very simple login system for novice

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
abhikerl
Forum Newbie
Posts: 9
Joined: Wed Jun 04, 2008 2:07 am
Location: Mauritius

very simple login system for novice

Post by abhikerl »

Before having so much experience in php, I search for a login/logout script but couldn't get one as simple as possible just to help me understand the basic of login/logout script. So dear, after being more experience now, I am posting a very simple login/logout code that can help novice to understand.

login.html

<form action='process.php' method='POST' >
<table > <tr> <td >Username: </td> <td > <input name="username" size="15"> </td></tr>

<tr><td >Password: </td> <td ><input type="password" name="password" size="15"> </td></tr>
<tr><td > <input type="submit" value="Login"> </td></tr>
</table>

</form>

process.php

<?php
session_start();
$username=$_POST["username"];
$password=$_POST["password"];
$enpassword=md5($password);

include("databaseConnection.php");


$result = mysql_query("SELECT * FROM tblUser WHERE username='$username'AND password='$enpassword'");

if($row = mysql_fetch_array($result))
{
header("location:index.php");
$_SESSION["valid_user"] = $username;
$_SESSION["valid_id"]= $row['userid'];

}
else
{
header("location:login.html");
}

?>

logout.php

<?php
session_start();
unset($_SESSION["valid_user"]);
unset($_SESSION['valid_id']);
header("location:login.html");
?>

Hope this will help !!!!!
Last edited by abhikerl on Thu Aug 07, 2008 3:06 am, edited 1 time in total.
User avatar
Stryks
Forum Regular
Posts: 746
Joined: Wed Jan 14, 2004 5:06 pm

Re: very simple login system for novice

Post by Stryks »

Not to nitpick, but there are a few problems with that script.

Firstly ...

Code: Select all

$password=$_POST["password"];
$enpassword=md5($pass);
 
Seems that $enpassword is going to be the same for everybody, as $pass is not set. Perhaps ...

Code: Select all

$enpassword=md5($_POST["password"]);
 
... will see you around that.

Next, if you're going to teach someone something, *start* by teaching them how to do it securely. Given that you know the data will be used to communicate with the database, at the very least you should be using mysql_real_escape_string [manual page] to protect your data.

Code: Select all

$username=mysql_real_escape_string($_POST["username"]);
$enpassword=md5($pass);
You'll notice I didn't run mysql_real_escape_string() across the password ... this is because anything that goes into md5() will come out hashed, so it will be clean.

Apart from that, there are only style issues to really be pointed out.

For example, just because php is outputting the html, doesn't mean you should get lazy in forming the HTML. You should have <HTML> <HEAD> and <BODY> tags for a start, and a <DOCTYPE> wouldn't go astray either.

Also, I always find it MUCH MUCH MUCH easier to manage forms when the file contains both the display and the form processing script. You have a slightly modified process.php inserted at the start of login.php, and the job is done. It also allows you to redisplay the form easily with the previous values pre-entered and notifications regarding the problems found.

Also, if you're posting for instructive purposes, it's always good to make sure the thing works as a whole. At the moment it is dependent on databaseConnection.php to function.

Apart from those points though, nice attempt. I'm sure that there will be many this code could help out.

Cheers
abhikerl
Forum Newbie
Posts: 9
Joined: Wed Jun 04, 2008 2:07 am
Location: Mauritius

Re: very simple login system for novice

Post by abhikerl »

thanks for the reply, I appreciate that. Ya, I missed out something while make it much easy as possible. But the good news is, if someone read my post and yours, well, that person will surely understand.....lol :wink:
Post Reply