hi,
does anyone know a secure way to login to another page with username and password. i found numerous on google but i don't know which one is good. if anyone has any good source codes please help.

What do you mean another page?

It would help if you learned some PHP yourself so you could tell which ones are "good" or not. Most of them use a basic structure of storing login info in session variables, but more advanced ones will use database features to log user activity and/or provide protection against session fixation, etc.

yes, i am picking up php little by little. i used php mainly for sending form data to mySQL. now i am trying to learn the login. for now, simply i have my username and password inserted to mySQL, and if the username and password i enter from my web page is correct then it load the (head: url) , otherwise echo "wrong username password" .. i tried a couple example i found on9 and they there was bugs. If anyone had found or been using some good login code, it would be nice if you can throw the url in here. thanks = )

hi..... dont worry ..... i give some codings with form. if you worked with that codings you got some idea....

<?
//include "include/session.php";

$dbservertype='mysql';
$servername='';

$dbusername='';
$dbpassword='';

$dbname='';

$link=mysql_connect ("$servername","$dbusername","");
if(!$link){die("Could not connect to MySQL");}
mysql_select_db("$dbname",$link) or die ("could not open db".mysql_error());

$userid=$_REQUEST['username'];

$password=$_REQUEST['password'];

if($rec=mysql_fetch_array(mysql_query("SELECT * FROM table WHERE username='$userid' AND password = '$password'"))){

if(($rec['username']==$userid)&&($rec['password']==$password)){

     include "include/newsession.php";
             print "<script>";
    print " self.location='any file name.php';"; 
             print "</script>";
}
}   

?>
<form name="form1" method="post" action="your file name.php">
  <label>username
  <input type="text" name="username">
  </label>
  <p>
    <label>password
    <input type="text" name="password">
    </label>
  </p>
  <p>
    <label>
    <input type="submit" name=submit" value="submit">
    </label>
  </p>
</form>

Edited 3 Years Ago by mike_2000_17: Fixed formatting

This is a very minimal login script, but it should work.
This:

if(($rec['username']==$userid)&&($rec['password']==$password)){

is a strange way of checking a result; if there is a result, of course username is going to be equal to $userid.
Better done by (in my opinion):

if($rec && mysql_num_rows($rec) == 1){

Set session variables on login, and then on "members only" pages, check to see if the variable exists. If not, deny access.

In short:

<?php

if(empty($_SESSION['username'])) {
	echo "Please login.";
	}
	else {
		echo "You are logged in as: " . $_SESSION['username'];
		//members only content...
		//members only content...
	}
?>

wrote this really quick for yah hope this helps. hope i didnt make any errors

<?php
session_start();
function make_safe($string){
return mysql_real_escape_string(trim($string));
}

//check to see if they pressed the button
if(isset($_POST['submit'])){

//get input data
$username = make_safe($_POST['username']);
$password = make_safe($_POST['password']);

//check to see if the fields are filled in
if(!empty($username) && !empty($password)){

//look for a match in the database 
$search = mysql_query("SELECT * FROM table_name WHERE 
username='$username' AND password = '$password'");

//the number of matches is = $found
$found = mysql_num_rows($search);

//comparing the matches and taking the correct action
if($found > 1){

echo "we have more than one member with that name";

}elseif($found == 1){

//$result is only one so it logs the person in with those credentials

$row = mysql_fetch_array($search);

$_SESSION['user'] = $row['user'];

echo "Logged in";

}elseif($found < 1){

echo "Nobody with these credentials exists";

}else{

echo "please fill in the blanks";

}

}

?>

This is a very minimal login script, but it should work.
This:

if(($rec['username']==$userid)&&($rec['password']==$password)){

is a strange way of checking a result; if there is a result, of course username is going to be equal to $userid.
Better done by (in my opinion):

if($rec && mysql_num_rows($rec) == 1){

For small and CAPITAL letters in PassWord we need to check Password. No need to check username though. username is not case sensitive, but Password is. Thanks.

This article has been dead for over six months. Start a new discussion instead.