Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.


Welcome to KnowledgeSutra - Dear Guest , Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply w/o Sign-Up!

3

Php Simple Login Tutorial

Started by HmmZ, Mar 03 2005 08:56 AM

«
Prev

103 replies to this topic

#101 Jez

Newbie [Level 1]

Kontributors
12 posts

Gender:Male
Location:North Yorkshire, UK
Interests:Semantic web, Web Technologies, Principles covering software development.

Application based programming, software and database design, freelance tutoring (taught 3 people so far in programming).

Posted 07 June 2011 - 10:17 AM

bjrn, on 03 March 2005 - 10:33 PM, said:

If someone is planning on implementing something like this here on their Trap17 account, I suggest you use Pear. When you have people logging into things on your site, you want to make sure that there is no possibility of sql injection. Pear's DB prepared statement function prevents SQL injection attacks. It's very handy.

Something like this could work

require_once("PEAR.php");
require_once("DB.php");
PEAR::setErrorHandling(PEAR_ERROR_DIE, "Aaaaargh! Error: %s");
$conn = DB::connect("mysql://dbuser:dbpassword@localhost/dbname");
$preparedstatement = $conn->prepare('INSERT INTO dbUsers (username, password, email) VALUES (?, ?, ?)');
$data = array($_POST['username'], $_POST['password'], $_POST['email']);
$conn->execute($preparedstatement, $data);

Please note that I haven't tested this code, it should work, but there might be some stupid typo somewhere.

Not too sure about a Trap17 account, however you can just use 'mysql_real_escape_string($myinput)' and that would protect you against SQL injections, you see you have to understand by query a database with text (numeric data obviously is not subjected to this), mysql appreciates everything as a command, like SELECT, FROM AND WHERE are all commands.

This allows the user if no SQL injection protection has been used to issue commands that could read from another database, by using mysql_real_escape_string() or prepare in PDO this sends in the requests as pure text and it's left entirely up to your SQL to actually perform the query, thus eliminating the potential for them to either read from another table, database, or even worse dropping a table or database even (if your privileges are not secure, when using the test database myself, I setup accounts that are only allowed to see certain tables, always think beyond the obvious is my key).

A query can be any type of syntax, like an actual query where you're trying to find the value of something, creating a database, these are all technically in Database logic queries.

Edited by Jez, 07 June 2011 - 10:20 AM.

#102 Guest_nooweel_*

Guests

Posted 25 June 2011 - 08:44 AM

ahm. hi sir, i really appreciate those programmers like you. I keep on practicing your code but still I can't make it. Why?

#103 Guest_tom_*

Guests

Posted 22 July 2011 - 09:12 PM

Hey thanks for this awesome guide, im trying to customize my login.php form.

How would I go about changing the font/colour ext of the username/password fields and input boxes in the echo tags?

"
//If all went right the Web form appears and users can log in
  echo "<form action=\"?op=login\" method=\"POST\">";
  echo "Username: <input name=\"username\" size=\"15\"> <br />";
  echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
  echo "<input type=\"submit\" value=\"Login\">";
  echo "</form>";
"

Any help or links would be much appreciated.

thanks

#104 Guest_Nulteck_*

Guests

Posted 17 May 2012 - 01:55 PM

HmmZ, on 03 March 2005 - 08:57 PM, said:

Thanks for the positive feedback, I haven't implemented, nor tested the code myself (just checked to see if it actually showed up), so if any problems persist, tell me about it, so I can adjust the code hoping it could fix it, if there is a flaw and you know the solution, replying with both the flaw and the solution is always welcome of course Posted Image

Hi,

Thanks for the code. It works perfectly. I have just made some adjustments inside the PHP code to make the design better. This code was the first one that I've found that worked on my website.

Best regards,
Nulteck

«
Prev

Back to Tutorials · Next Unread Topic →

Reply to this topic

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users