PHP Login Script with Encryption.
Wall Script
Follow Me:
Friday, February 05, 2010

PHP Login Script with Encryption.

In this post I want to explain how to insert encrypted password while registration and accessing the same with login time. I had implement this at labs.9lessons.info login page. I'm just storing encrypted user password in database. Demo username ='test' and password = 'test'

PHP Login Script with Encryption.

Download Script     Live Demo

New Tutorial: PHP Login System with PDO Connection.

Database
MySQL admin table columns id, username, passcode.
CREATE TABLE admin
(
id INT PRIMARY KEY AUTO_INCREMENT,
username VARCHAR(50) UNIQUE,
passcode VARCHAR(50)
);



Encrypted Password
Here database table admin password:test encrypted and storing like this

registration.php
Contains PHP and HTML code. Just inserting form values into database table admin
<?php
include("db.php");
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$username=mysqli_real_escape_string($db,$_POST['username']);
$password=mysqli_real_escape_string($db,$_POST['password']);
$password=md5($password); // Encrypted Password
$sql="Insert into admin(username,passcode) values('$username','$password');";
$result=mysqli_query($db,$sql);
echo "Registration Successfully";
}
?>
<form action="registration.php" method="post">
<label>UserName :</label>
<input type="text" name="username"/><br />


<label>Password :</label>
<input type="password" name="password"/><br/>
<input type="submit" value=" Registration "/><br />
</form>

login.php
Login Script accessing the encrypted password. Complete tutorials PHP Login Page Example
<?php
include("db.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$username=mysqli_real_escape_string($db,$_POST['username']);
$password=mysqli_real_escape_string($db,$_POST['password']);
$password=md5($password); // Encrypted Password
$sql="SELECT id FROM admin WHERE username='$username' and passcode='$password'";
$result=mysqli_query($db,$sql);
$count=mysqli_num_rows($db,$result);

// If result matched $username and $password, table row must be 1 row
if($count==1)
{
header("location: welcome.php");
}
else
{
$error="Your Login Name or Password is invalid";
}
}
?>
<form action="login.php" method="post">
<label>UserName :</label>
<input type="text" name="username"/><br />
<label>Password :</label>
<input type="password" name="password"/><br/>
<input type="submit" value=" Login "/><br />
</form>

db.php
Database configuration file.
<?php
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'username');
define('DB_PASSWORD', 'password');
define('DB_DATABASE', 'database');
$db = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);
?>
Was this article helpful?
Thanks! Your feedback helps us to improve 9lessons.info


50 comments:

  1. Why not set a session/cookie, store the id in the database, timestamp, etc.?

    I would recomend to have a auth class with auth methods, so we can pass the auth method to the whole page.

    ReplyDelete
  2. K, Nice. I am going to do this in Java.

    ReplyDelete
  3. md5 != Encryption ;)

    ReplyDelete
  4. muy basico para mi
    ubieras implementado con ajax y el post te ubiera quedado chulo :P

    ReplyDelete
  5. This is good back in 1990 but things have changed since then.

    ReplyDelete
  6. спасибо за подсказку! thanks !

    ReplyDelete
  7. Thank you srinu nice tip,
    I want to encrypted password to decrypt , is that possible in php, i want to use in forgot password page.

    ReplyDelete
  8. you don't check POST submitted data for vulnerabilities, that will create major security holes

    ReplyDelete
  9. This is pretty good, but we should note two things:
    1. This isn't encryption, it's hashing.
    2. It would be even better to salt the hash. For more information on salting database hashes, consult Google.

    ReplyDelete
  10. @anon, he is using mysql_real_escape_string to sanitize for mysql and is NOT echoing the POST values back to the form, there isn't a strict need to htmlentities or strip tags if you are not echoing the data back to your page.

    Still point taken, I sanitize all get and post data out of habit/paranoia.

    ReplyDelete
  11. As others have said using MD5 alone is not encryption, it's simply hashing. This method is very insecure if your database were to become vulnerable.

    ReplyDelete
  12. Salt!

    I was also mislead by the word "encryption."
    Good simple script though.

    ReplyDelete
  13. Thank you. This is really nice for a PHP learner like me. The critics should realize that anyone can enhance or extend your script based on their levels of expertise.

    Keep the scripts coming!

    ReplyDelete
  14. If you can read Spanish, you will find a good post about PHP´s login system on this Blog:
    http://www.juangiordana.com.ar/blog/2006/11/28/php-login-script/

    Regards

    ReplyDelete
  15. I think you need also to secure the communication line between user browser and your server using HTTPS so when user click login button data transfered in encrypted format.

    ReplyDelete
  16. Do NOT use simple md5!
    Check out my password hashing class with salt and random iterations:
    http://juliusbeckmann.de/blog/php-easy-and-secure-password-hashing-class.html

    ReplyDelete
  17. This is a good example for a First Step in a Tutorial but for a secure and encrypted php login there are more things needed.

    e.g.: http://xkcd.com/327/

    ReplyDelete
  18. Lol, why use 50 bytes for password hash
    ---
    passcode VARCHAR(50)
    ---
    when md5 always produces hash of the fixed 32-char width? Also, hashing without salt is one of the worst examples you can provide for beginners.

    *Not recommended until rewrite and update.*

    ReplyDelete
  19. Using the crypt function in PHP to encrypt passwords and other data and keep them safe.

    ReplyDelete
  20. thanx nice script i use my web site login but char(50) why md5 = 32 char ?????

    ReplyDelete
  21. thats easy but there is no session cookie/remember me feature

    next update you consider it

    ReplyDelete
  22. Hey,

    Great script and works perfectly. Thanks so very very much! I searched and searched and tried others and none worked but this one!!!

    ReplyDelete
  23. hey how to do with session?? and needed to destroy

    ReplyDelete
  24. @josea

    http://www.9lessons.info/2009/09/php-login-page-example.html

    ReplyDelete
  25. hi srinivas really very good link
    thanks lot

    ReplyDelete
  26. Hi, Srinivas the registration is ok. but the login not go to my page welcome. please tell me how do it. I look it but tell me more please http://www.9lessons.info/2009/09/php-login-page-example.html

    ReplyDelete
  27. Change this in registry file

    $password=md5($password); // Encrypted Password

    to

    $salt1 = "18gI%f5A";
    $salt2 = "@Y4p91bN";
    $password = md5($salt1.$password.$salt2);

    ReplyDelete
  28. This don't work. I've tried evrything. When i've put the codes fom Welcome.php into my index.php it gives me this error; Parse error: syntax error, unexpected T_STRING, expecting '(' in /home/srkiller/public_html/s/index.php on line 5

    + Where do i change password+username, because when i enter somthing on login.php it come this;


    Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/srkiller/public_html/s/login.php on line 16

    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/srkiller/public_html/s/login.php on line 19

    ReplyDelete
  29. hey back button brings it back to login page how to fix that

    ReplyDelete
  30. md5 is not better... PHP encourage to use Crypt.. one way password encryption.

    ReplyDelete
  31. Simple Login , Thank YOu Man.

    ReplyDelete
  32. your 'msql' queries are no longer supported in PHP. You should now be using 'mysqli'.

    ReplyDelete
  33. thank you sir i have very very need this

    another thanks for you

    ReplyDelete
  34. This is indeed a fantastic resource. Thank you for making this publicly available.

    ReplyDelete
  35. Thank you so much..
    it was realy useful ^_^

    ReplyDelete
  36. Notice: Undefined index: active in E:\xampp\htdocs\results\parent\student-login1.php on line 120

    Fatal error: Call to undefined function session_register() in E:\xampp\htdocs\results\parent\student-login1.php on line 125

    I got these two error wat i have to do

    ReplyDelete
  37. session_register() is not defined there in your script...

    ReplyDelete
  38. Thank you very much for you can share your post,the article content written very well,extremely is worth my study.

    ReplyDelete
  39. is good, bat if you register 2 times with the same user the password change

    ReplyDelete
  40. i tried this but whenever i click on the submit button, it will redirect to the process page showing nothing but white blank view, what is the probem? Btw,i'm using phpmyadmin for my database

    ReplyDelete
  41. any one slove my error

    Fatal error: Call to undefined function mysql_select_login1() in C:\wamp\www\hari\config.php on line 8

    ReplyDelete
  42. Nice script, well eine ☺

    ReplyDelete

Make in India