Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- php login form - security basics
- <html>
- <head>
- <title>Website</title>
- <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
- </head>
- <body>
- <ul><li><a href="index.php">HOME</a></li><li><a href="menu1.php">menu1</a></li><li><a href="logout.php">logout</a></li></ul>
- </body>
- </html>
- <?php
- session_start();
- if (!isset($_SESSION["txtUserId"])) {
- require "login.php";
- exit;
- }
- require_once('db_connect.php');
- $errorMessage = '';
- if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
- // check if the user id and password combination is correct
- $random = '$%hgy5djk3tgbG^bhk';;
- $logname=htmlspecialchars($_POST['txtUserId']);
- $pass=sha1(($_POST['txtPassword']).$random)
- $sql = "SELECT user, pass FROM users WHERE username= :login";
- $stmt = $db->prepare($sql);
- $stmt->bindvalue( ':login', $logname);
- $stmt->execute();
- if $stmt['pass']==$pass {
- // set the session
- $_SESSION['basic_is_logged_in'] = true;
- header('Location: main.php');
- exit;
- }
- else {
- $errorMessage = 'Sorry, wrong user id / password';
- require "login.php";
- }
- }
- ?>
- <html>
- <head>
- <title>Login ...</title>
- <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
- </head>
- <body>
- <?php
- if ($errorMessage != '') {
- ?>
- <p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
- <?php
- }
- ?>
- <form method="post" name="frmLogin" id="frmLogin">
- <table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
- <tr>
- <td width="150">User Id</td>
- <td><input name="txtUserId" type="text" id="txtUserId"></td>
- </tr>
- <tr>
- <td width="150">Password</td>
- <td><input name="txtPassword" type="password" id="txtPassword"></td>
- </tr>
- <tr>
- <td width="150"> </td>
- <td><input type="submit" name="btnLogin" value="Login"></td>
- </tr>
- </table>
- </form>
- </body>
- </html>
- <?php
- $hostname = "localhost";
- $username = "name";
- $password = "pass";
- try {
- $pdo = new PDO("mysql:host=$hostname; dbname=dbnamehere", $username, $password);
- //echo "Connected to database"; // check for connection
- }
- catch(PDOException $e)
- {
- echo $e->getMessage();
- }
- ?>
- if(isset($_SESSION['login_valid_error']) && !empty($_SESSION['login_valid_error'])) {
- header(...) //take the person to logged in page
- } else {
- header('Location: index.php');
- }
- <?php
- if(isset($_SESSION['login_valid_error'])) {
- echo '<div class="error">'. $_SESSION['login_valid_error'] .'</div>';
- unset($_SESSION['login_valid_error']);
- }
- ?>
Add Comment
Please, Sign In to add comment