API tools faq
paste
Guest User

Untitled

a guest
Aug 23rd, 2018
133
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.45 KB | None | 0 0
raw download clone embed print report
  1. php login form - security basics
  2. <html>
  3. <head>
  4. <title>Website</title>
  5. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  6. </head>
  7.  
  8. <body>
  9. <ul><li><a href="index.php">HOME</a></li><li><a href="menu1.php">menu1</a></li><li><a href="logout.php">logout</a></li></ul>
  10. </body>
  11. </html>
  12.  
  13. <?php
  14. session_start();
  15. if (!isset($_SESSION["txtUserId"])) {
  16. require "login.php";
  17. exit;
  18. }
  19.  
  20. require_once('db_connect.php');
  21.  
  22. $errorMessage = '';
  23. if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
  24. // check if the user id and password combination is correct
  25. $random = '$%hgy5djk3tgbG^bhk';;
  26. $logname=htmlspecialchars($_POST['txtUserId']);
  27. $pass=sha1(($_POST['txtPassword']).$random)
  28.  
  29.  $sql = "SELECT user, pass FROM users WHERE username= :login";
  30.  $stmt = $db->prepare($sql);
  31.  
  32.   $stmt->bindvalue( ':login', $logname);
  33.   $stmt->execute();
  34. if $stmt['pass']==$pass {
  35.  
  36. // set the session
  37. $_SESSION['basic_is_logged_in'] = true;
  38. header('Location: main.php');
  39. exit;
  40. }
  41. else {
  42. $errorMessage = 'Sorry, wrong user id / password';
  43. require "login.php";
  44. }
  45. }
  46. ?>
  47. <html>
  48. <head>
  49. <title>Login ...</title>
  50. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  51. </head>
  52.  
  53. <body>
  54. <?php
  55. if ($errorMessage != '') {
  56. ?>
  57. <p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
  58. <?php
  59. }
  60. ?>
  61. <form method="post" name="frmLogin" id="frmLogin">
  62. <table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
  63. <tr>
  64. <td width="150">User Id</td>
  65. <td><input name="txtUserId" type="text" id="txtUserId"></td>
  66. </tr>
  67. <tr>
  68. <td width="150">Password</td>
  69. <td><input name="txtPassword" type="password" id="txtPassword"></td>
  70. </tr>
  71. <tr>
  72. <td width="150">&nbsp;</td>
  73. <td><input type="submit" name="btnLogin" value="Login"></td>
  74. </tr>
  75. </table>
  76. </form>
  77. </body>
  78. </html>
  79.  
  80. <?php
  81. $hostname = "localhost";
  82. $username = "name";
  83. $password = "pass";
  84. try {
  85. $pdo = new PDO("mysql:host=$hostname; dbname=dbnamehere", $username, $password);
  86. //echo "Connected to database"; // check for connection
  87. }
  88. catch(PDOException $e)
  89. {
  90. echo $e->getMessage();
  91. }
  92. ?>
  93.  
  94. if(isset($_SESSION['login_valid_error']) && !empty($_SESSION['login_valid_error'])) {
  95. header(...) //take the person to logged in page
  96. } else {
  97. header('Location: index.php');
  98. }
  99.  
  100. <?php
  101. if(isset($_SESSION['login_valid_error'])) {
  102. echo '<div class="error">'. $_SESSION['login_valid_error'] .'</div>';
  103. unset($_SESSION['login_valid_error']);
  104. }
  105. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!