php login with username and password

Question

k2k 5 Posting Whiz

15 Years Ago

hi,
does anyone know a secure way to login to another page with username and password. i found numerous on google but i don't know which one is good. if anyone has any good source codes please help.

php

7 Contributors
8 Replies
545 Views
4 Months Discussion Span
Latest Post 15 Years Ago Latest Post by MehdiAnis

diafol

15 Years Ago

hi,
does anyone know a secure way to login to another page with username and password. i found numerous on google but i don't know which one is good. if anyone has any good source codes please help.

What do you mean another page?

death_oclock 103 Posting Whiz

15 Years Ago

It would help if you learned some PHP yourself so you could tell which ones are "good" or not. Most of them use a basic structure of storing login info in session variables, but more advanced ones will use database features to log user activity and/or provide protection against session fixation, etc.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

k2k 5 Posting Whiz · Answer 1 · 2009-02-05T21:07:41+00:00

yes, i am picking up php little by little. i used php mainly for sending form data to mySQL. now i am trying to learn the login. for now, simply i have my username and password inserted to mySQL, and if the username and password i enter from my web page is correct then it load the (head: url) , otherwise echo "wrong username password" .. i tried a couple example i found on9 and they there was bugs. If anyone had found or been using some good login code, it would be nice if you can throw the url in here. thanks = )

madanbe 0 Newbie Poster · Answer 2 · 2009-02-06T20:13:27+00:00

hi..... dont worry ..... i give some codings with form. if you worked with that codings you got some idea....

<?
//include "include/session.php";

$dbservertype='mysql';
$servername='';

$dbusername='';
$dbpassword='';

$dbname='';

$link=mysql_connect ("$servername","$dbusername","");
if(!$link){die("Could not connect to MySQL");}
mysql_select_db("$dbname",$link) or die ("could not open db".mysql_error());

$userid=$_REQUEST['username'];

$password=$_REQUEST['password'];

if($rec=mysql_fetch_array(mysql_query("SELECT * FROM table WHERE username='$userid' AND password = '$password'"))){

if(($rec['username']==$userid)&&($rec['password']==$password)){

     include "include/newsession.php";
             print "<script>";
    print " self.location='any file name.php';"; 
             print "</script>";
}
}   

?>
<form name="form1" method="post" action="your file name.php">
  <label>username
  <input type="text" name="username">
  </label>
  <p>
    <label>password
    <input type="text" name="password">
    </label>
  </p>
  <p>
    <label>
    <input type="submit" name=submit" value="submit">
    </label>
  </p>
</form>

death_oclock 103 Posting Whiz · Answer 3 · 2009-02-07T02:15:28+00:00

This is a very minimal login script, but it should work.
This:

if(($rec['username']==$userid)&&($rec['password']==$password)){

is a strange way of checking a result; if there is a result, of course username is going to be equal to $userid.
Better done by (in my opinion):

if($rec && mysql_num_rows($rec) == 1){

Andrieux 0 Junior Poster in Training · Answer 4 · 2009-02-09T02:23:29+00:00

Set session variables on login, and then on "members only" pages, check to see if the variable exists. If not, deny access.

In short:

<?php

if(empty($_SESSION['username'])) {
	echo "Please login.";
	}
	else {
		echo "You are logged in as: " . $_SESSION['username'];
		//members only content...
		//members only content...
	}
?>

sacarias40 1 Junior Poster · Answer 5 · 2009-02-11T01:23:27+00:00

wrote this really quick for yah hope this helps. hope i didnt make any errors

<?php
session_start();
function make_safe($string){
return mysql_real_escape_string(trim($string));
}

//check to see if they pressed the button
if(isset($_POST['submit'])){

//get input data
$username = make_safe($_POST['username']);
$password = make_safe($_POST['password']);

//check to see if the fields are filled in
if(!empty($username) && !empty($password)){

//look for a match in the database 
$search = mysql_query("SELECT * FROM table_name WHERE 
username='$username' AND password = '$password'");

//the number of matches is = $found
$found = mysql_num_rows($search);

//comparing the matches and taking the correct action
if($found > 1){

echo "we have more than one member with that name";

}elseif($found == 1){

//$result is only one so it logs the person in with those credentials

$row = mysql_fetch_array($search);

$_SESSION['user'] = $row['user'];

echo "Logged in";

}elseif($found < 1){

echo "Nobody with these credentials exists";

}else{

echo "please fill in the blanks";

}

}

?>

MehdiAnis 0 Newbie Poster · Answer 6 · 2009-06-18T03:07:35+00:00

This is a very minimal login script, but it should work.
This:
if(($rec['username']==$userid)&&($rec['password']==$password)){
is a strange way of checking a result; if there is a result, of course username is going to be equal to $userid.
Better done by (in my opinion):
if($rec && mysql_num_rows($rec) == 1){

For small and CAPITAL letters in PassWord we need to check Password. No need to check username though. username is not case sensitive, but Password is. Thanks.