Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Software Development
Programming
[PHP] Login & Logout
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="GarettM" data-source="post: 366038" data-attributes="member: 839"><p>This is horrid at least document your work bro :-(</p><p>[PHP]</p><p><?php</p><p></p><p>/**</p><p>* Create session if session does not exist.</p><p>*/</p><p>if(!session_id())</p><p>{</p><p> session_start();</p><p>}</p><p></p><p>/**</p><p>* If user has submitted a login form</p><p>*/</p><p>if(isset($_POST, $_POST['login']))</p><p>{</p><p> /**</p><p> * include our database file</p><p> */</p><p> require( dirname(__FILE__) . '/database.php' );</p><p> </p><p> /**</p><p> * set our username and password variable</p><p> */</p><p> $username = strip_tags($_POST['username']);</p><p> $password = strip_tags($_POST['password']);</p><p> </p><p> /**</p><p> * set our error variable</p><p> */</p><p> $error = false;</p><p> </p><p> /**</p><p> * check our username variable and make sure it contains only alphanumeric characters</p><p> */</p><p> if(!ctype_alnum($username) || empty($username))</p><p> {</p><p> /**</p><p> * The username was not alphanumeric or the username was left empty.</p><p> * set a generic error so hackers/smart people don't guess.</p><p> */</p><p> $error = "Username or Password do not match.";</p><p> }</p><p> </p><p> /**</p><p> * check our password variable and make sure it contains only alphanumeric characters.</p><p> */</p><p> if(!ctype_alnum($password) || empty($password))</p><p> {</p><p> /**</p><p> * The password was not alphanumeric or the password was left empty.</p><p> * set a generic error so hackers/smart people don't guess.</p><p> */</p><p> $error = "Username or Password do not match."</p><p> }</p><p> </p><p> /**</p><p> * check to see if our error variable is set</p><p> */</p><p> if(!is_null($error) || isset($error))</p><p> {</p><p> /**</p><p> * Do something with the error message for know we will print it to the page</p><p> */</p><p> echo htmlspecialchars($error, ENT_COMPAT, 'ISO-8859-1', true);</p><p> }</p><p> /**</p><p> * error was not set so we can continue.</p><p> */</p><p> else {</p><p> /**</p><p> * strip slashes from username and password.</p><p> */</p><p> $username = stripslashes($username);</p><p> $password = stripslashes($password);</p><p> </p><p> /**</p><p> * make username and password variables mysqli string safe.</p><p> */</p><p> $username = mysqli_real_escape_string($database, $username);</p><p> $password = mysqli_real_escape_string($database, $password);</p><p> </p><p> /**</p><p> * encrypt password.</p><p> * Note: NEVER EVER USE MD5, Please use crypt</p><p> */</p><p> $password = md5($password);</p><p> </p><p> /**</p><p> * our database query</p><p> */</p><p> $sql_query = sprintf("SELECT * FROM users WHERE username='%s' LIMIT 1", $username);</p><p> </p><p> /**</p><p> * run our database query and collect our result in the fallowing variables</p><p> */</p><p> $database_query = mysqli_query($database, $sql_query);</p><p> $database_row = mysqli_fetch_array($database_query);</p><p> </p><p> if($password == $database_row['password'])</p><p> {</p><p> /**</p><p> * our encrypted password matched the one we have in our database continue.</p><p> * also store our users information.</p><p> */</p><p> foreach($database_row as $key => $value)</p><p> {</p><p> $_SESSION['account'][$key] = $value;</p><p> }</p><p> // redirect or do something else.</p><p> header("Location: account.php");</p><p> } else {</p><p> /**</p><p> * The username didn't match the username, generic error time.</p><p> */</p><p> $error = "Username or Password do not match.";</p><p> exit; // exit or redirect.</p><p> }</p><p> }</p><p>}</p><p>[/PHP]</p><p>was that so hard?</p></blockquote><p></p>
[QUOTE="GarettM, post: 366038, member: 839"] This is horrid at least document your work bro :-( [PHP] <?php /** * Create session if session does not exist. */ if(!session_id()) { session_start(); } /** * If user has submitted a login form */ if(isset($_POST, $_POST['login'])) { /** * include our database file */ require( dirname(__FILE__) . '/database.php' ); /** * set our username and password variable */ $username = strip_tags($_POST['username']); $password = strip_tags($_POST['password']); /** * set our error variable */ $error = false; /** * check our username variable and make sure it contains only alphanumeric characters */ if(!ctype_alnum($username) || empty($username)) { /** * The username was not alphanumeric or the username was left empty. * set a generic error so hackers/smart people don't guess. */ $error = "Username or Password do not match."; } /** * check our password variable and make sure it contains only alphanumeric characters. */ if(!ctype_alnum($password) || empty($password)) { /** * The password was not alphanumeric or the password was left empty. * set a generic error so hackers/smart people don't guess. */ $error = "Username or Password do not match." } /** * check to see if our error variable is set */ if(!is_null($error) || isset($error)) { /** * Do something with the error message for know we will print it to the page */ echo htmlspecialchars($error, ENT_COMPAT, 'ISO-8859-1', true); } /** * error was not set so we can continue. */ else { /** * strip slashes from username and password. */ $username = stripslashes($username); $password = stripslashes($password); /** * make username and password variables mysqli string safe. */ $username = mysqli_real_escape_string($database, $username); $password = mysqli_real_escape_string($database, $password); /** * encrypt password. * Note: NEVER EVER USE MD5, Please use crypt */ $password = md5($password); /** * our database query */ $sql_query = sprintf("SELECT * FROM users WHERE username='%s' LIMIT 1", $username); /** * run our database query and collect our result in the fallowing variables */ $database_query = mysqli_query($database, $sql_query); $database_row = mysqli_fetch_array($database_query); if($password == $database_row['password']) { /** * our encrypted password matched the one we have in our database continue. * also store our users information. */ foreach($database_row as $key => $value) { $_SESSION['account'][$key] = $value; } // redirect or do something else. header("Location: account.php"); } else { /** * The username didn't match the username, generic error time. */ $error = "Username or Password do not match."; exit; // exit or redirect. } } } [/PHP] was that so hard? [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Software Development
Programming
[PHP] Login & Logout
Top