06 May, 2013
PHP MySQLi secure login page with session set
I'll be teaching you how to make a secure login page with PHP with simple mysqli connection and will set variable to return error on the form. I'll set session that'll save your login credentials and login expiration time.
<?php
define("DB_HOST","your-mysql-hostname");
define("DB_USER","your-mysql-account-username");
define("DB_PASS","your-mysql-account-password");
define("DB_NAME","your-mysql-database-name");
// CONNECT TO MYSQLI
$sqli = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME) or die(mysqli_errno());
// FETCH DATA FROM FORM USING METHOD POST
// IF BUTTON NAME "LOGIN" IS SET
if (isset($_POST['login'])) {
// FETCH DATA FROM INPUT FIELD
$user = mysqli_real_escape_string($sqli, $_POST['user']);
$pass = mysqli_real_escape_string($sqli, $_POST['pass']);
// CHECK ALL FIELD HAS BEEN FILLED UP
if ($user && $pass) {
// QUERY FROM DATABASE
$query= mysqli_query($sqli, "SELECT * FROM member WHERE user='".$user."'");
$checkuser= mysqli_num_rows($query);
// CHECK IF USERNAME EXIST ON DATABASE
if($checkuser != 1) {
// I'LL BE SETTING A VARIABLE IF YOUR DOESN'T EXIST
$error = "Username doesn't exist in our database!";
}
// FETCHING PASSWORD IN DATABASE WHERE USERNAME COINCIDES
while ($row = mysqli_fetch_array($user)) {
$checkpass= $row['pass'];
// CHECK IF ENTERED PASSWORD MEETS THE USERNAME PASSWORD
if ($pass== $checkpass) {
// IF ALL OKAY SET SESSION
setcookie("user", $user, time()+7200);
$_SESSION['user'] = $user;
$_SESSION['start'] = time();
$_SESSION['expire'] = $_SESSION['start'] + (60 * 60 * 60);
header("Location: ".$_SERVER['PHP_SELF']);
exit();
} else {
// SET VARIABLE THAT'LL SHOW IF USER PASSWORD IS INCORRECT
$error = "Incorrect password!";
}
}
} else {
// SET VARIABLE IF ALL FIELD ARE NOT FILLED UP
$error = "Please enter a username and password.";
}
}
?>
<div style="text-align: center;">
<span class="error"><?php if(isset($error)) { echo $error; } ?></span>
<form action="" method="post" id="loginForm">
<span class="input">Username: <input type="text" name="user" maxlength="16"></span>
<span class="input">Password: <input type="password" name="pass"
Subscribe to:
Post Comments (Atom)
Thank you :) It helps a lot.
ReplyDeleteNo problem, just sharing to all who want to learn coding..
DeleteIf you need something else dont hesitate to ask.
I don't see where you define the variable $login
ReplyDeleteTry changing the "mysqli_fetch_array($login)" to "$query->fetch_array()";
ReplyDeleteAlso you misspell the variable $checkpass as $chesspass
Just thought your should know. Then the code should work.
He just work with mysqli and you want it in OOP so that is no problem Nikolas!
DeleteThanks alot! this really helped in improving my security for a school proyect im working on. Really appreciate it.
ReplyDeleteYou forgot to start the session
ReplyDeletephp code for photo tagging with demo and database
ReplyDeletehttp://www.lessonwithdemo.com/205/ajax/photo-tagging-like-facebook-without-page-refresh-with-ajax-without-jquery.php
I have problem it says parse error: syntax error, unexpected '$user' (t_variable) on line :$user = mysqli_real_escape_string($sqli, $_POST['user']);
ReplyDelete