PHP Tutorials

How to Create a Secure PHP Login Script?

Create a MySQL database with your database administrator. Aussume will appoint you to test database directory, but you can name something, how.


Create a MySQL table named members. Two columns, username and password, with a maximum of 20 and 128 characters for varchar data type must both hold. The length of the column chosen password hash (sha512 as used in this example) is determined.


Example:

CREATE TABLE `members (`
Username `varchar (20),
`` Password varchar (128)
)


Create a login form. Two text fields, username and password into an HTML form with the name should be. Submission form is also required. Make sure that the event as a way of processing PHP pages and is ready to post.


Example:

RATE action="process_login.php" method="post">
User Name:

Password:





Log in Create a resource site. Following our earlier example, should be appointed process_login.php. You mysql_real_escape_string () to use SQL injection to prevent users with additional security for the sha512 hash should be used as a hash function.


For example (the MySQL server log):

$ Host = 'localhost', / / hostname,usually'localhost'
$ User = 'root', / / MySQL user login name
$ Pass =''; / / MySQL Password Login
$ Database = 'test', / / database name
$ Table = 'members', / / username

mysql_connect ($ host, $ user, $ pass);
mysql_select_db ($ database);


For example (Sanitising variable and the query is executed):

$ Username = mysql_real_escape_string ($ _POST ['username']);
$ Password = hash ('sha512', $ _POST ['password']);

Result = mysql_query ("SELECT * FROM table where $ username = '$ username and password =' ​​$ password '
) ";


For example, (apply):

If (mysql_num_rows ($ result))
{
Login / /
session_start ();
$ ['User'], htmlspecialchars ($ username) _SESSION, / / ​​htmlspecialchars () XSS sanitises
}
A
{
/ / Invalid user name / password
; Echo ' Invalid username password error ".
}

/ / Redirect
Header ('Location: http://www.example.com/loggedin.php');
Exit;


The Czech state has to be. Varaibles check user name is in session, you can also display your user name do.


Example:

session_start ();
If (isset ($ _SESSION ['username']))
{
/ / Login
Echo 'tag, as you logged on. $ _SESSION ['User']. '. ';
}
A
{
/ / You are not logged in
Echo 'tag < logged href = "login.php"> No .';
}


Create a script to logoff. Logoff script to delete and restart the session is redirected elsewhere.


Example:

session_start ();
session_destroy ();
Header ('Location: http://www.example.com/');
Subscribe to: Posts (Atom)