Secure Login page using PHP

In my last post I explained how to code a registration page in PHP. Now if you have created your registration.php page successfully then its time to move ahead and learn how to create login page in PHP.  Using the same old database ‘SCHOOL’ and table ‘CLASS’ we will code a login.php script. Remember Internet is full of injectors and attackers so you need to make sure that only authentic people can login into your system. I have written this login script which will  prevent your website from SQL injection and XSS attacks. Always consider some serious security risks while developing your project.

Function of login.php script:

This login script will take username and password entered by user through login.html page.Then it will match that username and password combination in database and when it finds that combination exists in table it will allow user to login else it will show appropriate error message.

SQL query for ‘CLASS’ table:

  CREATE TABLE IF NOT EXISTS `class` (
 `id` int(2) NOT NULL AUTO_INCREMENT,
 `name` varchar(20) NOT NULL,
 `password` varchar(50) NOT NULL,
 PRIMARY KEY (`id`)
 ) 

Code for login.html:

 <html>
<head><title> Login Page</title>
<body>
<form action="login.php" method="post">
Name:
<input type="text" name="fname" />
Password:
</br>
<input type="password" name="passwd" />
<input type="submit" value=" Submit "/>
</form>
</body>
</head>
</html> 

Now here goes the code for login.php script:

<?php

$connection = mysql_connect("localhost","root","12345") or
die("Opps some thing went wrong");
$db_select=mysql_select_db("school",$connection) or
die("Opps some thing went wrong");


$name = strip_tags(substr($_POST['fname'],0, 100));
$safename = mysql_escape_string($name);
$password = strip_tags(substr($_POST['passwd'],0,100));
$safepassword = mysql_escape_string($password);
$passwordenc = md5($safepassword);

/* Using strip_tags() and substr() to cut off intruders input, you can
not trust users input blindly. mysql_escape_string() is used
 to prevent sql injection */

$sql="SELECT id FROM class WHERE name='$safename' and
password='$passwordenc'";
$result=mysql_query($sql);

echo $result;
$count=mysql_num_rows($result);

// If result matched $name and $password, table row must be 1 row
if($count==1)
{
header("location: admin.html");
}
else
{
//echo $error="Your Login Name or Password is invalid";
}

?> 

If you have any query or any doubt then please feel free to ask.

7 thoughts on “Secure Login page using PHP”

  1. Wonderful blog you have here but I was curious if you knew of any forums that cover the same topics discussed in this article? I’d really love to be a part of group where I can get advice from other experienced individuals that share the same interest. If you have any suggestions, please let me know. Bless you!

  2. Hi getting this error ( ! ) Parse error: syntax error, unexpected ‘<' in C:\wamp\www\login\login.php on line 29

    It refers to this code:

    header(“location: admin.html”);

    Any help would be great

    Thanks

  3. sir, it giving error on method mysql_num_rows()
    i am using wampserver 2.2.(phpversion5.3.5.)(apache2.2.17)(mysql5.5.8)

Comments are closed.