Password

Hello,

Can someone show me how to create a username and password page by using php and mysql???

Do php and mysql have good security? If not, what is the best way to create a user name and password page?

Thank you

I will help.

PHP and MySQL are perfectly secure, providing you don't give out your password.

So a username and password. Right, is that a login too? I would assume you want a username, password signup, and a login section.

Here is what I would do...

First, Create a table in your database called `users`, you could use this SQL query...


CREATE TABLE `users` ( `Username` TEXT NOT NULL, `Password` TEXT NOT NULL );


Now you need a signup page, you could call this signup.php. The contents would be something like this:



<html>
<head>
....... ( PUT ALL YOUR NORMAL HTML HERE )
<body>

<form name="add" action="adduser.php" method="post">
<input type="text" name="username" value="<?php echo $_POST['username']; ?>" />
<input type="password" name="password" value="<?php echo $_POST['password" />
<input type="submit" value="Submit" />
</form>

..... ( ANY OTHER HTML )

</html>



Now you need to save this file as signup.php ( or any name. I will call this signup.php )

Once that is saved, you will need to make a file called adduser.php. It would be something like this:


<?php
if($_POST['username'] != '' && $_POST['password'] != '')
{
$addToDB = "INSERT INTO `users`
VALUES
(
'".$_POST['username']."',
'".$_POST['password']."'
);";
$db = @mysql_connect('localhost','user','pass');
@mysql_select_db('database_name',$db);

if(@mysql_query($addToDB))
{
echo 'Added to list';
}
else
{
echo 'Error adding to list';
}
}
else
{
echo 'You did not enter a username or password';
header('location:signup.php');
}
?>



That should handle the signup part. I will put the login part in a new thread.

You will need to make a page called login, or something like that..


.......
( NORMAL HTML HERE )

<form action="cnf_login.php" method="post" name="log">
<input type="text" name="username" value="<?php echo $_POST['username']; ?>" />
<input type="password" name="password" value="<?php echo $_POST['password']; ?>" />
<input type="submit" value="Login" />
</form>



This page is basically the same as the signup page. All that is left to do is create a page called cnf_login.php.

This is the contents of cnf_login.php


<?php

$isUSER = "SELECT * FROM `users` WHERE Username='".$_POST['username']."' AND Password='".$_POST['password']."';";

$user = @mysql_query($isUSER);

if(@mysql_num_rows($user) == 1)
{
session_start();
$_SESSION['user'] = $_POST['username'];
}
else
{
echo 'Not a user';
}

?>



A few notes:

To check login, you should put something like


<?php
session_start();
if(!isset($_SESSION['user']))
{
header('location:login.php');
}
?>


before the <html> tag on every page that you require them to be logged in.

I dont really know how much you know about PHP, so If you are unsure about anything, do post back and I will help.

Thank you,

but I don't understand, in the form, why you use value="<?php echo $_POST['username'];

also, what's header(*.php)

Right.

The the <?php echo $_POST['username']; ?> It means that if there is any posted information, it will appear in the text field. (this is optional)


The header(*.php) part is a PHP function for adding headers.

You put header('location:login.php'); and it will direct you to the login.php page automatically.

The header() function must go before the HTML tag.

I like the way you explain stuff,

fast and clear, :)

One more thing, in php and mysql, what is the different between " and '

can you also give me some basic explaination on session_start

thank you so much

Right, as you know PHP variables are expressed with a $ sign.

Eg: $var;

Now, when you want to print variables to the page, or add it into a piece of text, you have options:

if you are using single quotes then you need to do this:


echo 'Hello '.$name.', That is your name isn't it';


You see the way you close the single quote, put a . and then the variable name.


If you are using double quotes, you can simply put:


echo "Hello $name, This is your name isn't it";



You can however use the . method with double quotes.

Now, the session_start(); function.

This function starts a PHP session. You can read more about this in the php manual www.php.net (http://www.php.net).

A session lasts until a user leaves your site. Until then, the session is persistant.

You can define session variables by using the $_SESSION array.
Eg:


session_start();

$_SESSION['user'] = 'matt'; // Sets the sesion variable 'user'

echo $_SESSION['user']; // Writes the word matt to the page

// The above info is stored until the person leaves your site or you use the session_destroy() function.


Another handy function is the session_destroy() function. This destroys all the information from the session_start function.

Always remember, the session_start() function must appear at the top of every page where you want to use the variables from the $_SESSION[] array

Thank you again,

I Know I have been bugging you for a long time, but you are the best help ever..

I installed php (php.net) and mysql (www.mysql.com). I am using window XP.

when connect (database, username, password)... where can I provide username and password for the database? because right now, I can connect to my database without giving username and password, I don't think it's really save doing that.

Can you show me how to provide database with a username and password.

Thank you again and again...

Mike

You should really give the users a auto_increment id, and make the username unique, no? using text for username and password is a bit off, I doubt anyone would use anything that long, use varchar or char


echo 'You did not enter a username or password';

header('location:signup.php');


The header MUST be sent before the echo, otherwise you will get an error.

Also, don't forget to actually connect to the database. ;)

At the top of all your pages, use

include("mydbconfig.php");

then in mydbconfig.php, include the following


$host = "localhost";
$user = "YourDatabaseUsername";
$pass = "YourDatabasePassword";
$db = "YourDatabaseName";

@mysql_connect($host,$user,$pass) or die("Unable to connect to the database");
@mysql_select_db($db) or die("Unable to find the database");

Oh yeah. missed that one.

Download phpMyAdmin and you can add users from there. :)

Hope this helps.

Thank you so much Miss-score, you are the best help ever.. :thumbsup:

Mike

==============================================

Nightfire,

About the auto increment id, if I have 5 IDs. and I deleted the record ID 3. will the ID goes like 1, 2, 4, 5 or 1, 2, 3, 4??

thank you,

Mike

It will go 1,2,4,5.

thanks :o