Database: whatever (Mysql Database)
Table: user
username: abcde (Mysql username)
password: aa123 (Mysql Password)
<form action="loginprocess.php" method="post">
<table width="302" height="175" border="1">
<tr>
<td>Username</td>
<td><label>
<input type="text" name="username">
</label></td>
</tr>
<tr>
<td>Password</td>
<td><label>
<input type="password" name="password">
</label></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="Login"></td>
</tr>
</table>
</form>
Proses login:
loginprocess.php
<?php
session_start();
mysql_connect('localhost','abcde','aa123') or die('could not connect to server');// sambungan ke server/ connect to server
mysql_select_db('whatever') or die ('could not connect to database');// sambungan ke database/ connect to database
if($_POST['submit']){ // sekiranya butang login diklik/ if submit button been clicked
$result=mysql_query("SELECT * FROM user WHERE username='$_POST[username]' and password='$_POST[password]'");// query data daripada database/ query username and password from table user
switch($result){ //menggunakan fungsi switch()/ using function switch
case mysql_num_rows($result)==1: //sekiranya username dan password wujud pada satu row/ if username and password exist in one row
$success=mysql_fetch_array($result);
$user=$success['username'];
$_SESSION['user']=$user;
header('location:profile.php');
break;
case mysql_num_rows($result)==0: //sekiranya username dan password salah atau tidak wujud pada satu row/ if username and
password entered is invalid, then will be directed to invalid.php
header('location:invalid.php');
break;
}
}
?>
Atau/ Or:
<?php
session_start();
mysql_connect('localhost','abcde','aa123') or die('could not connect to server');// sambungan ke server/ connect to server
mysql_select_db('whatever') or die ('could not connect to database');// sambungan ke database/ connect to database
if($_POST['submit']){ // sekiranya butang login diklik/ if submit button been clicked
$result=mysql_query("SELECT * FROM user WHERE username='$_POST[username]' and password='$_POST[password]'");// query data daripada database/ query username and password from table user
if(mysql_num_rows($result))==1){//using function if()
$success=mysql_fetch_array($result);
$user=$success['username'];
$_SESSION['user']=$user; //the session used for next pages. Username used as session here
header('location:profile.php');
}
else
header('location:invalid.php');
}
?>
Note:
on my script above, i used direct select from the database: SELECT * FROM user WHERE username='$_POST[username]' and password='$_POST[password]'".
For the security reasons, better put mysql_real_escape_string($_POST['username']; and mysql_real_escape_string($_POST['password']; to prevent sql injection.
for example:
$username= mysql_real_escape_string($_POST['username'];
$password= mysql_real_escape_string($_POST['password'];
SELECT * FROM user WHERE username='$username' and password='$password'".
on my script above, i used direct select from the database: SELECT * FROM user WHERE username='$_POST[username]' and password='$_POST[password]'".
For the security reasons, better put mysql_real_escape_string($_POST['username']; and mysql_real_escape_string($_POST['password']; to prevent sql injection.
for example:
$username= mysql_real_escape_string($_POST['username'];
$password= mysql_real_escape_string($_POST['password'];
SELECT * FROM user WHERE username='$username' and password='$password'".
No comments:
Post a Comment