Webbased login with PHP and MySQL

Anon

Hi,

Could someone tell me how can I write a script in PHP that will get the username and password and check it against a database created with MySQL?

Thank you

Anon

Create an HTML based form that posts to a PHP script.

In your PHP script use the variables from the form to check against the database.

If the check returns ok then set a "session" cookie that says the user is logged in.

On all subsequent pages check to see if the cookie is set if it is let the user see the loggedin only data, if not keep this information hidden from the user, or re-direct the user to a non-logged in only page.

There are many tutorials out there on this so I'm not going to write the code for you. I'm sure if you search the articles on this site you will find something.

Anon

Hi Rob, thanx for your help...

this is what i came up with:

<?php
$db = mysql_connect("localhost", "root");
mysql_select_db("SummerProject",$db);
$sql = "SELECT user FROM valid WHERE user='$user' AND pass='$pass'";
$result = mysql_query($sql,$db);
if ($myrow = mysql_fetch_array($result)) {
do {
echo "You are logged in as, <b>$user</b>";
} while ($myrow = mysql_fetch_array($result));
} else {
echo "<SCRIPT>location.replace('../../index.htm')</SCRIPT>";
}
?>

The problem is that i dont know anything about cookies 🙁

Could you write a bit of code of how i can set up cookies... thanx

Anon

It's really easy see:
http://www.php.net/manual/en/function.setcookie.php

PHP takes care of everything for you, all you do is call the function.

The basic code would be something like this:

setcookie("loggedin", 1);

Creating a cookie called loggedin with the value of 1, and in your other scripts you can just do this:

if ($loggedin)

To see if the users are logged in. There are a few other little things, but the above page will explain them fully.

Anon

I'd probably use a session instead (see the PHP manual on the session commands). Make sure that the variable you use for authentication (i.e. $loggedin) is NOT being read from a GET or POST. I do this by checking for the value before starting the session.

if ( isset( $loggedin ) )
{
print "You Cheater!";
exit;
}
session_start();

There is probably a better solution, but this seems to work for me.

Anon

I was going to suggest sessions, but since George seems very new I thought that using just cookies would be easier to grasp.

Also I tend to check the $HTTP_SESSION_VARS["loggedin"] for my values. If you do that for everything comming in ($HTTP_GET_VARS, $HTTP_POST_VARS) then you can be certain where the data that you are using is coming from.

Anon

Hi guy,
i've a problem regarding the login with PHP and Mysql.
please explain to me:

how would i like user to login to
my application and display his personal record. i don't how to pass the session to the next file.
all the example i got just tell the user that
he has successful login , it only display the 'successful text' instead of the user personal record.

please help me !

lizza

Anon

If you create a session then every page that has the function session_start() will have access to the session variables after it's been called.