In this post I want to explain how to insert encrypted password while registration and accessing the same with login time. I had implement this at labs.9lessons.info login page. I'm just storing encrypted user password in database. Demo username ='test' and password = 'test'
Download Script Live Demo
New Tutorial: PHP Login System with PDO Connection.
Database
MySQL admin table columns id, username, passcode.
CREATE TABLE admin
(
id INT PRIMARY KEY AUTO_INCREMENT,
username VARCHAR(50) UNIQUE,
passcode VARCHAR(50)
);
(
id INT PRIMARY KEY AUTO_INCREMENT,
username VARCHAR(50) UNIQUE,
passcode VARCHAR(50)
);
Encrypted Password
Here database table admin password:test encrypted and storing like this
registration.php
Contains PHP and HTML code. Just inserting form values into database table admin
<?php
include("db.php");if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$username=mysqli_real_escape_string($db,$_POST['username']); $password=mysqli_real_escape_string($db,$_POST['password']);
$password=md5($password); // Encrypted Password
$sql="Insert into admin(username,passcode) values('$username','$password');";
$result=mysqli_query($db,$sql);
echo "Registration Successfully";
}
?>
<form action="registration.php" method="post">
<label>UserName :</label>
<input type="text" name="username"/><br />
<label>Password :</label>
<input type="password" name="password"/><br/>
<input type="submit" value=" Registration "/><br />
</form>
login.php
Login Script accessing the encrypted password. Complete tutorials PHP Login Page Example
<?php
include("db.php");session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$username=mysqli_real_escape_string($db,$_POST['username']); $password=mysqli_real_escape_string($db,$_POST['password']);
$password=md5($password); // Encrypted Password
$sql="SELECT id FROM admin WHERE username='$username' and passcode='$password'";
$result=mysqli_query($db,$sql);
$count=mysqli_num_rows($db,$result);
// If result matched $username and $password, table row must be 1 row
if($count==1)
{
header("location: welcome.php");
}
else
{
$error="Your Login Name or Password is invalid";
}
}
?>
<form action="login.php" method="post">
<label>UserName :</label>
<input type="text" name="username"/><br />
<label>Password :</label>
<input type="password" name="password"/><br/>
<input type="submit" value=" Login "/><br />
</form>
db.php
Database configuration file.
<?php
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'username');
define('DB_PASSWORD', 'password');
define('DB_DATABASE', 'database');
$db = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);
?>
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'username');
define('DB_PASSWORD', 'password');
define('DB_DATABASE', 'database');
$db = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);
?>
Why not set a session/cookie, store the id in the database, timestamp, etc.?
ReplyDeleteI would recomend to have a auth class with auth methods, so we can pass the auth method to the whole page.
K, Nice. I am going to do this in Java.
ReplyDeletenice script thanks a lot
ReplyDeletemd5 != Encryption ;)
ReplyDeletemuy basico para mi
ReplyDeleteubieras implementado con ajax y el post te ubiera quedado chulo :P
This is good back in 1990 but things have changed since then.
ReplyDeleteuse salt..
ReplyDeleteспасибо за подсказку! thanks !
ReplyDeleteThank you srinu nice tip,
ReplyDeleteI want to encrypted password to decrypt , is that possible in php, i want to use in forgot password page.
you don't check POST submitted data for vulnerabilities, that will create major security holes
ReplyDeleteThis is pretty good, but we should note two things:
ReplyDelete1. This isn't encryption, it's hashing.
2. It would be even better to salt the hash. For more information on salting database hashes, consult Google.
@anon, he is using mysql_real_escape_string to sanitize for mysql and is NOT echoing the POST values back to the form, there isn't a strict need to htmlentities or strip tags if you are not echoing the data back to your page.
ReplyDeleteStill point taken, I sanitize all get and post data out of habit/paranoia.
As others have said using MD5 alone is not encryption, it's simply hashing. This method is very insecure if your database were to become vulnerable.
ReplyDeleteSalt!
ReplyDeleteI was also mislead by the word "encryption."
Good simple script though.
Thank you. This is really nice for a PHP learner like me. The critics should realize that anyone can enhance or extend your script based on their levels of expertise.
ReplyDeleteKeep the scripts coming!
If you can read Spanish, you will find a good post about PHP´s login system on this Blog:
ReplyDeletehttp://www.juangiordana.com.ar/blog/2006/11/28/php-login-script/
Regards
I think you need also to secure the communication line between user browser and your server using HTTPS so when user click login button data transfered in encrypted format.
ReplyDeleteDo NOT use simple md5!
ReplyDeleteCheck out my password hashing class with salt and random iterations:
http://juliusbeckmann.de/blog/php-easy-and-secure-password-hashing-class.html
This is a good example for a First Step in a Tutorial but for a secure and encrypted php login there are more things needed.
ReplyDeletee.g.: http://xkcd.com/327/
Lol, why use 50 bytes for password hash
ReplyDelete---
passcode VARCHAR(50)
---
when md5 always produces hash of the fixed 32-char width? Also, hashing without salt is one of the worst examples you can provide for beginners.
*Not recommended until rewrite and update.*
Using the crypt function in PHP to encrypt passwords and other data and keep them safe.
ReplyDeletethanx nice script i use my web site login but char(50) why md5 = 32 char ?????
ReplyDeletethats easy but there is no session cookie/remember me feature
ReplyDeletenext update you consider it
Hey,
ReplyDeleteGreat script and works perfectly. Thanks so very very much! I searched and searched and tried others and none worked but this one!!!
hey how to do with session?? and needed to destroy
ReplyDelete@josea
ReplyDeletehttp://www.9lessons.info/2009/09/php-login-page-example.html
nice
ReplyDeletehi srinivas really very good link
ReplyDeletethanks lot
Hi, Srinivas the registration is ok. but the login not go to my page welcome. please tell me how do it. I look it but tell me more please http://www.9lessons.info/2009/09/php-login-page-example.html
ReplyDeleteyes i have the same problem since two days ... i found many of pages having the same method ... but it is not working .. the login page cant be accessed by index page
DeleteChange this in registry file
ReplyDelete$password=md5($password); // Encrypted Password
to
$salt1 = "18gI%f5A";
$salt2 = "@Y4p91bN";
$password = md5($salt1.$password.$salt2);
This don't work. I've tried evrything. When i've put the codes fom Welcome.php into my index.php it gives me this error; Parse error: syntax error, unexpected T_STRING, expecting '(' in /home/srkiller/public_html/s/index.php on line 5
ReplyDelete+ Where do i change password+username, because when i enter somthing on login.php it come this;
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/srkiller/public_html/s/login.php on line 16
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/srkiller/public_html/s/login.php on line 19
hey back button brings it back to login page how to fix that
ReplyDeletemd5 is not better... PHP encourage to use Crypt.. one way password encryption.
ReplyDeletegood
ReplyDeleteSimple Login , Thank YOu Man.
ReplyDeletegr8 man
ReplyDeleteyour 'msql' queries are no longer supported in PHP. You should now be using 'mysqli'.
ReplyDeletethank you sir i have very very need this
ReplyDeleteanother thanks for you
This is indeed a fantastic resource. Thank you for making this publicly available.
ReplyDeleteThank you so much..
ReplyDeleteit was realy useful ^_^
Notice: Undefined index: active in E:\xampp\htdocs\results\parent\student-login1.php on line 120
ReplyDeleteFatal error: Call to undefined function session_register() in E:\xampp\htdocs\results\parent\student-login1.php on line 125
I got these two error wat i have to do
session_register() is not defined there in your script...
ReplyDeleteThank you very much for you can share your post,the article content written very well,extremely is worth my study.
ReplyDeletenice
ReplyDeleteis good, bat if you register 2 times with the same user the password change
ReplyDeletei tried this but whenever i click on the submit button, it will redirect to the process page showing nothing but white blank view, what is the probem? Btw,i'm using phpmyadmin for my database
ReplyDeleteany one slove my error
ReplyDeleteFatal error: Call to undefined function mysql_select_login1() in C:\wamp\www\hari\config.php on line 8
Nice script, well eine ☺
ReplyDeleteNice code...my Problem is Solve
ReplyDeletevery helpful and easy code.
ReplyDeleteHey is this a best secure way to login with php or if there is more better way bcz i was developing for tue startup which concerns more about the security. will this be enough for that ..?
ReplyDeleteHi Hitesh,
DeleteTry to use PDO connection, mysql functions has been depreciated . Use the following line.
https://www.9lessons.info/2016/04/php-login-system-with-pdo-connection.html