PHP Login and Signup Scripts

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
mattop
Forum Newbie
Posts: 2
Joined: Mon Feb 27, 2006 5:13 am
Location: Connecticut

PHP Login and Signup Scripts

Post by mattop »

Hey Guys, I'm a bit of a Newbie here, but I am a very good PHP Programmer. I'm am writing this because I want to share with this community some PHP coding. This code with show one example on how to create a database driven login and script process. Please share with your friends, and other programmers.

Login Script

Code: Select all

<?php
// Connect to MySQL
$conn = mysql_connect("dbserver", "dbuser", "dbpass") or die ("Cannot connect to mysql server");
mysql_select_db("dbname", $conn) or die ("Cannot connect to mysql database");

// Note, this script is a seperate page that is being posted to with a username and a password
// Variables
$username = $_POST['username'];
$password = $_POST['password'];

// Check form against database
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysql_query($sql, $conn) or die ("Cannot execute query");
$rows = mysql_num_rows($result);
if ($rows == "0") {
  // If results didn't match the database
  ?>
  <div align="left">
  Your uisername and password are incorrect<br>
  <a href="index.php" target="_self">Continue</a>
  </div>
  <?php
}
else {
  // If results did match the database
  // Set cookie or session
  header("Location:index.php");
}
?>
Signup Script

Code: Select all

<?php
// Connect to MySQL
$conn = mysql_connect("dbserver", "dbuser", "dbpass") or die ("Cannot connect to mysql server");
mysql_select_db("dbname", $conn) or die ("Cannot connect to mysql database");

// Note, this script is a seperate page that is being posted to with a username and a password and other stuff
// Variables
$username = $_POST['username'];
$password = $_POST['password'];
$other_stuff = $_POST['other'];

// Insert Results
// MORE TO COME!
?>
Sorry, I will finish this tutorial later :)
User avatar
hawleyjr
BeerMod
Posts: 2170
Joined: Tue Jan 13, 2004 4:58 pm
Location: Jax FL & Spokane WA USA

Re: PHP Login and Signup Scripts

Post by hawleyjr »

mattop wrote:

Code: Select all

// Note, this script is a seperate page that is being posted to with a username and a password
// Variables
$username = $_POST['username'];
$password = $_POST['password'];

// Check form against database
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
:? You really need to do some validation on the username and password variables before putting them into this query. Also are you not hashing your passwords? :wink:
User avatar
Buddha443556
Forum Regular
Posts: 873
Joined: Fri Mar 19, 2004 1:51 pm

Post by Buddha443556 »

Properly escaping the variables used in the SQL statements would help too.
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Post by matthijs »

Please share with your friends, and other programmers.
So you can hack our db's? :lol: :wink:
Post Reply