mysql> CREATE TABLE `members` (
-> `id` int(4) NOT NULL auto_increment,
-> `username` varchar(65) NOT NULL default '',
-> `password` varchar(65) NOT NULL default '',
-> PRIMARY KEY (`id`)
-> ) engine=MyISAM AUTO_INCREMENT=2 ;
Query OK, 0 rows affected (0.06 sec)
mysql> insert into members
-> values
-> (1, 'john', 'qwerty');
Query OK, 1 row affected (0.06 sec)
Secondly, use PHP to create a login screen:
<p align=center>You must login with the username and password to gain access:</p>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
Thirdly, use a PHP to get username and password and compare with value in SQL:
<?php
session_start();
ob_start();
error_reporting(E_ALL);
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="root"; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;
//header("location:login_success.php");
echo '<meta http-equiv="refresh" content="0;url=login_success.php">';
}
else {
//echo "Wrong Username or Password";
echo '<meta http-equiv="refresh" content="0;url=main_login.php">';
}
ob_end_flush();
?>
In the login_success.php, you can do any web page design:
<?php
// Check if session is not registered, redirect back to main page.
// Put this code in first line of web page.
session_start();
echo $_SESSION['myusername'];
if(isset($_SESSION['myusername'])){
//header("location:main_login.php");
} else {
echo '<meta http-equiv="refresh" content="0;url=main_login.php">';
}
?>
<html>
<body>
<b>Login Successful.</b><br>
Please click this to <a href=logout.php>logout</a>
</body>
</html>
The logout.php is simple:
<?php
// Put this code in first line of web page.
print "logout";
session_start();
session_destroy();
?>
<p>Please click this to <a href=main_login.php>login</a></p>
Now we will see how to encrypt the password.
Encrypt password with php
$password="john856";
$encrypt_password=md5($password);
echo $encrypt_password;
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$encrypted_password'";
$result=mysql_query($sql);
No comments:
Post a Comment