Validates Username and Passowrd with PHP January 24, 2008
Posted by Puneet Pandey in PHP.Tags: assign user a session, how to validate a username and password in php, php script to validate username and password, simple php user validation script, validate user in php
trackback
Hi Guys, Here I m Writing the code, How to Validates user name and password with the database…
If the username and Password matches with the database values we need to assign a session to that user..
for that here we are giving a simple session to a user.
<?PHP
session_start();
$server = “localhost”; //In case if u have some other write it here
$username = “Your Server Login Username”;
$password = “Your Server Login Password”;
$db_name = “Your Database Name”;
$db = mysql_connect($server, $username, $password) or die(“Connection to database failed, perhaps the service is down !!”);
mysql_select_db($db_name) or die(“Database name not available !!”);
Those Query Will Connect You with your Database…. Now I m Writing the Query..
$login = mysql_query(“select * from table_name where (username = ‘” . $_POST['username'] . “‘) and (password = ‘” . md5($_POST['password']) . “‘)”,$db);
Tip: here my table contains only Two Field user name and password, if ur table contains more that two fields you can also use *. There is no such issue of using (*) Specifically. (*) will select all the values from the database, where as I can also write
$login = mysql_query(“SELECT username, password FROM table_name WHERE (username = ‘” . $_POST['username'] . “‘) and (password = ‘” . md5($_POST['password']) . “‘)”,$db);
Note: Here first username you are watching is the name of the column in your database and the value $_POST['username'] is the value which we are getting from the form in the previous page. Similarly for password also.
Note2: md5($_POST['password']) is the Password which is stored in the database in the form encrypted value, so that no one can see what the password is!!
$rowcount = mysql_num_rows($login);
if ($rowcount == 1) {
$_SESSION['username'] = $_POST['username'];
header(“Location: welcomehome.php”);
}
else
{
header(“Location: login.php”);
}
?>
Note: here we are giving username and password to a variable called $rowcount.
Next if the user name and password matches with the database we are assigning user a session. and If user name and password doesn’t matches with the database we are redirecting the user back to the login page, else we will redirect the user to its home page.
Hi Puneet Nice Article, It Helps me a Lot, Please Continue to Publish an Article Like this.
Thanks Once Again for your Great Help
Hi puneet. Thanks a lot. Ur code works neat. After the validation I want a message window opened which shows “username already exists” or “succesfully created account”. After that I want the control remains in the same page. Could u plz help me. Thanks, Paul
‘) or 1=1#
^ sql injection to bypass the login script
try to use mysql_real_escape_string() to sanitize the input…
which is very useful those who are the beginneers in webdesignig
hai puneet please continue an article like this thanks once again
hi
im shaheda
a php trainee,
would u please help me for writing a php code to validate username and password without using php sessions.
thanks
with regards,
$haheda.
Hi Shaheda,
First of all I am shifted to ruby on rails.. I am no more working on PHP.. so I can’t help you with sessions and all.. I am creating a base for myself to get my grip back on PHP. bt I think it will take time.. Meanwhile there are many developers and their well-maintained blogs, I am sure they can guide you well..
For any references like if you are stuck somewhere I can’t able to give you the exact code bt yaa I will surely help you with the links available.
Let me know if that sounds fine for you..
Regards
Puneet Pandey
Hi Puneet,
Thanks for the reply.
i’ll be greatful to u, if u send me a link of any developer who can guide me well on PHP.
thanks
Regards
$haheda