Check a username and password against a database record

Posted by dalean123

Last Updated: February 14, 2015

<?php
session_start(); //Start your session as the first thing on this page
//Before you start ensure that output buffering is turned on in the PHP .ini file
//Set up database connection using mysql
define("DB_SERVER", "localhost"); //Your server name
define("DB_USER", "root"); //Your username
define("DB_PASS", ""); //Your password
define("DB_NAME", "test"); //Your database

$connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME);

if(mysqli_connect_errno()){ //If there was an error while connecting to the database then the script will stop executing and an error will be issued
die("Database connection failed: ") .
mysqli_connect_error() .

"(" . mysqli_connect_errno . ")";
}

//If connection was successful, then the script will continue its processing

//declare some variables that will be needed in the script
$errors = array();
$message = "";
$username = "";
$password = "";
if($_SERVER["REQUEST_METHOD"] == "POST"){
if(isset($_POST["submit"])){
$username = trim($_POST["username"]);
$password = trim($_POST["password"]);

$required = array("username", "password");

function sanitize($username, $password){
$errors = array(); //Local $errors variable(array)
if($username === ""){
$errors["username"] = "Username cannot be blank";

} else{
if(strlen($username) < 6 || strlen($username) > 25){
$errors["username"] = "Username must be between 6 and 20 characters";
}
}
if($password === ""){
$errors["password"] = "Password cannot be blank";
}else{
if(strlen($password) < 6 ||strlen($password) > 25){
$errors["password"] = "Password must be between 6 and 20 characters";
}
}
return $errors;
} //function delimiter

$errors = sanitize($username, $password);

if(count($errors) !== 0){
$message .= "<ul>"; //Opening unorder list tag
foreach($errors as $field => $value){

$message .= "<li>{$value}</li>";
}
$message .= "</ul>"; //Closing unordered list tag

}else{
$query = "SELECT * FROM users WHERE username = '$username' LIMIT 1";
$result = mysqli_query($connection, $query);
$row = mysqli_num_rows($result);
if($row === 1){
$user = mysqli_fetch_assoc($result);
if($user["username"] == $username && $user["password"] === $password){
$_SESSION["user"] = $user["username"];
header("Location: home.php"); //Redirect your user to where ever
}else{
$message = "Username and Password does not match";
}
}else{
$message = "That user does not exist";
}
}

}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Simple Login page with PHP</title>
<meta charset="utf-8" />
</head>
<body>
<h1>Login page with PHP</h1>
<?php if(isset($message)) { echo $message; } ?>
<form action="login.php" method = "POST">
<table>
<tr>
<th><label for ="username"></label></th>
<td><input type = "text" name = "username" id = "username" value = "<?php echo $username; ?>" /></td>
</tr>
<tr>
<th><label for ="password"></label></th>
<td><input type = "password" name = "password" id = "password" /></td>
</tr>
<tr>
<td><input type = "submit" name = "submit" value = "Login" /></td>
</tr>
</table>
</form>
<?php mysqli_close($connection); ?>
</body>
</html>

mark123 For your queries use prepared statements or stored procedures to protect against security vulnerabilities.

gideonna it's very nice

Posted by dalean123

Related Content

Username & Password Validation using C++

Company Database using SQL

How to add and retrieve record in a binary file using C++

Transaction System Database using SQL

Create, Backup, Delete and Restore a simple database SQL

Strong Password Generator using Visual Basic.Net

JAVA Servlet Program to implement a dynamic HTML using Servlet (user name and password should be accepted using HTML and displayed using a Servlet)