4 replies to this topic

[ravi951]

hi all,
my database name is "test".in the "test" database
i have created a table name called "log" which has two fields
namely username and password.
i have given username as "admin" and password as "admin123".
now i have written one code using php so that when i click the submit button both the username as "admin" and password as "admin123" gets matched then it should direct to the next page...
tell me how to check whether username and passwords are matching and if it matches it must point to the action part what we give in <form method="POST" action="www.php">
kindly tell me what i must add to the below program.....
below is the code in php......

<?php

$host="localhost";  

$username="root";  

$password="";  

$db_name="test"; 

$tbl_name="log"; 


mysql_connect("$host", "$username", "$password")or die("cannot connect"); 

mysql_select_db("$db_name")or die("cannot select DB");

 

$myusername=$_POST['myusername']; 

$mypassword=$_POST['mypassword'];


$myusername = stripslashes($myusername);

$mypassword = stripslashes($mypassword);

$myusername = mysql_real_escape_string($myusername);

$mypassword = mysql_real_escape_string($mypassword);


$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";

$result=mysql_query($sql);


// Mysql_num_row is counting table row

$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1)

{

// Register $myusername, $mypassword and redirect to file "login_success.php"

session_register("myusername");

session_register("mypassword"); 

header("location:www.php");

}

else 

{

echo "Wrong Username or Password";

}

?>

[Orjan]

um... a couple of advises on the code:

"www.php" is that your file name? odd choice, but it works... login.php should sound better as it tells you what it does.

session_register() is deprecated (at least from 5.3). You need to use session_start() as one of the very first lines in the file, and access the variables through $_SESSION as an array in the file.

stripslashes() isn't needed when doing the mysql_real_escape_string(); you can easily add those commands into one with:

$myusername=mysql_real_escape_string($_POST['myusername']);

also, your solution gives no security at all regarding password, as it's stored fully visible. hash it with some algorithm as AES, MD or similar before storing

[ravi951]

it is a simple program not security threat.
tell me when my username and password matches it must go to the program named in action=" ".
for my above code tell me how to display using submit button.
when we click on the submit button.then it should go to
location "www.php".
how to do that one....

[Orjan]

Have a look at the tutorial in our tutorial contest about building login page: http://forum.codecal...login-page.html

[yassinebelkaid]

all you need to do to put session_start(); at the very beginning and replace :

session_register("myusername"); and session_register("mypassword");

with:

$_SESSION['myusername']= $myusername;
$_SESSION['mypassword']= $mypassword;

and I think you want to redirect to index.php after checking the login.