I use MD5 to make the PHP code that is secure as the login page, although not 100% safe.
And of course this article is just an example, while development is hung to you.
Like the previous article, I just explained a bit of an example related to
source code and how the source code.
Simply put, the way it works is like code below:
1.) When users enter a username and password, then the first thing to do is check the database if the username is registered, if registered in the database, in this case we need a variable that indicates that the user is present.
2.) After that then the user will be given a session that is taken from the username, if the previous password is checked by MD5 is successfully performed.
3.) If all does not match then the user will be redirect to the login.html page, making it look like a stay in one page.
Before making the PHP script, let’s begin by creating the database:
create database userdb;
create table tbl_user(id int(3) primary key auto_increment,username varchar(50), password varchar(50));
insert into tbl_user values('','admin','21232f297a57a5a743894a0e4a801fc3');
After that, we need to create the login page as you see at the script below :
<html><head><title>Login Page ... </title></head>
<table border=1 align=center>
<form method=post action=check.php>
<tr><td>username</td><td><input type=text name=username></tr>
<tr><td>password</td><td><input type=password name=password></tr>
<tr><td></td><td><input type=submit name=submit value=Enter></tr>
Then…create the config.php page
$host = "localhost";
$username = "root";
$password = "";
$databasename = "userdb";
$connection = mysql_connect($host, $username, $password) or die("Connection Error");
mysql_select_db($databasename, $connection) or die("The database is Error");
After that we create the page check.php
include "config.php" ;
$username = $_POST['username'];
$password = $_POST['password'];
$passwordhash = md5($password); // password encryption to match with the database
$query = "select username, password from tbl_user where username = '$username' and password = '$passwordhash'";
$runquery = mysql_query($query);
$exist_or_not = mysql_num_rows($runquery);
if ($exist_or_not >= 1 )
$_SESSION['username'] = $username;
And then we create the point, it’s main.php
print "<br><a href=logout.php?logout=true>logout</a>";
if ($_REQUEST['logout'] == "true")
I think that’s enough for the source code. Now I'll explain a little about the above codes.
We passed the config.php, because I have discussed it previously, we went into the, check.php.
The use of session should begin by using this function.
Then there is written a sentence like this ...
$password = $ _POST ['password'];
$passwordhash = md5($password);
I took the global variable $ _POST [ 'password'] then paste into a new variable, it’s $password. Because in the database is in the form of MD5 encryption is necessary to match the existing in the database is to encrypt the password was a global variable.
Then the next argument is the SQL query
$ command = "select username, password from tbl_user where username = '$ username' and password = '$passwordhash'";
I think the query above is familiar to you. :D
And the scripts below it quite easy to understand :D.
That’s all. If there are still confused, please just feel free to ask.