wotsup_aish
New member
Hey guys, i wrote a php login script n i'd like to check its logic flow. i cant test cos i cannot install the php stuff on my laptop. so pls help. The basic outline is a login page where students can login using their matriculation numb and password. they wont hv to register.for testing purposes, i've entered matriculation numb:123456789F and password:uolexternal for testing purposes.Please help me genuises! thank you!
//login success
<?
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>
<html>
<body>
Login Successful
</body>
</html>
//log out
<?
session_start();
session_destroy();
?>
//Database created using phpMyAdmin
// creating table in database by runnning SQL Query
CREATE TABLE 'Login'(
`id` int(4) NOT NULL auto_increment,
`MatNo` varchar(20) NOT NULL default '',
`password` varchar(20) NOT NULL default '',
PRIMARY KEY (`id`)
) TYPE=MyISAM AUTO_INCREMENT=1 ;
//entering data into Login table
INSERT INTO `Login` VALUES (1, '123456789F', 'uolExternal');
//main_login.php
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#CCFF00">
<tr>
<td colspan="3"><strong>Student Login </strong></td>
</tr>
<tr>
<td width="235">Matriculation Number</td>
<td width="14">:</td>
<td width="766"><input name="MatNo" type="text" id="myusername" size="10" maxlength="10"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td>*</td>
<td>*</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
//verify login
<?php
ob_start();
$host="localhost"; // Host name
$username="syedhairun"; // Mysql username
$password="uolexternal"; // Mysql password
$db_name="SE"; // Database name
$tbl_name="Login"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php". Should direct to Welcome page. For coding purposes, its login_success.php
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Login Error.Please try again.";
}
ob_end_flush();
?>
//login success
<?
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>
<html>
<body>
Login Successful
</body>
</html>
//log out
<?
session_start();
session_destroy();
?>
//Database created using phpMyAdmin
// creating table in database by runnning SQL Query
CREATE TABLE 'Login'(
`id` int(4) NOT NULL auto_increment,
`MatNo` varchar(20) NOT NULL default '',
`password` varchar(20) NOT NULL default '',
PRIMARY KEY (`id`)
) TYPE=MyISAM AUTO_INCREMENT=1 ;
//entering data into Login table
INSERT INTO `Login` VALUES (1, '123456789F', 'uolExternal');
//main_login.php
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#CCFF00">
<tr>
<td colspan="3"><strong>Student Login </strong></td>
</tr>
<tr>
<td width="235">Matriculation Number</td>
<td width="14">:</td>
<td width="766"><input name="MatNo" type="text" id="myusername" size="10" maxlength="10"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td>*</td>
<td>*</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
//verify login
<?php
ob_start();
$host="localhost"; // Host name
$username="syedhairun"; // Mysql username
$password="uolexternal"; // Mysql password
$db_name="SE"; // Database name
$tbl_name="Login"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php". Should direct to Welcome page. For coding purposes, its login_success.php
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Login Error.Please try again.";
}
ob_end_flush();
?>