Using the PHP Crypt Function - Login
(Page 3 of 4 )
Login would use a similar form, but now we are comparing a stored encrypted password with one entered by the user. The usual validating code can be used on the form input. Once this is done we make our database or file connections and retrieve the needed information. We then make our comparisons, and when we receive a successful match, start a new session for our logged in user and redirect them to the admin interface page. If there is no match we simply prompt the user to try again.
You could also set up a way to track the number of times a user attempted to log in within a certain period of time if you wished. Options to reset passwords and have passwords emailed to the user are also good add-ons. Of course keep in mind that wherever you store an unencrypted password, it had better be secure. If the information you are protecting is something like credit card information, it's even more important.
//the array $row is from the database that holds our information.
if(crypt($pwrd,$row[pword]) == $row[pword])
{
session_start();//start the new session
$sesid = session_id();//get the session id
$_SESSION[logged] = TRUE;//set a session id to check if this user is logged in
header("location: chooser.php?id=$sesid");//redirect the user to the admin interface page
break;
}
else//whoops no match but be nice and let them try again.
{
echo "<html><head></head>
<body><h1>Sorry No Passord matches.
</h1><a href = \"admin_login.html\">Try Again?</a></body></html>";
break;
}
Next: A Few Words About Storage and Security >>
More PHP Articles
More By Chris Root
/ 32 
