Home arrow PHP arrow Page 3 - Filters and Login Systems for Web Application Security

The Login page - PHP

In this article we will be building our application, using the concepts discussed in the previous articles. Any web site that is selective in the kind of users that it wants to grant access to will need some method of filtering. This filtering is usually done through a login system. This (and more) is what we will be building. This article is the third part of an eight-part series.

  1. Filters and Login Systems for Web Application Security
  2. Definition and Storage File
  3. The Login page
  4. The code
By: David Web
Rating: starstarstarstarstar / 5
October 06, 2008

print this article



The login page is the main entrance to our site. Any user that wants to use our site needs to be authenticated by this script. We want only users that have registered to be allowed in, so we filter out those that are not registered through this script.



//someone registered?


$reg="Your details have been added, please login";




//has form been submitted


//check that the username and password is not empty

if( empty($_POST['uname']) && (empty($_POST['upass']))){

print "Please enter your username and password.";

$errmsg="Please enter your username and password.";



//check that the username and password is string

if( is_numeric($_POST['uname']) && (is_numeric($_POST['upass']))){

print "Please enter a valid username and password.";

$errmsg=" Please enter a valid username and password.";



//if no error then start authentication process


//transfer to shorter var



//if no error then start authentication process

//connect to db


//clean using mysql cleaner



$query="select uname,pw from users where uname='$cleanuname' and pw='$cleanupass' ";



if($num>0 ){

//put in session vars



$mytime=date("H:i:s A",$mytime);

$_SESSION['time'] = $mytime;

$_SESSION['status'] = 'logged';

$_SESSION['username'] = $cleanuname;

//goto next page





$_SESSION['status'] = 'not logged';

$errmsg="Your username ($n) and password do not match, please try again.";




<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/primary/Templates/was.dwt.php" codeOutsideHTMLIsLocked="false" -->


<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<!-- InstanceBeginEditable name="doctitle" -->


<!-- InstanceEndEditable -->

<!-- InstanceBeginEditable name="head" -->

<!-- InstanceEndEditable -->

<link href="Templates/was.css" rel="stylesheet" type="text/css" />

<script language="javascript" type="text/javascript">

function checkform(pform1){


alert("Please enter a username")


return false



alert("Please enter a password")


return false


if(pform1.pw.value=="" && pform1.uname.value==""){

alert("Please make sure that you have entered your username and password")

return false


return true





<table width="99%" border="1">


<td bgcolor="#333333" class="header">Web Secure</td>





<td><!-- InstanceBeginEditable name="main" -->

<form name="form1" onSubmit="return checkform(this)" method="post" action="">

<table width="41%" border="0" align="center" cellpadding="0" cellspacing="3">

<tr class="listtop">

<td colspan="3">Login Status:<? if(isset($msg)){

echo "$msg";


echo "$reg";




<td width="9%">Username</td>

<td width="41%"><input name="uname" type="text" id="uname" size="50"></td>

<td width="50%" rowspan="4">&nbsp;</td>




<td><input name="upass" type="text" id="upass" size="50">

<input type="hidden" name="key" /></td>




<td><a href="../password.php">Forgotten your password?</a>|<a href="register.php">Register</a></td>




<td><input type="submit" name="Submit" value="Login"></td>




<!-- InstanceEndEditable --></td>



<td class="copy">&copy;2008</td>




<!-- InstanceEnd --></html>

>>> More PHP Articles          >>> More By David Web

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates


Dev Shed Tutorial Topics: