Creating Secure Login in PHP

Design Gala — Sat, 15 Apr 2006 21:57:24 +0000

This articles demonstrate and explains how to create a secure PHP login script that will allow safe authentication. Here, cookies are not used because of preventive measure against cross-side scripting. The back-end used is MySQL. So, you should have knowledge of MySQL and database as well.

Database Schema

For example lets make a table called login for this tutorial purpose only. For commercial purpose, please do add relevant attributes in the table. Use SQL below to create a table of login.

CREATE TABLE login (
user_name varchar(20) NOT NULL default '',
user_pass char(32) binary NOT NULL default '',
PRIMARY KEY (username)
);

Creating a HTML Form

<form method="post" action="login.php" name="login">
<input name="user_name" size="18" type="text" />
<input name="user_pass" size="18" type="text" />
<input name="submit" value="Login" type="submit" />
</form>

Handling Form

if(count($_POST) &gt; 0) {
 $user_name = htmlspecialchars($_POST["user_name"]);
 $user_pass = htmlspecialchars($_POST["user_pass"]);
 
 $sql = "SELECT user_name,user_pass FROM login
           WHERE user_name=\"$user_name\"
            AND    user_pass=\"$user_pass\"";
 
 $rs = mysql_query($sql);               //execute the query
 if(mysql_num_rows($rs)	==	1)  {
 	// username and passwords exists in database
       //other codes
 }
 else {
 	//invalid username of password
 	//redirect to login page
 
 	header("Location: login.php");
 }
 
}

Above is fairly a simple login page. We can add many other functionalities.

Design Gala » login script

Creating Secure Login in PHP

Database Schema

Creating a HTML Form

Handling Form