Home arrow MySQL arrow Page 2 - Creating a Login Script for a PHP/MySQL Blogging System

Login.php - MySQL

In this three-part tutorial we are going to be creating an open blogging system. We are also going to provide scripts that will make it possible to switch to a closed blogging system. This article, which is the first part, will cover the creation of the login scripts for a closed system.

TABLE OF CONTENTS:
  1. Creating a Login Script for a PHP/MySQL Blogging System
  2. Login.php
  3. Logout.php
  4. Password.php
By: Jacques Noah
Rating: starstarstarstarstar / 90
October 03, 2006

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

This file displays a form that requests your username and password and also gives you the options to register as a new user or recover your password if you've forgotten it.

 Once you've  pressed the submit button the following code gets executed:

<?
session_start();
if(isset($_GET['reg'])){
$reg=$_GET['reg'];
}else{
$reg="";
}
if($reg==1){
$msg1="<font color="#FF0000"><b>Your details have been added,
please login</b></font>";
}elseif($reg==2){
$msg1="<font color="#FF0000"><b>You have been successfully
logged out.</b></font>";
}elseif($reg==3){
$msg1="<font color="#FF0000"><b>You have been redirected because you need to be logged on as administrator.</b></font>";
}
if(isset($_POST['submit'])){
if( empty($_POST['uname']) && (empty($_POST['upass']))){
header( "Location:Messages.php?msg=1" );
exit();
}
//transfer to shorter var
$n=$_POST['uname'];
$p=$_POST['upass'];
//connect to db
include('config.php');
$query="select * from user where uname='$n' and pw='$p'";
if($result=mysql_query($query)){
$row=mysql_fetch_assoc($result);
//check each var
if($n !=$row['uname']){
header( "Location:Messages.php?msg=2" );
exit();
}
if($p !=$row['pw']){
header( "Location:Messages.php?msg=11" );
exit();
}
if($row['isbanned']=='yes'){
header( "Location:Messages.php?msg=12" );
exit();
}
}//ifresult
//put in session vars
$_SESSION['level'] = $row['level'];
$_SESSION['status'] = 'logged';
$_SESSION['username'] = $n;
//This takes you to the admin pages; change this to take you to
wherever you want it //to go.
header("location:../admin/main.php");
exit;
}?>

Ignore the first part that falls under "if(isset($_GET['reg'])){}" since it concerns another script; we will come to it later. The next part does the following things:

  • Checks to see whether a user exists. If so, the username and password is compared with the information in the database. It also checks to see whether the user is banned. If all the checks are okay, the script puts the username in a session variable and then sends the user through to the blog.
  • If the user does not exist, the program goes to the messages page and displays an error message.

The script also checks the user's banned status. If a user is banned, then the script directs you to the Messages page. The submitted username and password is checked individually and then the appropriate action is taken. This enables the user to know exactly which of the two, username or password, is wrong.

You will also notice that some session variables are created. These are going to be used by the blog system to identify the user and by the admin script to identify whether a user indeed has admin level clearance.



 
 
>>> More MySQL Articles          >>> More By Jacques Noah
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

MYSQL ARTICLES

- Oracle Unveils MySQL 5.6
- MySQL Vulnerabilities Threaten Databases
- MySQL Cloud Options Expand with Google Cloud...
- MySQL 5.6 Prepped to Handle Demanding Web Use
- ScaleBase Service Virtualizes MySQL Databases
- Oracle Unveils MySQL Conversion Tools
- Akiban Opens Database Software for MySQL Use...
- Oracle Fixes MySQL Bug
- MySQL Databases Vulnerable to Password Hack
- MySQL: Overview of the ALTER TABLE Statement
- MySQL: How to Use the GRANT Statement
- MySQL: Creating, Listing, and Removing Datab...
- MySQL: Create, Show, and Describe Database T...
- MySQL Data and Table Types
- McAfee Releases Audit Plugin for MySQL Users

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: