|
|
Posted by panda31 on 09/28/07 09:21
On 28 sep, 11:17, panda31 <mm.spaw...@gmail.com> wrote:
> On 28 sep, 09:00, Lars Eighner <use...@larseighner.com> wrote:
>
> > In our last episode,
> > <1190961794.635559.72...@w3g2000hsg.googlegroups.com>,
> > the lovely and talented yadev
> > broadcast on comp.lang.php:
>
> > > can you tell me how to write the code for username and password in php
>
> > $username
> > $password
>
> > --
> > Lars Eighner <http://larseighner.com/> <http://myspace.com/larseighner>
> > Countdown: 480 days to go.
> > What do you do when you're debranded?
>
> Yes... We can see it this way.
>
> In fact, you may have all answers in a PHP manual.
> However, you may give us some details of the way connexting users on
> your site. I suppose you use a MySQL db.
> So, you get variables values from a form and store them is $username
> and $password. Then, you check the inputs by escaping special HTML,
> SQL and PHP characters/tags to avoid XSS injections.
> Then, you run your SQL request. Be aware that you have to manage the
> user auth. during his navigation on your website!
>
> An example with session
>
> <?php
> mysql_connect('host','****','****') // where *** are host, user id &
> pwd for connexion
> mysql_select_db('you_data_base')
>
> // We start the session
> session_start();
> $loginOK = false; // Boolean for connexion validation
>
> // We run the treatment only if values of form have been recorded
> if ( isset($_POST) && (!empty($_POST['login'])) && (!
> empty($_POST['password'])) ) {
>
> extract($_POST);
>
> // We search password for given login ...
> $req = mysql_query("SELECT nickname, name, firstname, password FROM
> //escaping $login value
> user_table WHERE nickname = '".addslashes($login)."'")
>
> // ... we check if user exists ...
> if (mysql_num_rows($req) > 0) {
> $data = mysql_fetch_assoc($req)
>
> // ... and password validity.
> // You can add a md5 hash with a letter added to improve security
> $password_md5 = md5($password).'a'
> if ($password_md5 == $data['password']) {
> $loginOK = true;
> header('Location:http://yoursite.com/index.php');
>
> }
> }
> }
>
> if ($loginOK) {
> $_SESSION['nickname'] = $data['nickname'];
> $_SESSION['name'] = $data['name'];
> $_SESSION['firstname'] = $data['firstname'];
>
> }
>
> else {
> echo 'Error happened!';}
>
> ?>
oups... little error. look above please.
Navigation:
[Reply to this message]
|