Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 13 of 13

Thread: Password

  1. #1
    Regular Coder
    Join Date
    Apr 2003
    Location
    Canada, Ontario, Mississauga
    Posts
    312
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Password

    Hello,

    Can someone show me how to create a username and password page by using php and mysql???

    Do php and mysql have good security? If not, what is the best way to create a user name and password page?

    Thank you

  • #2
    Senior Coder missing-score's Avatar
    Join Date
    Jan 2003
    Location
    UK
    Posts
    2,194
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I will help.

    PHP and MySQL are perfectly secure, providing you don't give out your password.

    So a username and password. Right, is that a login too? I would assume you want a username, password signup, and a login section.

    Here is what I would do...

    First, Create a table in your database called `users`, you could use this SQL query...


    CREATE TABLE `users` ( `Username` TEXT NOT NULL, `Password` TEXT NOT NULL );


    Now you need a signup page, you could call this signup.php. The contents would be something like this:

    Code:
    <html>
    <head>
    ....... ( PUT ALL YOUR NORMAL HTML HERE )
    <body>
    
    <form name="add" action="adduser.php" method="post">
    <input type="text" name="username" value="<?php echo $_POST['username']; ?>" />
    <input type="password" name="password" value="<?php echo $_POST['password" />
    <input type="submit" value="Submit" />
    </form>
    
    ..... ( ANY OTHER HTML )
    
    </html>

    Now you need to save this file as signup.php ( or any name. I will call this signup.php )

    Once that is saved, you will need to make a file called adduser.php. It would be something like this:

    PHP Code:
    <?php
    if($_POST['username'] != '' && $_POST['password'] != '')
    {
           
    $addToDB "INSERT INTO `users`
                                VALUES
                                (
                         '"
    .$_POST['username']."',
                         '"
    .$_POST['password']."'
                                );"
    ;
           
    $db = @mysql_connect('localhost','user','pass');
    @
    mysql_select_db('database_name',$db);

    if(@
    mysql_query($addToDB))
    {
          echo 
    'Added to list';
    }
    else
    {
          echo 
    'Error adding to list';
    }
    }
    else
    {
          echo 
    'You did not enter a username or password';
          
    header('location:signup.php');
    }
    ?>

    That should handle the signup part. I will put the login part in a new thread.

  • #3
    Senior Coder missing-score's Avatar
    Join Date
    Jan 2003
    Location
    UK
    Posts
    2,194
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Second part....

    You will need to make a page called login, or something like that..

    Code:
    .......
    ( NORMAL HTML HERE )
    
    <form action="cnf_login.php" method="post" name="log">
    <input type="text" name="username" value="<?php echo $_POST['username']; ?>" />
    <input type="password" name="password" value="<?php echo $_POST['password']; ?>" />
    <input type="submit" value="Login" />
    </form>
    This page is basically the same as the signup page. All that is left to do is create a page called cnf_login.php.

    This is the contents of cnf_login.php

    PHP Code:
    <?php

    $isUSER 
    "SELECT * FROM `users` WHERE Username='".$_POST['username']."' AND Password='".$_POST['password']."';";

    $user = @mysql_query($isUSER);

    if(@
    mysql_num_rows($user) == 1)
    {
          
    session_start();
          
    $_SESSION['user'] = $_POST['username'];
    }
    else
    {
          echo 
    'Not a user';
    }

    ?>

    A few notes:

    To check login, you should put something like

    PHP Code:
    <?php
    session_start
    ();
    if(!isset(
    $_SESSION['user']))
    {
          
    header('location:login.php');
    }
    ?>
    before the <html> tag on every page that you require them to be logged in.

    I dont really know how much you know about PHP, so If you are unsure about anything, do post back and I will help.

  • #4
    Regular Coder
    Join Date
    Apr 2003
    Location
    Canada, Ontario, Mississauga
    Posts
    312
    Thanks
    0
    Thanked 0 Times in 0 Posts

    don't know

    Thank you,

    but I don't understand, in the form, why you use value="<?php echo $_POST['username'];

    also, what's header(*.php)

  • #5
    Senior Coder missing-score's Avatar
    Join Date
    Jan 2003
    Location
    UK
    Posts
    2,194
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Right.

    The the <?php echo $_POST['username']; ?> It means that if there is any posted information, it will appear in the text field. (this is optional)


    The header(*.php) part is a PHP function for adding headers.

    You put header('location:login.php'); and it will direct you to the login.php page automatically.

    The header() function must go before the HTML tag.

  • #6
    Regular Coder
    Join Date
    Apr 2003
    Location
    Canada, Ontario, Mississauga
    Posts
    312
    Thanks
    0
    Thanked 0 Times in 0 Posts

    oohhhh

    I like the way you explain stuff,

    fast and clear,

    One more thing, in php and mysql, what is the different between " and '

    can you also give me some basic explaination on session_start

    thank you so much

  • #7
    Senior Coder missing-score's Avatar
    Join Date
    Jan 2003
    Location
    UK
    Posts
    2,194
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Right, as you know PHP variables are expressed with a $ sign.

    Eg: $var;

    Now, when you want to print variables to the page, or add it into a piece of text, you have options:

    if you are using single quotes then you need to do this:

    PHP Code:
    echo 'Hello '.$name.', That is your name isn't it
    You see the way you close the single quote, put a . and then the variable name.


    If you are using double quotes, you can simply put:

    PHP Code:
    echo "Hello $name, This is your name isn't it"

    You can however use the . method with double quotes.

    Now, the session_start(); function.

    This function starts a PHP session. You can read more about this in the php manual www.php.net.

    A session lasts until a user leaves your site. Until then, the session is persistant.

    You can define session variables by using the $_SESSION array.
    Eg:

    PHP Code:
    session_start();

    $_SESSION['user'] = 'matt'// Sets the sesion variable 'user'

    echo $_SESSION['user']; // Writes the word matt to the page

    // The above info is stored until the person leaves your site or you use the session_destroy() function. 
    Another handy function is the session_destroy() function. This destroys all the information from the session_start function.

    Always remember, the session_start() function must appear at the top of every page where you want to use the variables from the $_SESSION[] array

  • #8
    Regular Coder
    Join Date
    Apr 2003
    Location
    Canada, Ontario, Mississauga
    Posts
    312
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thank you again,

    I Know I have been bugging you for a long time, but you are the best help ever..

    I installed php (php.net) and mysql (www.mysql.com). I am using window XP.

    when connect (database, username, password)... where can I provide username and password for the database? because right now, I can connect to my database without giving username and password, I don't think it's really save doing that.

    Can you show me how to provide database with a username and password.

    Thank you again and again...

    Mike

  • #9
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,265
    Thanks
    6
    Thanked 48 Times in 48 Posts
    You should really give the users a auto_increment id, and make the username unique, no? using text for username and password is a bit off, I doubt anyone would use anything that long, use varchar or char

    PHP Code:
          echo 'You did not enter a username or password';

          
    header('location:signup.php'); 
    The header MUST be sent before the echo, otherwise you will get an error.

    Also, don't forget to actually connect to the database.

    At the top of all your pages, use

    include("mydbconfig.php");

    then in mydbconfig.php, include the following

    PHP Code:
    $host "localhost";
    $user "YourDatabaseUsername";
    $pass "YourDatabasePassword";
    $db "YourDatabaseName";

    @
    mysql_connect($host,$user,$pass) or die("Unable to connect to the database");
    @
    mysql_select_db($db) or die("Unable to find the database"); 

  • #10
    Senior Coder missing-score's Avatar
    Join Date
    Jan 2003
    Location
    UK
    Posts
    2,194
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Oh yeah. missed that one.

    Download phpMyAdmin and you can add users from there.

    Hope this helps.

  • #11
    Regular Coder
    Join Date
    Apr 2003
    Location
    Canada, Ontario, Mississauga
    Posts
    312
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Thank you

    Thank you so much Miss-score, you are the best help ever..

    Mike

    ==============================================

    Nightfire,

    About the auto increment id, if I have 5 IDs. and I deleted the record ID 3. will the ID goes like 1, 2, 4, 5 or 1, 2, 3, 4??

    thank you,

    Mike

  • #12
    New Coder
    Join Date
    Aug 2002
    Posts
    76
    Thanks
    0
    Thanked 0 Times in 0 Posts
    It will go 1,2,4,5.

  • #13
    Senior Coder missing-score's Avatar
    Join Date
    Jan 2003
    Location
    UK
    Posts
    2,194
    Thanks
    0
    Thanked 0 Times in 0 Posts
    thanks


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •