On 28 sep, 09:00, Lars Eighner <use...@larseighner.comwrote:
In our last episode,
<1190961794.635559.72...@w3g2000hsg.googlegroups.c om>,
the lovely and talented yadev
broadcast on comp.lang.php:
can you tell me how to write the code for username and password in php
$username
$password
--
Lars Eighner <http://larseighner.com/ <http://myspace.com/larseighner>
Countdown: 480 days to go.
What do you do when you're debranded?
Yes... We can see it this way.
In fact, you may have all answers in a PHP manual.
However, you may give us some details of the way connexting users on
your site. I suppose you use a MySQL db.
So, you get variables values from a form and store them is $username
and $password. Then, you check the inputs by escaping special HTML,
SQL and PHP characters/tags to avoid XSS injections.
Then, you run your SQL request. Be aware that you have to manage the
user auth. during his navigation on your website!
An example with session
<?php
mysql_connect('host','****','****') // where *** are host, user id &
pwd for connexion
mysql_select_db('you_data_base')
// We start the session
session_start();
$loginOK = false; // Boolean for connexion validation
// We run the treatment only if values of form have been recorded
if ( isset($_POST) && (!empty($_POST['login'])) && (!
empty($_POST['password'])) ) {
extract($_POST);
// We search password for given login ...
$req = mysql_query("SELECT nickname, name, firstname, password FROM
user_table WHERE nickname = '".addslashes($login)."'") //escaping
$login value
// ... we check if user exists ...
if (mysql_num_rows($req) 0) {
$data = mysql_fetch_assoc($req)
// ... and password validity.
// You can add a md5 hash with a letter added to improve security
$password_md5 = md5($password).'a'
if ($password_md5 == $data['password']) {
$loginOK = true;
header('Location:http://yoursite.com/index.php');
}
}
}
Enjoy.
// Si le login a été validé on met les données en sessions
if ($loginOK) {
$_SESSION['speudonyme'] = $data['speudonyme'];
$_SESSION['nom'] = $data['nom'];
$_SESSION['prenom'] = $data['prenom'];
}
else {
echo 'Une erreur est survenue, veuillez réessayer de rentrer votre mot
de passe et pseudonyme !';
}
?>