PHP Login and Creating Usernames

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
AmieCuteFeetandToes
Forum Newbie
Posts: 7
Joined: Tue Jan 26, 2010 6:07 pm
Location: Los Angeles, CA

PHP Login and Creating Usernames

Post by AmieCuteFeetandToes »

Hello everyone! I'm Amie, and I'm a little new to PHP and MySQL. That being said, I am attempting to create a Login form with a username and password field. I pretty much have it down with the structure I think. I set up the MySQL database with GoDaddy. I started to set up everything in Dreamweaver CS4, I connected to the MySQL on my GoDaddy hosting, and started to make my PHP page. Here is my code so far:

Code: Select all

 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Log In</title>
</head>
 
<body>
<form action="index.php?login=yes" method="post">
Username: <input type="text" name="user" /><br />
Password: <input type="text" name="pass" /><br />
<input type="submit" value="Log In" /><p>
</form>
 
<?php
    $user=$_POST['user'];
    $pass=$_POST['past'];
    $login=$_GET['login'];
 
    if($login=='yes'){
        $con=mysql_connect('p80mysql90.secureserver.net','','');
        mysql_select_db('amiedata');
 
        $user=mysql_real_escape_string($user);
        $pass=mysql_real_escape_string($pass);
 
        $get=mysql_query('SELECT count(id) FROM login WHERE user='$user' and pass='$pass');
        $result=mysql=result($get, 0);
 
        mysql_close($con);
 
        if ($result!=1) echo= "Invalid Login!";
        else{
            echo"Login Success!"
            $_SESSION['user']=$user;
        };
    };
?>
 
</body>
</html>
 
Here is my MySQL Database Info:

Connection Name: AmieCutieToes
MySQL Server: p80mysql90.secureserver.net
Username: AmieAmie88
Password: SexyAmieTits88
Database: amiedata


I. Did I properly create a simple login form and put in my MySQL Database Info into the PHP code correctly?

II. How do I go about creating multiple usernames and passwords so that this form can be logged in with more than one username and password. The one I put into the PHP code is the main username and password I created for my database on GoDaddy. I'm thinking you make a table with the multiple usernames and passwords that I want? If so, how do you do that, because I have no clue where to start?

III. Can the PHP login form be customized with some CSS? I want it to eventually look pretty :)

IV. When the user puts in their correct username and password and hits the "Log In" button, I want them to be sent to a page I will create next called "navigation.php". How do I do this instead of having an echo saying "Login Success!" ? On this new page I will have a search feature to search data in tables. I will have to learn and figure out this part next. One question though for now, can I use the same MySQL Database info on the navigation.php and it's search feature?

Thanks a bunch!!
Last edited by Benjamin on Wed Jan 27, 2010 1:38 am, edited 1 time in total.
Reason: Removed DB Credentials
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: PHP Login and Creating Usernames

Post by requinix »

For the love of God, don't post your database connection details on a public forum. Anybody could come in here, find that, and mess around with your database.
Edit your post and remove the credentials. No server name, username, password, or database name. Also edit the code you posted and remove the credentials from the mysql_connect line.
User avatar
AmieCuteFeetandToes
Forum Newbie
Posts: 7
Joined: Tue Jan 26, 2010 6:07 pm
Location: Los Angeles, CA

Re: PHP Login and Creating Usernames

Post by AmieCuteFeetandToes »

I'm not that stupid lol. I am using dummy server, usernames, and passwords :)
The real ones are for my eyes only ;)
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: PHP Login and Creating Usernames

Post by flying_circus »

You do realize that nudey model turned nerd is a bit far fetched and most people are probably thinking "troll", right? Either way, this is so much greater than some of the other new users lately! :drunk:

AmieCuteFeetandToes wrote:I. Did I properly create a simple login form and put in my MySQL Database Info into the PHP code correctly?
You are close, but there is a few syntax errors in your code. Lines 28, 29, 33, and 35 need some work:

Code: Select all

 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Log In</title>
</head>
 
<body>
<form action="index.php?login=yes" method="post">
Username: <input type="text" name="user" /><br />
Password: <input type="text" name="pass" /><br />
<input type="submit" value="Log In" /><p>
</form>
 
<?php
    $user=$_POST['user'];
    $pass=$_POST['past'];
    $login=$_GET['login'];
 
    if($login=='yes'){
        $con=mysql_connect('p80mysql90.secureserver.net','AmieAmie88','SexyAmieTits88');
        mysql_select_db('amiedata');
 
        $user=mysql_real_escape_string($user);
        $pass=mysql_real_escape_string($pass);
 
        $get=mysql_query("SELECT count(id) FROM `login` WHERE `user`='{$user}' and `pass`='{$pass}';");
        $result=mysql_result($get, 0);
 
        mysql_close($con);
 
        if ($result!=1) echo "Invalid Login!";
        else{
            echo "Login Success!";
            $_SESSION['user']=$user;
        };
    };
?>
Also, never store a username or password in a variable. You should use the database as I describe in the next point, and store the user's id, since it is harmless data that compromises nothing if it gets leaked.

AmieCuteFeetandToes wrote:II. How do I go about creating multiple usernames and passwords so that this form can be logged in with more than one username and password. The one I put into the PHP code is the main username and password I created for my database on GoDaddy. I'm thinking you make a table with the multiple usernames and passwords that I want? If so, how do you do that, because I have no clue where to start?
Yes, typically you would have a register type of page, where you users can create an account. Your login table in the mysql database needs to contain a few fields, like user_id, user_name, and user_password at the very least. Then you can run a query to see if the user name exists in the database, then check to see if the password matches.

AmieCuteFeetandToes wrote:III. Can the PHP login form be customized with some CSS? I want it to eventually look pretty :)
Absolutely! It is just regular html after all. CSS rules apply as normal.

AmieCuteFeetandToes wrote: IV. When the user puts in their correct username and password and hits the "Log In" button, I want them to be sent to a page I will create next called "navigation.php". How do I do this instead of having an echo saying "Login Success!" ? On this new page I will have a search feature to search data in tables. I will have to learn and figure out this part next. One question though for now, can I use the same MySQL Database info on the navigation.php and it's search feature?
Rather than echoing success, you can user a header to redirect the user automatically. It looks something like this:

Code: Select all

header("location:http://www.myserver.com/navigation.php");
Yes, you can reuse the same database on every page, that's the idea ;)

AmieCuteFeetandToes wrote:Thanks a bunch!!
No Problem 8)
User avatar
AmieCuteFeetandToes
Forum Newbie
Posts: 7
Joined: Tue Jan 26, 2010 6:07 pm
Location: Los Angeles, CA

Re: PHP Login and Creating Usernames

Post by AmieCuteFeetandToes »

I figured out GoDaddy has a thing called phpMyAdmin. There was a lot of things I was clueless about in there!! So I selected my database and made a table with 3 fields. I then inserted 2 rows and put in the content. There were drop down menus, which I didn't do anything with those. Here is what it's showing now:

Image

My table is called "login" so that's why you see "login" in my PHP code

I also made the id field "unique". Not really sure if I'm supposed to do that. Anything else I need to do for the username and password set up?

How would I go about getting my php code to use these?

I'd love to see some CSS tutorials and all. That one of the next steps after I get this basic log in form to work how I want it.

Thanks!!
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: PHP Login and Creating Usernames

Post by flying_circus »

AmieCuteFeetandToes wrote:I also made the id field "unique". Not really sure if I'm supposed to do that. Anything else I need to do for the username and password set up?

How would I go about getting my php code to use these?
You did it correct. The user id should be unique AND a primary key. The only additional thing, is to be careful when you write your code, so that you do not allow 2 accounts to share the same username. On another note, you should never store a password in plain text in your database. If someone were to get the login credentials for your database, they could see a human readable list of every user and their password (not good). Before storing the password, hash it using something like:

Code: Select all

$password = hash("sha512", "SexyAmieTits88");
Now, when your user tries to log in, hash their supplied password using the same method, then compare it to what is stored in the database. Never use MD5 to hash a password, and you probably shouldn't use sha1 either. Use sha256 at the very least.


AmieCuteFeetandToes wrote: I'd love to see some CSS tutorials and all. That one of the next steps after I get this basic log in form to work how I want it.
I can't help you with a CSS tutorial. About the only think I can suggest is to pick up a book, or research it on something like http://www.w3schools.com/Css/default.asp

CSS and cross-browser compatability is enough to drive you mad. It's more of an art, than a science. :banghead:
User avatar
AmieCuteFeetandToes
Forum Newbie
Posts: 7
Joined: Tue Jan 26, 2010 6:07 pm
Location: Los Angeles, CA

Re: PHP Login and Creating Usernames

Post by AmieCuteFeetandToes »

You do realize that nudey model turned nerd is a bit far fetched and most people are probably thinking "troll", right?
Well, I am not a troll! I am a nerd though, and I like to look pretty as well. So I guess you can believe whatever you want to believe lol.

Anyways, I looked at some of what you said and looked around for tutorials and all. This is what I came up with. Let me know if it's looking better now and somewhat correct. :)

Code: Select all

 
<?php
 
// Sanitization
function safeData($data) {
    $returnData = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars(trim($data)))));
    return $returnData;
}
 
// Only begin logging the user in if the form has been submitted,
// and if the 'login' variable is set to 'yes'.
if (isset($_POST['submit']) && $_GET['login'] == "yes")) {
 
 
 
 
mysql_connect('p80mysql90.secureserver.net','AmieAmie88','SexyAmieTits88');      mysql_select_db('amiedata');
 
// Sanitize these variables and make sure they are safe.
// Sometimes malicious users try to inject bad things into your site.
$user = safeData($_POST['user']);
$pass = safeData($_POST['pass']);
 
 
# Authenticate the user
 
 
// Check if there is a user in the database that matches the entered data.
$check1 = mysql_query("SELECT * FROM login WHERE user = '$user' AND pass='$pass'");
 
// If no user matches the entered data, then display an error.
if (mysql_num_rows($check1) != 1) {
    mysql_close();
    die("Invalid Login");
 
}
// Otherwise, log him/her in.
else {
 
    header("location:http://www.myserver.com/navigation.php");
 
 
// Set the session
session_start();
$_SESSION['user'] = $user;
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Log In</title>
</head>
 
<body>
<form action="index.php?login=yes" method="post">
Username: <input type="text" name="user" /><br />
Password: <input type="text" name="pass" /><br />
<input type="submit" name="submit" value="Log In" /><p>
</form>
 
 
 
</body>
</html>
 
The user id should be unique AND a primary key.
Do I make it a primary key in phpMyAdmin too?
Use sha256 at the very least.
Not sure exactly what all of these do. Let me know if I need to add a hash thing in there.
User avatar
AmieCuteFeetandToes
Forum Newbie
Posts: 7
Joined: Tue Jan 26, 2010 6:07 pm
Location: Los Angeles, CA

Re: PHP Login and Creating Usernames

Post by AmieCuteFeetandToes »

Ahh, maybe my code isn't that great after all. I get this when I preview it:

"Parse error: syntax error, unexpected T_FUNCTION in index.php on line 4"

:banghead:
User avatar
AmieCuteFeetandToes
Forum Newbie
Posts: 7
Joined: Tue Jan 26, 2010 6:07 pm
Location: Los Angeles, CA

Re: PHP Login and Creating Usernames

Post by AmieCuteFeetandToes »

The code on line 4 is:

Code: Select all

function safeData($data) {
So I tried with out it, still an error. I removed the sanitation code, then I get an error at:

Code: Select all

if (isset($_POST['submit']) && $_GET['login'] == "yes")) {
Not sure what's going on. Even my original code I posted at the beginning of this thread says I get this error:
"Parse error: syntax error, unexpected T_VARIABLE in index.php on line 27"

This is line 27 of it:

Code: Select all

$get=mysql_query('SELECT count(id) FROM login WHERE user='$user' and pass='$pass');
Anyone have any clue on what might be wrong?
Post Reply