I just hate having page after page for simple little code so I built this code below to have a login system as a header on a website with the use of sessions. My questions are... #1 Did I create a simple login system? #2 is it bad to have that as my header on each page? #3 What can I do to increase security??
Thanks!
include 'connect.php'; //connect
session_start();
$message = ""; //error message needs to be blank
$loginstatus = ""; //error message needs to be blank
//if $_POST "username" and "password" exist, check for consistency.
if (isset($_POST['username'])&&($_POST['password']))
{
$username = $_POST['username']; //set variables from session
$password = $_POST['password']; //set variables from session
$password = md5($password); //password security
$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); //checking if row exists that has $username and $password together.
$num = mysql_num_rows($query); //number of rows. if not equal to one login will fail.
if($num==1)
{
$_SESSION['username'] = $username; //store session data
$message = "$username, you are logged in!";
}
else
{
$message = "<font color='red'>Wrong Username or Password. Please try again.</font>";
}
}
//if $_SESSION "username" and "password" exist, check for consistency.
if (isset($_SESSION['username']))
{
$username = $_SESSION['username'];
$loginstatus = "
<table cellspacing='0' cellpadding='0'>
<tr>
<td align='right'><b>$message</b> <a href='logout.php'>[logout]</a></td>
</tr>
</table>
";
}
else
{
$loginstatus = "
<b>$message</b>
<table cellspacing='0' cellpadding='0'>
<form action='index.php' method='post'>
<tr>
<td><b>Username:*</td>
<td><input type='text' name='username' class='inputbox'></td>
<td>***<b>Password:*</td>
<td><input type='password' name='password' class='inputbox'></td>
<td>***<input type='submit' value='Log In' class='submitbutton'></td>
</tr>
</table>
</form>
";
}
echo $loginstatus;
include "disconnect.php"; //disconnect
Thanks!
include 'connect.php'; //connect
session_start();
$message = ""; //error message needs to be blank
$loginstatus = ""; //error message needs to be blank
//if $_POST "username" and "password" exist, check for consistency.
if (isset($_POST['username'])&&($_POST['password']))
{
$username = $_POST['username']; //set variables from session
$password = $_POST['password']; //set variables from session
$password = md5($password); //password security
$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); //checking if row exists that has $username and $password together.
$num = mysql_num_rows($query); //number of rows. if not equal to one login will fail.
if($num==1)
{
$_SESSION['username'] = $username; //store session data
$message = "$username, you are logged in!";
}
else
{
$message = "<font color='red'>Wrong Username or Password. Please try again.</font>";
}
}
//if $_SESSION "username" and "password" exist, check for consistency.
if (isset($_SESSION['username']))
{
$username = $_SESSION['username'];
$loginstatus = "
<table cellspacing='0' cellpadding='0'>
<tr>
<td align='right'><b>$message</b> <a href='logout.php'>[logout]</a></td>
</tr>
</table>
";
}
else
{
$loginstatus = "
<b>$message</b>
<table cellspacing='0' cellpadding='0'>
<form action='index.php' method='post'>
<tr>
<td><b>Username:*</td>
<td><input type='text' name='username' class='inputbox'></td>
<td>***<b>Password:*</td>
<td><input type='password' name='password' class='inputbox'></td>
<td>***<input type='submit' value='Log In' class='submitbutton'></td>
</tr>
</table>
</form>
";
}
echo $loginstatus;
include "disconnect.php"; //disconnect