Child

PHP userid and password validation and checking


Here we will discuss about the checking of login id and password against the data in the signup table. This part of the code is given in the loginck.php file given inside the zip file which you can download at the end of this tutorial. You can go to part 1 of this script which displays the login form for the members to enter userid and password. 

Here we have used the same plus_signup table we used in our php signup script tutorial so you can use all the files to develop a signup and login application. 

We will use one line of SQL query to get the reply. We will be using select query to get the data from the table
"SELECT * FROM plus_signup WHERE userid='$userid' AND password = '$password'"
plus_signup is the table name, userid and password are the field names. This SQL statement will return us one record if member userid and password is there in our table. So we can use one if condition to process the script if the usrid and password is correct and is there in the table. 
We are using userid and password variables in our sql statement and using that to get data from our member table, it is not safe to directly use them inside query. We will sanitize the data before using them. We will use mysql_real_escape_string() function to remove special characters for the entered value to prevent database injection attack.
$userid=mysql_real_escape_string($userid);
$password=mysql_real_escape_string($password);
Now let us check the database with our query.
if($rec=mysql_fetch_array(mysql_query("SELECT * FROM plus_signup WHERE userid='$userid' AND password = '$password'"))){
If the above PHP if condition returns true then we can allow the member to login, and if the condition fail then we can show a wrong login message and ask the user to login again. 

Here is the code to do all this for us.
if($rec=mysql_fetch_array(mysql_query("SELECT * FROM plus_signup WHERE userid='$userid' AND password = '$password'"))){
if(($rec['userid']==$userid)&&($rec['password']==$password)){
include "include/newsession.php";
echo "<p class=data> <center>Successfully,Logged in<br>
<br><a href='logout.php'> Log OUT </a><br>
<br><a href=welcome.php>Click here if your browser is not redirecting automatically or you don't want to wait.</a><br></center>";
print "<script>";
print " self.location='welcome.php';"; // Comment this line if you don't want to redirect
print "</script>";


}
else {

session_unset();
echo "<font face='Verdana' size='2' color=red>Wrong Login. Use your correct Userid and Password and Try <br><center>
<input type='button' value='Retry' onClick='history.go(-1)'></center>";

}

In the above code if the validation is correct then we are calling ( include ) another file like this

include "include/newsession.php";

This file ( newsession.php inside include directory ) creates new session to store the userid for other pages to use. The code of the newsesion.php is written below

$session['id']=session_id();
$session['userid']=$userid;

This will create the session variable for us. 

For higer version of PHP like PHP 5 and above we have to use the code below to create the sessions.
$_SESSION['id']=session_id();
$_SESSION['userid']=$userid;
The else condition if userid or password is not correct will display the message and ask the member to try again. 
That's all for our member login script. 
Using the session variable we can show other pages or redirect the members to different pages.