How To Create Make A Secure Php Login Script With Database Password Verification Mysql

This Page Contains information about How To Create Make A Secure Php Login Script With Database Password Verification Mysql By wallpaperama in category PHP with 22 Replies. [1030], Last Updated: Tue Feb 07, 2023

wallpaperama

Sat May 26, 2007

22 Comments

26606 Visits

ok, if you have a website, sometimes its helpful to have a login script for you members.

if you have a php website, the folks at Webune.com Hosting have provided us with this script you can use on your pages.

step 1. create your mysql table:

CODE:

CREATE TABLE `members` (
`user_id` int(4) NOT NULL auto_increment,
`username` varchar(65) NOT NULL default '',
`password` varchar(65) NOT NULL default '',
PRIMARY KEY (`user_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

--
-- Dumping data for table `members`
--

INSERT INTO `members` VALUES (2, 'admin', MD5('password');

make sure to change these two lines according to your database. you need to provide:
hostname
database user name
database user name password
database name

so make sure to edit these lines:
$db = mysql_connect("localhost", "user", "password");
mysql_select_db("thiscript",$db);

or else, the script will now work because it cannot connect to your database to validate that the user and password provided in the form is good or not and your script will fail and give you error.

CODE:

<?
# PLEASE DO NOT REMOVE THIS
# THIS SCRIPT WAS CREATED BY WEBUNE.COM
# FIND PHP HOSTING AT WWW.WEBUNE.COM
# FREE WALLPAPERS AND SCRIPTS AT WWW.WALLPAPERAMA.COM
session_start();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Simple Login Script Crated By Wallpapera and Webune Hosting</title>
</head>
<body>

<h1><img src="http://www.webune.com/images/logo4.jpg">~ Webune Login Script ~</h1><hr>
<?
function form($error)
{
?>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">

<tr>
<form name="form1" method="post" action="">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">

<tr align="center">
<td colspan="3"><? if($error){ echo $error; } else { echo '<strong>Member Login </strong>'; } ?></td>
</tr>
<tr>
<td width="78">Username</td>

<td width="6">:</td>
<td width="294"><input name="username" type="text" id="username"></td>

</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="password" type="password" id="password"></td>

</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>

</tr>
</table>
</td>
</form>
</tr>
</table>
<?
}
function login_check($username,$password)
{

$db = mysql_connect("localhost", "user", "password") or die('Script Could not connect to database');
mysql_select_db("script",$db);

# THE WILL HELP YOU WITH SQL INJECTION
$password = mysql_real_escape_string(md5($password));
$password = mysql_real_escape_string($username);

$sql = "SELECT username,password FROM members where username = '".$username."'";

$result = mysql_query($sql ,$db);
if ($myrow = mysql_fetch_array($result))
{
if($username == $myrow['username'] && $password == $myrow['password'])
{
$login_check = true;
}

else
{
$login_check = false;
}
}
else
{
$login_check = false;
}

return $login_check;
}
if(isset($_REQUEST['Submit']))
{
if(!$_POST['username'] || !$_POST['password'])
{
$error = 'Error: All fields are required';
echo form($error);
}

else
{
if (login_check($_POST['username'],$_POST['password']))
{
echo 'Congratulations! You are now logged in<br><a href="./">Continue</a>';

session_register("username");
session_register("password");
}
else
{
$error = "Invalid username or password, try again";

echo form($error);
}
}
}
else
{
if($_GET['logout'])
{
session_destroy();
$error = "Logged Out Success - Try Again"; echo form($error); } else { if ($_SESSION['username']) { if (login_check($_SESSION['username'],$_SESSION['password'])) { echo '<a href="?logout=yes">Log out</a>Wallpaperama is a collection of high quality, high resolution wallpapers for free. Download Free Wallpapers for free at Wallpaperama.com'; } else { $error = "Please Login"; echo form($error); } } else { $error = "Welcome, Please Login"; echo form($error); } } } ?><div align="center">
<p> </p>
<p>PHP Hosting By <a href="http://www.webune.com">Webune.com</a></p>
</div> </body>

</html>

you can copy and paste the code above in notepad if you like then save as login.php and upload to your php website.

IMPORTANT: This short tutorial is intended to teach you a little about how you can insert data into mysql using a username example. you shoule not implement this on a production/public website, there are other security issues you need to be concern of, like something called sql injection. also you must have php on your site: if you don't have PHP, you can buy a PHP plan at our friends at Webune.com

after you have uploaded login.php to your site, open it with your browser and you can login with the default username and password:

username: admin
password: password

hope this helps.

Thanks Webune.com for their support on this.

Christa

Mon May 02, 2011

Very good But you need to set it out more right and more examples.

Nick

Sun Jan 22, 2012

Nice post. Here’s a product that lets you build your online database fast - without coding cas

Anna

Thu May 12, 2011

the endding script is missing on function.php

sanjeev

Wed Apr 20, 2011

good......... but very hard. give without use of session

vikram

Thu Apr 07, 2011

thanks.....but i need more examples....

https://www.wallpaperama.com/forums/how-to-create-make-a-secure-php-login-script-with-database-password-verification-mysql-t1409.html

How To Find Image Dimensions Size Of Uploaded File With Php Imagemagick

How To Create Make A Secure Php Login Script With Database Password Verification Mysql

Related Pages