php & mysql inlog systeem
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong><font color='black'>Organisatie Login </font></strong></td>
</tr>
<tr>
<td width="78"><font color='black'>Gebruikersnaam</font></td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td><font color='black'>Wachtwoord</font></td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong><font color='black'>Organisatie Login </font></strong></td>
</tr>
<tr>
<td width="78"><font color='black'>Gebruikersnaam</font></td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td><font color='black'>Wachtwoord</font></td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
Checklogin.php
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
<?php
$host="localhost"; // Host name
$username="iets"; // Mysql username
$password="iets"; // Mysql password
$db_name="iets"; // Database name
$tbl_name="iets"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "<font color='black'>U heeft een verkeerde gebruikersnaam en wachtwoord combinatie ingevuld. Binnen enkele seconden wordt u doorverwezen.</font>";
}
?>
$host="localhost"; // Host name
$username="iets"; // Mysql username
$password="iets"; // Mysql password
$db_name="iets"; // Database name
$tbl_name="iets"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "<font color='black'>U heeft een verkeerde gebruikersnaam en wachtwoord combinatie ingevuld. Binnen enkele seconden wordt u doorverwezen.</font>";
}
?>
Loginsuccess.php
Code (php)
1
2
3
4
5
6
2
3
4
5
6
<?php
session_start();
if(!session_is_registered('myusername')){
header("location:http://urlnaarlogin.nl");
}
?>
session_start();
if(!session_is_registered('myusername')){
header("location:http://urlnaarlogin.nl");
}
?>
Gewijzigd op 03/03/2013 16:15:01 door Rik Oudega
Ik ga niet alle code zitten debuggen maar om je op weg te helpen:
Code (php)
1
2
3
4
5
6
2
3
4
5
6
<?php
session_register("myusername");
session_register("mypassword");
// word
$_SESSION['logged_in'] = true;
?>
session_register("myusername");
session_register("mypassword");
// word
$_SESSION['logged_in'] = true;
?>
Loginsuccess.php
Code (php)
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
<?php
session_start();
if(!isset($_SESSION['logged_in']) OR $_SESSION['logged_in'] != true )
{
header('Location: urlnaarlogin.nl');
exit();
}
?>
session_start();
if(!isset($_SESSION['logged_in']) OR $_SESSION['logged_in'] != true )
{
header('Location: urlnaarlogin.nl');
exit();
}
?>
Gewijzigd op 03/03/2013 15:38:15 door Bart V B
Gewijzigd op 03/03/2013 16:14:05 door Ozzie PHP
Ozzie PHP op 03/03/2013 16:13:35:
Rik, ik zou even z.s.m. de wachtwoorden van je database weghalen uit je code.
hmm, slimme
Als je gewoon wil weten wat je beter kan doen, is hier een lijstje:
- Variablen buiten quotes halen;
- overstappen van MySQL naar MySQLi, of nog beter PDO.
- Niet onnodig variablen kopieëren.
- session_register en session_is_registered uit je script slopen en vervangen door de manier die Bart hierboven beschrijft.
- geen tables en forms door elkaar heen.