php mysql login function

Codes here !

Moderators: egami, macek, gesf

Post Reply
juulphp
New php-forum User
New php-forum User
Posts: 18
Joined: Tue Jan 24, 2017 5:41 am

Wed May 17, 2017 3:18 am

I have a login script that retrieve data from the MySQL database. Now I want to work with features. For example, if a user has function = 1, he will see a different page than user 2 that has function = 2. Also, user 1 may not come on user 2 page two that is then protected.

This is my checklogin.php:

Code: Select all

<?php
//Lees het config bestand
require_once'config.php';

//lees de formulier velden

$username = mysqli_real_escape_string($mysqli, $_POST['username']);
$password = mysqli_real_escape_string($mysqli, $_POST['password']);

if(strlen($username) > 0 && strlen($password) > 0) {

    //versleutel het wachtwoord

    $password = sha1($password);

    //maak de query

    $query = "SELECT * FROM users WHERE username = '$username' AND password = '$password' AND functie = '1' ";
//voer de query uit
    $result = mysqli_query($mysqli, $query);

    //controleer of de login correct was

    if(mysqli_num_rows($result) == 1)

        //start de sessie
    {
        session_start();
        // sla de username op in de sessie
        $_SESSION['username'] = $username;
        //stuur door naar de homepage
       echo("<script>window.location = 'dashboard.php';</script>");
    }  else {
        echo "Username or Password wrong!";
    }
}       else {
        echo "Try again!";
    }

?>

How can I do this this in PHP?

chorn
php-forum Active User
php-forum Active User
Posts: 381
Joined: Fri Apr 01, 2016 2:18 am

Sun May 21, 2017 10:14 pm

create a table "permissions" and store the user_id along with the function. then you can check against these permissions on other pages.

davidmitchell139
New php-forum User
New php-forum User
Posts: 1
Joined: Thu Sep 21, 2017 10:11 pm

Thu Sep 21, 2017 11:31 pm

This is so simple function to create login function you just need to follow some code which i have written below.
function authUser($username, $password){
connectDB();
$sql = "SELECT id, username FROM users where username = '".$username."' and password = '".$password."'";
$result = mysql_query($sql);
$num_rows = mysql_num_rows($result);
if ($num_rows > 0){
while ($row = mysql_fetch_array($result)){
$username = $row['username'];
session_start();
session_register('username');
return $username;
}
}
closeConn();
}



<---------------End of Coding-------------->

UK Essay Writing

User avatar
Strider64
php-forum Active User
php-forum Active User
Posts: 310
Joined: Sat Mar 23, 2013 8:24 am

Fri Sep 22, 2017 3:16 am

Here's a better way of doing it , doesn't use obsolete mysql and is more secure:

Code: Select all

<?php
session_start();

$db_options = array(
    /* important! use actual prepared statements (default: emulate prepared statements) */
    PDO::ATTR_EMULATE_PREPARES => false
    /* throw exceptions on errors (default: stay silent) */
    , PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
    /* fetch associative arrays (default: mixed arrays)    */
    , PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
);
$pdo = new PDO('mysql:host=' . DATABASE_HOST . ';dbname=' . DATABASE_NAME . ';charset=utf8', DATABASE_USERNAME, DATABASE_PASSWORD, $db_options);

function getUserRecord($username, $password, $pdo = NULL) {
    /* Setup the Query for reading in login data from database table */
    $query = 'SELECT * FROM users WHERE username=:username';


    $stmt = $pdo->prepare($query); // Prepare the query:
    $stmt->execute([':username' => $username]); // Execute the query with the supplied user's parameter(s):

    $stmt->setFetchMode(PDO::FETCH_ASSOC);
    $user = $stmt->fetch();

    /*
     * If password matches database table match send back true otherwise send back false.
     */
    if (password_verify($password, $user->password)) {
        unset($user['password']);
        $_SESSION['user'] = $user;
        /*
         * This is where you would do your setting up the user's account using whatever you are doing:
         */
    } else {
        $error = "Sorry invalid login attempt, please try again!";
        return $error;
    }
}

$status = getUserRecord($username, $password, $pdo);
although it could be better but it is at least steering you in a correct direction.
Life is a fig newton of your imagination! https://www.pepster.com/index

Post Reply