you...<br/><br/>
</a href="<?php echo $header;?>">(Or click here if you wish not wo wait)</a>
</td>
</tr>
</table>
</body>
</html>

Hope this helps, lmk if you have any questions.

Member Avatar for saikishore 
<?php
// we must never forget to start the session
session_start(); 
   $dbhost = 'localhost';
   $dbuser = 'root';
   $dbpass = '';
   $dbname = 'urdbname';
   $errorMessage = '';

   if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) 
   {
   
   $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die('Error connecting to mysql');
   mysql_select_db($dbname);

   $userId = $_POST['txtUserId'];
   $password = $_POST['txtPassword'];

   // check if the user id and password combination exist in database
   $sql = "SELECT user_id 
           FROM tbl_auth_user
           WHERE user_id = '$userId' 
                 AND user_password = '$password'";

   $result = mysql_query($sql) 
             or die('Query failed. ' . mysql_error()); 

   if (mysql_num_rows($result) == 1) 
   {
      // the user id and password match, 
      // set the session
      $_SESSION['db_is_logged_in'] = true;

      // after login we move to the main page
      header('Location: main.php');
      exit;
   }
    else
	 {
      $errorMessage = 'Sorry, wrong user id / password';
     }

   mysql_close($conn);
   }
?>

<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head> 
<body>
<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?> 
<form method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input type="image"  name="btnLogin"  value="Login"></td>
</tr>
</table>
</form>
</body>
</html>

Hope this helps, ..
pages based on your requirement...
this code is total in same page.....

Member Avatar for nav33n 
<?php
// we must never forget to start the session
session_start(); 
   $dbhost = 'localhost';
   $dbuser = 'root';
   $dbpass = '';
   $dbname = 'urdbname';
   $errorMessage = '';

   if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) 
   {
   
   $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die('Error connecting to mysql');
   mysql_select_db($dbname);

   $userId = $_POST['txtUserId'];
   $password = $_POST['txtPassword'];

   // check if the user id and password combination exist in database
   $sql = "SELECT user_id 
           FROM tbl_auth_user
           WHERE user_id = '$userId' 
                 AND user_password = '$password'";

   $result = mysql_query($sql) 
             or die('Query failed. ' . mysql_error()); 

   if (mysql_num_rows($result) == 1) 
   {
      // the user id and password match, 
      // set the session
      $_SESSION['db_is_logged_in'] = true;

      // after login we move to the main page
      header('Location: main.php');
      exit;
   }
    else
	 {
      $errorMessage = 'Sorry, wrong user id / password';
     }

   mysql_close($conn);
   }
?>

<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head> 
<body>
<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?> 
<form method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input type="image"  name="btnLogin"  value="Login"></td>
</tr>
</table>
</form>
</body>
</html>

Hope this helps, ..
pages based on your requirement...
this code is total in same page.....

One thing I will do on top of this is, sanitize user's input to prevent sql injections. Always use mysql_real_escape_string or addslashes and stripslashes .

Member Avatar for veledrom

saikishore, it is good idea. I use your logic then.
Thanks to you all for interest.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.