Administration
AJAX
Apache
BrainDump
DHTML
Flash
Java
JavaScript
Multimedia
MySQL
Oracle
Perl
PHP
Practices
Python
Reviews
Security
Style-Sheets
Web Services
XML
Zend
Zope

Forums Sitemap
IBM® developerWorks
Sun Developer Network

E-Commerce Hosting
Linux Web Hosting
Managed Hosting
Small Business Hosting
Mobile Linux
App Generation ROI
VPS Hosting

Weekly Newsletter
Developer Updates
Free Website Content

Articles

Forums

All Feeds

Write For Us Get Paid

Request Media Kit

Site Map

Privacy Policy
Support

USERNAME

PASSWORD

>>> SIGN UP!

Lost Password?

PHP

RSS

A Login System for a PHP Email Application

By: Leidago	Search For More Articles! Disclaimer Author Terms
Rating: / 19
2006-11-01

Table of Contents:

A Login System for a PHP Email Application

The code: form verification

The code: logging out and registration

The code: form handling and user profile

	ADD THIS ARTICLE TO:
	Del.ici.ous	Digg
	Blink	Simpy
	Google	Spurl
	Y! MyWeb	Furl

Email Me Similar Content When Posted

Add Developer Shed Article Feed To Your Site

Email Article To Friend

Print Version Of Article

PDF Version Of Article

A Login System for a PHP Email Application - The code: form verification

(Page 2 of 4 )

Javascript Code. This script provides the first code of authentication. It checks to see if the user has filled in all the required fields on the form. If the user has not done so, a dialog box pops up that tells the user exactly which field he or she did not fill in:

Although this is a good way to check whether the user has indeed filled in all the needed values, it does not always work. This is because JavaScript can be turned off by some users, so if you rely on Javascript alone to verify user input, you will have a lot of problems later on.

PHP Form Code. This is the main code that processes the form information. It also acts as the second level of verification of form data. At first it checks to see if the form has been submitted. If it has been submitted, it checks to see if the form data that is contained within the submitted form has values. Its third step is to check whether the username and password match any that are in the database. Based on the outcome, the userID of the user will be stored in a session variable together with other data, and then the user will either be put through to the index page of the application or an error and the login page will be displayed:

<?
ob_start();
session_start();
if(isset($_POST['submit'])){
//check if required data is submitted
if(!empty($_POST['uname'] && $_POST['pw'] ){
/*

Here you can also check to see if the right kind of username and password have been submitted. For example, you can make the user submit a username that begins with "usr.username," then use regex to find out if that pattern has been followed. Also if you are really serious about security, you should use MD5 encryption here. This is to stop SQL injection and to make your form safer.

*/
include("connect.php");
$query = "SELECT user_id,email,uname,upass from user WHERE uname
= '".$_POST['uname']."' AND upass = '".$_POST['pw']."'";
$result = mysql_query($query);
$num = mysql_num_rows($result);
$r=mysql_fetch_assoc($result);
if($num > 0){
$_SESSION['userid'] = $r['user_id'];
$_SESSION['user'] = $r['uname'];
header("location:index.php?uid=".$r['user_id']."");
}else{
$error = "Your username and password do not match";
}
}//form vars check
else{
$error = "Please enter all required information";
}
}//end submit
?>

I've not focused on form security too much, because everyone's security needs are different. But I've made some attempt at pointing you in the right direction. Look at the comments in red.

Next: The code: logging out and registration >>