hi,
does anyone know a secure way to login to another page with username and password. i found numerous on google but i don't know which one is good. if anyone has any good source codes please help.
k2k 5 Posting Whiz
Recommended Answers
Jump to PostIt would help if you learned some PHP yourself so you could tell which ones are "good" or not. Most of them use a basic structure of storing login info in session variables, but more advanced ones will use database features to log user activity and/or provide protection against session …
Jump to PostThis is a very minimal login script, but it should work.
This:if(($rec['username']==$userid)&&($rec['password']==$password)){is a strange way of checking a result; if there is a result, of course username is going to be equal to $userid.
Better done by (in my opinion):if($rec && …
All 8 Replies
diafol
hi,
does anyone know a secure way to login to another page with username and password. i found numerous on google but i don't know which one is good. if anyone has any good source codes please help.
What do you mean another page?
death_oclock 103 Posting Whiz
It would help if you learned some PHP yourself so you could tell which ones are "good" or not. Most of them use a basic structure of storing login info in session variables, but more advanced ones will use database features to log user activity and/or provide protection against session fixation, etc.
k2k 5 Posting Whiz
yes, i am picking up php little by little. i used php mainly for sending form data to mySQL. now i am trying to learn the login. for now, simply i have my username and password inserted to mySQL, and if the username and password i enter from my web page is correct then it load the (head: url) , otherwise echo "wrong username password" .. i tried a couple example i found on9 and they there was bugs. If anyone had found or been using some good login code, it would be nice if you can throw the url in here. thanks = )
madanbe 0 Newbie Poster
hi..... dont worry ..... i give some codings with form. if you worked with that codings you got some idea....
<?
//include "include/session.php";
$dbservertype='mysql';
$servername='';
$dbusername='';
$dbpassword='';
$dbname='';
$link=mysql_connect ("$servername","$dbusername","");
if(!$link){die("Could not connect to MySQL");}
mysql_select_db("$dbname",$link) or die ("could not open db".mysql_error());
$userid=$_REQUEST['username'];
$password=$_REQUEST['password'];
if($rec=mysql_fetch_array(mysql_query("SELECT * FROM table WHERE username='$userid' AND password = '$password'"))){
if(($rec['username']==$userid)&&($rec['password']==$password)){
include "include/newsession.php";
print "<script>";
print " self.location='any file name.php';";
print "</script>";
}
}
?>
<form name="form1" method="post" action="your file name.php">
<label>username
<input type="text" name="username">
</label>
<p>
<label>password
<input type="text" name="password">
</label>
</p>
<p>
<label>
<input type="submit" name=submit" value="submit">
</label>
</p>
</form>
death_oclock 103 Posting Whiz
This is a very minimal login script, but it should work.
This:
if(($rec['username']==$userid)&&($rec['password']==$password)){is a strange way of checking a result; if there is a result, of course username is going to be equal to $userid.
Better done by (in my opinion):
if($rec && mysql_num_rows($rec) == 1){ Andrieux 0 Junior Poster in Training
Set session variables on login, and then on "members only" pages, check to see if the variable exists. If not, deny access.
In short:
<?php
if(empty($_SESSION['username'])) {
echo "Please login.";
}
else {
echo "You are logged in as: " . $_SESSION['username'];
//members only content...
//members only content...
}
?>
sacarias40 1 Junior Poster
wrote this really quick for yah hope this helps. hope i didnt make any errors
<?php
session_start();
function make_safe($string){
return mysql_real_escape_string(trim($string));
}
//check to see if they pressed the button
if(isset($_POST['submit'])){
//get input data
$username = make_safe($_POST['username']);
$password = make_safe($_POST['password']);
//check to see if the fields are filled in
if(!empty($username) && !empty($password)){
//look for a match in the database
$search = mysql_query("SELECT * FROM table_name WHERE
username='$username' AND password = '$password'");
//the number of matches is = $found
$found = mysql_num_rows($search);
//comparing the matches and taking the correct action
if($found > 1){
echo "we have more than one member with that name";
}elseif($found == 1){
//$result is only one so it logs the person in with those credentials
$row = mysql_fetch_array($search);
$_SESSION['user'] = $row['user'];
echo "Logged in";
}elseif($found < 1){
echo "Nobody with these credentials exists";
}else{
echo "please fill in the blanks";
}
}
?> MehdiAnis 0 Newbie Poster
This is a very minimal login script, but it should work.
This:if(($rec['username']==$userid)&&($rec['password']==$password)){is a strange way of checking a result; if there is a result, of course username is going to be equal to $userid.
Better done by (in my opinion):if($rec && mysql_num_rows($rec) == 1){
For small and CAPITAL letters in PassWord we need to check Password. No need to check username though. username is not case sensitive, but Password is. Thanks.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.