php code for checking login from db

Question

by using the below script, i register users into my db

<!doctype html>
<html>
<head>
<meta charset="UTF-8">
<title>Regsitration Successful</title>
<link rel="stylesheet" type="text/css" href="styles.css">
</head>
<body>
<div class="container">
<header>
<div id="logo"><a href="index.html"><img src="smu-logo.png"></a></div>
    <ul class="nav_menu">
        <li><a href="index.html">Home</a></li>
        <li><a href="register.html">Register</a></li>
        <li><a href="updates.html">Notices And Updates</a></li>
        <li><a href="reachus.html">Reach Us</a></li>

    </ul>
    <div class="clear"></div>
</header>
<h3>Success!</h3>


<?php
$f_name = $_POST['f_name'];
$m_name = $_POST['m_name'];
$l_name = $_POST['l_name'];
$reg_num = $_POST['reg_num'];
//$dept = $_POST['dept'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
//$about = $_POST['about'];
//$etype = $_POST['etype'];

//connect code 
$conn = mysqli_connect("localhost","root","");
$db = mysqli_select_db($conn, "tnp");
$cmd = "insert into ug_login_details values   ('$reg_num','$password','$f_name','$m_name','$l_name')"; 
//for more columns add more after comma
//$cmd = "insert into ug_login_details values ('$reg_num','$password')";// adding user login credentials

if(mysqli_query($conn, $cmd))
{
   echo "Quick Registration Successful";
}
else
{
   echo "error";
}

echo "Dear, $l_name" ; //change this
?>



    <p>Kindly check for the next notice on our Notice and Updates page to confirm.</p>
    <p><a href="fullreg.html">Click here</a> to migrate to the complete registration form.</p>

</div>    
</body>
</html>

now, what code do i need to check users credentials when they login? how to compare values from the database? do i need to create a new page? i already have a login box on my homepage, index.html. i am a beginner, so please cope up. thanks

This is very insecure. Using `mysqli` doesn't magically secure your application. See http://stackoverflow.com/a/16282269/3000179 for a starting point. — ʰᵈˑ, Oct 19 '15 at 14:59
Please, refer to [Help Center-On-Topic](http://stackoverflow.com/help/on-topic) and [Help Center-How-To-Ask](http://stackoverflow.com/help/how-to-ask). — FirstOne, Oct 19 '15 at 15:00

score 0 · Accepted Answer · edited Oct 19 '15 at 15:58

0

You are completely right about creating a new page.

You can have an index page like:

<form action="index.php" method="POST">
    Username:<input type="text" name="username"/>
    Password:<input type="text" name="password"/>
    <input type="submit" value="Login"/>
</form>

And then in your PHP:

  if($_POST)
    {
        $Username=$_POST["username"];
        $Password=$_POST["password"];

        $conn = mysqli_connect("localhost","root","");
        $db = mysqli_select_db($conn, "tnp");
        $cmd= "select * from ug_login_details where password='$Password' and username='$Username'";
        $Result=mysqli_query($conn, $cmd);
        $num=mysqli_num_rows($Result);

        if($num>0)
        {
            echo "You have successfully logged in";
            exit();
        }
        else
        {
            echo "Invalid username or password";
            exit();
        }

    }

edited Oct 19 '15 at 15:58

FirstOne

6,033
7
26
45

answered Oct 19 '15 at 14:59

Ethic Or Logics

111
1
13

This is very insecure. Using `mysqli` doesn't magically secure your application. See http://stackoverflow.com/a/16282269/3000179 for a starting point. Also, you have a syntax error. – ʰᵈˑ Oct 19 '15 at 14:59
You missing the boat. He wants a login script not a security lesson. – Ethic Or Logics Oct 19 '15 at 15:01
the code is working fine @ʰᵈˑ, i just need the login script.. and yes, i do know thats its a lot insecure at the moment.. i want the basics to work now, will work on security later, thanks – Ayush Oct 19 '15 at 15:03
Pleasure Ayush.. Please just tick the question as correct. – Ethic Or Logics Oct 19 '15 at 15:04
1

@EthicOrLogics, since you edited over my edit, you could close the `"` at the end of `$cmd`. Also, the form has `input` that means nothing (maybe a missing button), OR, you could allow me to add the button and and the quotation mark and get some rep :D – FirstOne Oct 19 '15 at 15:20
@First One, My apologies. Please kindly re-edit, I will accept – Ethic Or Logics Oct 19 '15 at 15:21
@EthicOrLogics no problem, it probably happened at the same time. – FirstOne Oct 19 '15 at 15:26
@EthicOrLogics, thanks. not able to implement/ understand it though. i am at fault. will clear my basics first. appreciate the help, thanks. – Ayush Oct 19 '15 at 15:56

php code for checking login from db

1 Answers1