View Full Version : Password

04-08-2003, 09:16 PM

Can someone show me how to create a username and password page by using php and mysql???

Do php and mysql have good security? If not, what is the best way to create a user name and password page?

Thank you

04-08-2003, 09:34 PM
I will help.

PHP and MySQL are perfectly secure, providing you don't give out your password.

So a username and password. Right, is that a login too? I would assume you want a username, password signup, and a login section.

Here is what I would do...

First, Create a table in your database called `users`, you could use this SQL query...

CREATE TABLE `users` ( `Username` TEXT NOT NULL, `Password` TEXT NOT NULL );

Now you need a signup page, you could call this signup.php. The contents would be something like this:


<form name="add" action="adduser.php" method="post">
<input type="text" name="username" value="<?php echo $_POST['username']; ?>" />
<input type="password" name="password" value="<?php echo $_POST['password" />
<input type="submit" value="Submit" />

..... ( ANY OTHER HTML )


Now you need to save this file as signup.php ( or any name. I will call this signup.php )

Once that is saved, you will need to make a file called adduser.php. It would be something like this:

if($_POST['username'] != '' && $_POST['password'] != '')
$addToDB = "INSERT INTO `users`
$db = @mysql_connect('localhost','user','pass');

echo 'Added to list';
echo 'Error adding to list';
echo 'You did not enter a username or password';

That should handle the signup part. I will put the login part in a new thread.

04-08-2003, 09:54 PM
You will need to make a page called login, or something like that..


<form action="cnf_login.php" method="post" name="log">
<input type="text" name="username" value="<?php echo $_POST['username']; ?>" />
<input type="password" name="password" value="<?php echo $_POST['password']; ?>" />
<input type="submit" value="Login" />

This page is basically the same as the signup page. All that is left to do is create a page called cnf_login.php.

This is the contents of cnf_login.php


$isUSER = "SELECT * FROM `users` WHERE Username='".$_POST['username']."' AND Password='".$_POST['password']."';";

$user = @mysql_query($isUSER);

if(@mysql_num_rows($user) == 1)
$_SESSION['user'] = $_POST['username'];
echo 'Not a user';


A few notes:

To check login, you should put something like


before the <html> tag on every page that you require them to be logged in.

I dont really know how much you know about PHP, so If you are unsure about anything, do post back and I will help.

04-08-2003, 09:54 PM
Thank you,

but I don't understand, in the form, why you use value="<?php echo $_POST['username'];

also, what's header(*.php)

04-08-2003, 09:59 PM

The the <?php echo $_POST['username']; ?> It means that if there is any posted information, it will appear in the text field. (this is optional)

The header(*.php) part is a PHP function for adding headers.

You put header('location:login.php'); and it will direct you to the login.php page automatically.

The header() function must go before the HTML tag.

04-08-2003, 10:08 PM
I like the way you explain stuff,

fast and clear, :)

One more thing, in php and mysql, what is the different between " and '

can you also give me some basic explaination on session_start

thank you so much

04-08-2003, 10:24 PM
Right, as you know PHP variables are expressed with a $ sign.

Eg: $var;

Now, when you want to print variables to the page, or add it into a piece of text, you have options:

if you are using single quotes then you need to do this:

echo 'Hello '.$name.', That is your name isn't it';

You see the way you close the single quote, put a . and then the variable name.

If you are using double quotes, you can simply put:

echo "Hello $name, This is your name isn't it";

You can however use the . method with double quotes.

Now, the session_start(); function.

This function starts a PHP session. You can read more about this in the php manual www.php.net (http://www.php.net).

A session lasts until a user leaves your site. Until then, the session is persistant.

You can define session variables by using the $_SESSION array.


$_SESSION['user'] = 'matt'; // Sets the sesion variable 'user'

echo $_SESSION['user']; // Writes the word matt to the page

// The above info is stored until the person leaves your site or you use the session_destroy() function.

Another handy function is the session_destroy() function. This destroys all the information from the session_start function.

Always remember, the session_start() function must appear at the top of every page where you want to use the variables from the $_SESSION[] array

04-08-2003, 10:37 PM
Thank you again,

I Know I have been bugging you for a long time, but you are the best help ever..

I installed php (php.net) and mysql (www.mysql.com). I am using window XP.

when connect (database, username, password)... where can I provide username and password for the database? because right now, I can connect to my database without giving username and password, I don't think it's really save doing that.

Can you show me how to provide database with a username and password.

Thank you again and again...


04-08-2003, 10:52 PM
You should really give the users a auto_increment id, and make the username unique, no? using text for username and password is a bit off, I doubt anyone would use anything that long, use varchar or char

echo 'You did not enter a username or password';


The header MUST be sent before the echo, otherwise you will get an error.

Also, don't forget to actually connect to the database. ;)

At the top of all your pages, use


then in mydbconfig.php, include the following

$host = "localhost";
$user = "YourDatabaseUsername";
$pass = "YourDatabasePassword";
$db = "YourDatabaseName";

@mysql_connect($host,$user,$pass) or die("Unable to connect to the database");
@mysql_select_db($db) or die("Unable to find the database");

04-08-2003, 11:01 PM
Oh yeah. missed that one.

Download phpMyAdmin and you can add users from there. :)

Hope this helps.

04-09-2003, 03:00 PM
Thank you so much Miss-score, you are the best help ever.. :thumbsup:




About the auto increment id, if I have 5 IDs. and I deleted the record ID 3. will the ID goes like 1, 2, 4, 5 or 1, 2, 3, 4??

thank you,


04-09-2003, 04:51 PM
It will go 1,2,4,5.

04-09-2003, 05:54 PM
thanks :o