Geek Answers Handbook

Creating a PHP Login System

Can someone help me? My username is Blimeo and my password is “password,” but when I add my credentials, it says “Access is denied,” as I said. I am 100% sure that I have correctly configured mySQL database.

<html> <body> <?php echo sha1('Blimeo'); if (isset($_REQUEST['attempt'])) { $link = mysql_connect('localhost', 'root', 'password') or die('Could not connect to database'); $user = mysql_real_escape_string($_POST['user']); $password = sha1(mysql_real_escape_string($_POST['password'])); mysql_select_db('test_users'); $query = mysql_query( "SELECT user FROM users WHERE user = '$user' AND password = '$password' ") or die(mysql_error()); mysql_fetch_array($query); $total = mysql_num_rows($query); if ($total > 0) { session_start(); $_SESSION['user'] = 'blah'; header('location: dashboard.php'); } else { echo '<br>Access denied!'; } } ?> <form method="post" action="login.php?attempt"> Enter your username:<input type="text" name="user"/><br/> Enter your password:<input type="password" name="password"/><br/> <input type="submit"/> </form> </body> </html>
+4
source share
4 answers

UPDATE, 2016

Please use only existing login systems that are provided out of the box in almost every PHP infrastructure! There is absolutely no reason to write this yourself, as user authentication is a big topic, and it will take several months (years) to write a serious, stable and modern login solution.

ORIGINAL TEXT, Since 2012:

Since login systems are a security issue and EVERYBODY repeats the same errors over and over again, I can clearly say:

Take a professional script and work through the code to understand what is happening, what hashing and salting are, and what problems sessions may have.

Try this baby: http://php-login.net

+15
source

First of all, you should start your session on the first line of the page.

You must also update your code to use PDO statements instead of mysql functions. They are slower and subject to mysqli.

Then you need to check if the returned number of lines is 1 and not more than 0. This will be a security problem, since your script can be processed to return more than 1 line, and then it will confirm and enter the safe zone.

The problem seems to me that your password does not match db. echo sha1 your password and see if it matches the table.

0
source

The script seems to break when it tests mysql_num_rows ().

Right before:

 if ($total > 0) {

Perhaps try adding the following line to check and make sure $ total is really> 0:

 echo $total;

In addition, try checking the mysql query to make sure that it returns at least one row from the database.

0
source 
 make database in mysql then run this code:: <table border="0" align="center" cellpadding="0" cellspacing="0" width="300"> <tr> <td> <form method="post" action="flogin.php"> <table width="100%" cellpadding="7" cellspacing="0" border="0"> <tr> <td colspan="3"><center><strong>Insert Values In DataBase </strong></center><br /></td><br /> </tr> <tr> <td width="30%">Name</td> <td width="10%">:</td> <td width="60%"><input type="text" name="name" /></td> </tr> <tr> <td width="30%">Last Name</td> <td width="10%">:</td> <td width="60%"><input type="text" name="lastname" /></td> </tr> <tr> <td width="30%">Email</td> <td width="10%">:</td> <td width="60%"><input type="text" name="email" /></td> </tr> <tr> <td colspan="3"><center><input type="submit" name="submit" /></center><br /></td> </tr> </table> </form> </td> </tr> </table> <?php mysql_connect("localhost", "root", "") or die("can not connect to database"); mysql_select_db("flogin")or die("can not connect"); if (isset($_POST['submit'])){ $name=$_POST['name']; $lastname=$_POST['lastname']; $email=$_POST['email']; $query=mysql_query("INSERT INTO info(name, lastname, email)VALUES('$name', '$lastname', '$email')"); if($query){ echo "successful"; echo "<br>"; echo "<a href='insert.php'>Back to main page</a>"; } else { echo "error"; } } ?> <?php mysql_close(); ?>
0
source

More articles:


All Articles