Posted by Jim Michaels on 01/11/06 13:11

generic login script.
there is an ENCRYPT(str, passcode) and DECRYPT(str,passcode) function in
MySQL for the password. This prevents someone doing a SELECT password
theft.
you can do it two ways. you can create database users if you have
permissions to do so,
or you can create a table with username and password columns.
to create the table,
mysql_query("CREATE TABLE logins (
username varchar(8) NOT NULL,
password varchar(20) NOT NULL,
PRIMARY KEY(username)
)", $link);
mysql_query("CREATE UNIQUE INDEX login_ix ON logins(username)", $link);

<?php
include 'inc.php'; //stuff to make DB connection as $link
if (isset($_POST['username']) && isset($_POST['password'] )) {
$q=mysql_query("SELECT DECRYPT(password,'gArblEstRinG') AS pwd FROM
logins WHERE username='$_POST[username]'", $link);
$row=mysql_fetch_array($q);
if (mysql_num_rows($q)>0) { //username found. is pwd correct?
if ($row['pwd']==$_POST['password']) { //total match!
//do something here. we'll redirect to another page.
header("Location: memberspage.php");
} else { // failed to match. show login form.
?>
<form action="index.php" method=post>
<input type=text name=username maxsize=8><br>
<input type=password name=password maxsize=8>
<input type=submit value=Login>
</form>
<?php
}
} else { //failed login. show form.
?>
<form action="index.php" method=post>
<input type=text name=username maxsize=8><br>
<input type=password name=password maxsize=8>
<input type=submit value=Login>
</form>
<?php
}
} else { //not processing, so display form.
?>
<form action="index.php" method=post>
<input type=text name=username maxsize=8><br>
<input type=password name=password maxsize=8>
<input type=submit value=Login>
</form>
<?php
}
?>

to create a new user using a form,
mysql_query("INSERT INTO logins (username, password) VALUES
('$_POST[username]', ENCRYPT('$_POST[password]', 'gArblEstRinG'))", $link);


"Frank R" <Fradojr@cox.net> wrote in message
news:Jpstf.124455$WH.34895@dukeread01...
> ok, thats one of the thinks i dont understand is running the query i didnt
> read that part of the tutorial seriously becuase its kind of confusing any
> short explination on how to do this ? thanks in advanced
> "Simon" <simon@webworx.co.uk> wrote in message
> news:PUrtf.63176$a15.27032@newsfe5-win.ntli.net...
>> 1. Create a form (HTML) with username and password fields
>> 2. submit the form to your php page
>> 3. Grab the username and password
>> 4. connect to your database.
>> 5, run a query against a users table for that username
>> 6. check the password is correct for that user
>> 7. Return true or false accordingly.
>>
>>
>> "Frank R" <Fradojr@cox.net> wrote in message
>> news:MCptf.124040$WH.12721@dukeread01...
>>> Hey, All im learning mysql and i have read tuts on how to add data to a
>>> table and select the database. Also to connect, but what i dont know how
>> to
>>> do is how to check a form through mysql such as a login page to check
>>> the
>>> database for the username and password. And if its true to login does
>> anyone
>>> know where i can get a tut on this or someone who can over me some help
>>> thanks in advanced.
>>>
>>>
>>
>>
>
>

[Back to original message]