username and password validation

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mydingding
Forum Newbie
Posts: 2
Joined: Thu Oct 23, 2003 10:07 pm
Location: hawaii

username and password validation

Post by mydingding »

i am working on a validation page that will validate a username and a password, coming from the login page. i have gotten the information to transfer pages but need some help on validating.
would i put the valid usernames and passwords in an array?
Gen-ik
DevNet Resident
Posts: 1059
Joined: Mon Aug 12, 2002 7:08 pm
Location: London. UK.

Post by Gen-ik »

The best way would be to store the usernames and passwords in a database and check against that..... but as you're new to PHP let's start with something a bit more basic.

After you have sent the username and password to a page for validation you might use something like this.....

Code: Select all

<?

$un = $_GET["username"];
$pw = $_GET["password"];

$accounts["Bob"] = "bobpassword";
$accounts["Jim"] = "jimbo2000";
$accounts["Sarah"] = "doggies";

$account_exists = false;

foreach($accounts as $username => $password)
{
    if($username == $un && $password == $pw) $account_exists = true;
}

if($account_exists)
{
    // Things are good. Code goes here
}
else
{
    // The username and/or password is wrong. Code goes here
}

?>
Last edited by Gen-ik on Thu Oct 30, 2003 7:42 am, edited 1 time in total.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

or in a database or a ldap-directory or ... ;)
start with http://www.evilwalrus.com/search.php?ca ... arch=login
User avatar
Fredix
Forum Contributor
Posts: 101
Joined: Fri Jul 18, 2003 2:16 pm
Location: Wehr (Eifel) Germany
Contact:

Post by Fredix »

Though I haven't done all that login stuff and validating myself yet, I would like to give you a tipp:

store passwords as md5sums in your database (that is how this board stores them, too) this way no one can logon as someone else even if he hacked your db!
Post Reply