How to fill in this login script?

Question

How to fill in this login script?

I almost finished my login script, but I do not know how to verify the username and password. Here are my script files.

index.php:

<html> <body> <form action="action1.php" method="post"> Username: <input type="text" name="uname"> Password: <input type="password" name="pword"> <input type="submit"> </form> </body> </html>

The index.php file is just a page that I use to collect information from my users for registration.

action1.php:

 <?php $con = mysql_connect("localhost", "root", ""); if (!$con) { die ('Could not connect: ' . mysql_error()); } mysql_select_db("user1", $con); $sql="INSERT INTO useri1 (uname, pword) VALUES ('$_POST[uname]','$_POST[pword]')"; if (!mysql_query($sql, $con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con); ?>

The action1.php file is only a page that registers users in the database.

login.php:

 <html> <body> <form action="checklogin.php" method="post"> Username: <input type="text" name="uname1"> Password: <input type="password" name="pword1"> <input type="submit"> </form> </body> </html>

The login.php file is just the page that I use so that users enter their login information.

Now this is my problem, I have no idea how to check the registration information for users so that they can go to the area for members only. I am new and any help is much appreciated.

Thanks,

- Devin

+4

php mysql login registration

user2016663 Jan 28 '13 at 1:23

source share

3 answers

Graham walters · Answer 1 · 2013-01-28T01:40:32+0000

Firstly, you want to use mysqli instead of mysql because mysql is deprecated and is no longer actively developing. Secondly, you want to start avoiding database queries in order to stop SQL injection. In the code below, I used the session to track the user. You can learn more about the sessions here .

 <?php session_start(); $mysqli = new mysqli('localhost', 'root', DB_PASSWORD, 'user1'); /* check connection */ if ($mysqli->connect_error) die('Connect Error (' . $mysqli->connect_errno . ') ' . $mysqli->connect_error); /* escape string from sql injection */ $userName = $mysqli->real_escape_string($_POST['uname1']); /* query database */ $result = $mysqli->query("SELECT `pword` FROM `user1` WHERE `uname` = '".$userName."'"); if ($result->num_rows == 1) { while ($col = $result->fetch_array(MYSQLI_ASSOC)) { // This presumes you're storing your passwords in plain text. // If you hashed your passwords or anything, you would have to do the same to $_POST['pword'] if ($_POST['pword'] == $col['pword']) { // You could do anything here, but sessions are a way of keeping track of a user. $_SESSION['userName'] = $_POST['uname1']; $_SESSION['loggedIn'] = true; } } } $result->close(); /* don't forget to close the connection */ $mysqli->close(); ?>

Jakegould · Answer 2 · 2013-01-28T01:34:12+0000

You would execute the query on the following lines:

 $user_check_query = "SELECT * FROM useri1 WHERE uname=" . $_POST['uname'] . " AND pword=" . $_POST['pword'] .";";

And if the query returns a value, they can continue. If the query returns nothing, they cannot pass. Regarding logic, look at the code you created and see how to create if and else to process the logic.

Jesper bangsholt · Answer 3 · 2013-01-28T01:39:11+0000

You need to make a SELECT query - something like strings

SELECT STRCMP('{$_POST['pword']}', pword) FROM useri1 WHERE uname = '{$_POST['uname']}'

This should return a value in the range [-1, 1] - if it is not 0, the password is incorrect. If there are no rows, the user does not exist.

You also need to think about SQL injections, but it could be another day's exercise.

How to fill in this login script?

More articles: