Programming Forums - View Single Post

tempest · Nov 2nd, 2004, 10:09 PM

-shove-

Alright moving on. Basically when you are writing a program you have to decide what all the code will need to have in it to work....

For a login script:
- Input to the PHP page (user and pass variables)
- Connection to the databases with user and pass variables stored
- Check to make sure that user exists
- If he does then start a session in which identifies him as logged in...

(Toggle Plain Text)

<?php
  /* 
   * The following is a very basic login.php
   * because of the risk of MySQL injection
   * and the lack of MD5 encryption in the
   * database this shouldnt be used for a
   * commercial site. This is merely a backbone
   * example.
   */

  // (1) Get the variables from the forms
  // that sent us info VIA post.
  $user = $_POST['user'];
  $pass = $_POST['pass'];

  // (2) Make a mysql database connection
  mysql_connect("localhost", "user", "pass");

  // (2 a) Select the db with the user and pass table in it
  mysql_select_db("users");

  // Query the mysql database and make $query hold our results 
  $query = mysql_query("select * from users where user = '{$user}' and pass='{$pass}'");
 
  // See if any rows were returned, identifying the user and pass as being existant in the db
  if(mysql_num_rows($query) > 0) {
    // Start our session...
    session_start();
 
    // Set our session user
    $_SESSION['user'] = $user;
  }
?>

The best programming practice exists in challenging yourself with the knowledge you have to create programs that are a little bit out of your reach, but not too much to where you cant accomplish it.

Nov 2nd, 2004, 10:09 PM	#2
tempest Programming Guru Join Date: Oct 2004 Posts: 1,041 Rep Power: 6	-shove- Alright moving on. Basically when you are writing a program you have to decide what all the code will need to have in it to work.... For a login script: - Input to the PHP page (user and pass variables) - Connection to the databases with user and pass variables stored - Check to make sure that user exists - If he does then start a session in which identifies him as logged in... (Toggle Plain Text) <?php /* * The following is a very basic login.php * because of the risk of MySQL injection * and the lack of MD5 encryption in the * database this shouldnt be used for a * commercial site. This is merely a backbone * example. / // (1) Get the variables from the forms // that sent us info VIA post. $user = $_POST['user']; $pass = $_POST['pass']; // (2) Make a mysql database connection mysql_connect("localhost", "user", "pass"); // (2 a) Select the db with the user and pass table in it mysql_select_db("users"); // Query the mysql database and make $query hold our results $query = mysql_query("select from users where user = '{$user}' and pass='{$pass}'"); // See if any rows were returned, identifying the user and pass as being existant in the db if(mysql_num_rows($query) > 0) { // Start our session... session_start(); // Set our session user $_SESSION['user'] = $user; } ?> <?php /* * The following is a very basic login.php * because of the risk of MySQL injection * and the lack of MD5 encryption in the * database this shouldnt be used for a * commercial site. This is merely a backbone * example. / // (1) Get the variables from the forms // that sent us info VIA post. $user = $_POST['user']; $pass = $_POST['pass']; // (2) Make a mysql database connection mysql_connect("localhost", "user", "pass"); // (2 a) Select the db with the user and pass table in it mysql_select_db("users"); // Query the mysql database and make $query hold our results $query = mysql_query("select from users where user = '{$user}' and pass='{$pass}'"); // See if any rows were returned, identifying the user and pass as being existant in the db if(mysql_num_rows($query) > 0) { // Start our session... session_start(); // Set our session user $_SESSION['user'] = $user; } ?> The best programming practice exists in challenging yourself with the knowledge you have to create programs that are a little bit out of your reach, but not too much to where you cant accomplish it. __________________