PHP
  Home arrow PHP arrow Page 2 - A Login System for a PHP Email Applica...
Dev Shed Forums 
Administration  
AJAX  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Forums Sitemap 
IBM® developerWorks 
Sun Developer Network 
E-Commerce Hosting 
Linux Web Hosting 
Managed Hosting 
Small Business Hosting 
Mobile Linux 
App Generation ROI 
VPS Hosting 
Weekly Newsletter

 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
PHP

A Login System for a PHP Email Application
By: Leidago
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 3 stars3 stars3 stars3 stars3 stars / 19
    2006-11-01

    Table of Contents:
  • A Login System for a PHP Email Application
  • The code: form verification
  • The code: logging out and registration
  • The code: form handling and user profile

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     
    ADVERTISEMENT


    A Login System for a PHP Email Application - The code: form verification


    (Page 2 of 4 )

    Javascript Code. This script provides the first code of authentication. It checks to see if the user has filled in all the required fields on the form. If the user has not done so, a dialog box pops up that tells the user exactly which field he or she did not fill in:

    <script language="javascript" type="text/javascript">
    function checkform(pform1){
    if(pform1.uname.value==""){
    alert("Please enter a username")
    pform1.uname.focus()
    return false
    }
    if(pform1.pw.value==""){
    alert("Please enter a password")
    pform1.pw.focus()
    return false
    }
    if(pform1.pw.value=="" && pform1.uname.value==""){
    alert("Please make sure that you have entered your username and
    password")
    return false
    }
    return true
    }
    </script>

    Although this is a good way to check whether the user has indeed filled in all the needed values, it does not always work.  This is because JavaScript can be turned off by some users, so if you rely on Javascript alone to verify user input, you will have a lot of problems later on.

    PHP Form Code. This is the main code that processes the form information. It also acts as the second level of verification of form data. At first it checks to see if the form has been submitted. If it has been submitted, it checks to see if the form data that is contained within the submitted form has values. Its third step is to check whether the username and password match any that are in the database. Based on the outcome, the userID of the user will be stored in a session variable together with other data, and then the user will either be put through to the index page of the application or an error and the login page will be displayed:

    <?
    ob_start();
    session_start();
    if(isset($_POST['submit'])){
    //check if required data is submitted
    if(!empty($_POST['uname'] && $_POST['pw'] ){
    /*

    Here you can also check to see if the right kind of username and password have been submitted. For example, you can make the user submit a username that begins with "usr.username," then use regex to find out if that pattern has been followed. Also if you are really serious about security, you should use MD5 encryption here. This is to stop SQL injection and to make your form safer.

    */
    include("connect.php");
    $query = "SELECT user_id,email,uname,upass from user WHERE uname
    = '".$_POST['uname']."' AND upass = '".$_POST['pw']."'";
    $result = mysql_query($query);
    $num = mysql_num_rows($result);
    $r=mysql_fetch_assoc($result);
    if($num > 0){
    $_SESSION['userid'] = $r['user_id'];
    $_SESSION['user'] = $r['uname'];
    header("location:index.php?uid=".$r['user_id']."");
    }else{
    $error = "Your username and password do not match";
    }
    }//form vars check
    else{
    $error = "Please enter all required information";
    }
    }//end submit
    ?>

    I've not focused on form security too much, because everyone's security needs are  different. But I've made some attempt at pointing you in the right direction. Look at the comments in red.

    More PHP Articles
    More By Leidago


       · Hope this article on Emailling with PHP/MYSQL will be useful to someone.
     

       

    PHP ARTICLES

    - Authentication Scripts for a User Management...
    - Utilizing the Use Keyword for Namespaces in ...
    - Building a User Management Application
    - Working With Different Namespaces in PHP 5
    - User Management Explained: Overview
    - Using Namespaces in PHP 5
    - Database Security: Guarding Against SQL Inje...
    - Building a Modular Exception Class in PHP 5
    - Database and Password Security for Web Appli...
    - Handling MySQL Data Set Failures in PHP 5
    - Building Site Registration for Web Applicati...
    - Intercepting Customized Exceptions in PHP 5
    - Securing Your Web Application Against Attacks
    - Sub Classing Exceptions in PHP 5
    - Authentication for Web Application Security





    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 1 hosted by Hostway
    Stay green...Green IT