Page 1 of 1

PHP Login and Signup Scripts

Posted: Mon Feb 27, 2006 5:30 am
by mattop
Hey Guys, I'm a bit of a Newbie here, but I am a very good PHP Programmer. I'm am writing this because I want to share with this community some PHP coding. This code with show one example on how to create a database driven login and script process. Please share with your friends, and other programmers.

Login Script

Code: Select all

<?php
// Connect to MySQL
$conn = mysql_connect("dbserver", "dbuser", "dbpass") or die ("Cannot connect to mysql server");
mysql_select_db("dbname", $conn) or die ("Cannot connect to mysql database");

// Note, this script is a seperate page that is being posted to with a username and a password
// Variables
$username = $_POST['username'];
$password = $_POST['password'];

// Check form against database
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysql_query($sql, $conn) or die ("Cannot execute query");
$rows = mysql_num_rows($result);
if ($rows == "0") {
  // If results didn't match the database
  ?>
  <div align="left">
  Your uisername and password are incorrect<br>
  <a href="index.php" target="_self">Continue</a>
  </div>
  <?php
}
else {
  // If results did match the database
  // Set cookie or session
  header("Location:index.php");
}
?>
Signup Script

Code: Select all

<?php
// Connect to MySQL
$conn = mysql_connect("dbserver", "dbuser", "dbpass") or die ("Cannot connect to mysql server");
mysql_select_db("dbname", $conn) or die ("Cannot connect to mysql database");

// Note, this script is a seperate page that is being posted to with a username and a password and other stuff
// Variables
$username = $_POST['username'];
$password = $_POST['password'];
$other_stuff = $_POST['other'];

// Insert Results
// MORE TO COME!
?>
Sorry, I will finish this tutorial later :)

Re: PHP Login and Signup Scripts

Posted: Mon Feb 27, 2006 9:51 am
by hawleyjr
mattop wrote:

Code: Select all

// Note, this script is a seperate page that is being posted to with a username and a password
// Variables
$username = $_POST['username'];
$password = $_POST['password'];

// Check form against database
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
:? You really need to do some validation on the username and password variables before putting them into this query. Also are you not hashing your passwords? :wink:

Posted: Mon Feb 27, 2006 9:55 am
by Buddha443556
Properly escaping the variables used in the SQL statements would help too.

Posted: Mon Feb 27, 2006 11:31 am
by matthijs
Please share with your friends, and other programmers.
So you can hack our db's? :lol: :wink: