Home arrow PHP arrow Page 2 - A Login System for a PHP Email Application

The code: form verification - PHP

We know from the previous article that the user ID is very important, in that it is used to retrieve various information from the database at various stages of the application. The login form sets this userID when you log in. It is the login system that will be the focus of this second part in a four-part series.

  1. A Login System for a PHP Email Application
  2. The code: form verification
  3. The code: logging out and registration
  4. The code: form handling and user profile
By: Leidago
Rating: starstarstarstarstar / 27
November 01, 2006

print this article



Javascript Code. This script provides the first code of authentication. It checks to see if the user has filled in all the required fields on the form. If the user has not done so, a dialog box pops up that tells the user exactly which field he or she did not fill in:

<script language="javascript" type="text/javascript">
function checkform(pform1){
alert("Please enter a username")
return false
alert("Please enter a password")
return false
if(pform1.pw.value=="" && pform1.uname.value==""){
alert("Please make sure that you have entered your username and
return false
return true

Although this is a good way to check whether the user has indeed filled in all the needed values, it does not always work.  This is because JavaScript can be turned off by some users, so if you rely on Javascript alone to verify user input, you will have a lot of problems later on.

PHP Form Code. This is the main code that processes the form information. It also acts as the second level of verification of form data. At first it checks to see if the form has been submitted. If it has been submitted, it checks to see if the form data that is contained within the submitted form has values. Its third step is to check whether the username and password match any that are in the database. Based on the outcome, the userID of the user will be stored in a session variable together with other data, and then the user will either be put through to the index page of the application or an error and the login page will be displayed:

//check if required data is submitted
if(!empty($_POST['uname'] && $_POST['pw'] ){

Here you can also check to see if the right kind of username and password have been submitted. For example, you can make the user submit a username that begins with "usr.username," then use regex to find out if that pattern has been followed. Also if you are really serious about security, you should use MD5 encryption here. This is to stop SQL injection and to make your form safer.

$query = "SELECT user_id,email,uname,upass from user WHERE uname
= '".$_POST['uname']."' AND upass = '".$_POST['pw']."'";
$result = mysql_query($query);
$num = mysql_num_rows($result);
if($num > 0){
$_SESSION['userid'] = $r['user_id'];
$_SESSION['user'] = $r['uname'];
$error = "Your username and password do not match";
}//form vars check
$error = "Please enter all required information";
}//end submit

I've not focused on form security too much, because everyone's security needs are  different. But I've made some attempt at pointing you in the right direction. Look at the comments in red.

>>> More PHP Articles          >>> More By Leidago

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates


Dev Shed Tutorial Topics: