Skip to main content

User Validation/Authentication in PHP

If a user visits a website, where he is asked for validating his username and password and will be validated with the MySQL Database. the following scripts demonstrate this.
Step 1: create a database called dummy by executing “create database dummy” in mysql command window or shell window
Step 2: Create a table called usertable with two fields ‘user’ and ‘pass’ and populate with some values.
create table usertable (user varchar(20), pass varchar(30));
insert into usertable values (’pradeep’,'pradeep’);

Step 3: write the following html script and name it as user.html
<form method=post action=user.php>
Enter the Username: <input type=text name=username> <BR>
Enter the password: <input type=password name=password> <BR>
<input type=submit>
</form>
Step 4: Write the following PHP script and name it as user.php
<?php
$user=$_POST['username']; //get the username from the previous page (html page)
$pass=$_POST['password']; //get the password from the previous page
$conn=mysql_connect(”localhost”,”root”,”abc123”) or die(”Connection Failed”. mysql_error());
mysql_select_db(”dummy”,$conn) or die(mysql_error());
$query=”Select * from usertable where user=’$user’ and pass=md5(’$pass’)”;
$result=mysql_query($query) or die(mysql_error());
$num = mysql_num_rows($result);//returns atleast 1 row if the username password combination is valid
echo $num;//display the number of rows returned
if($num != 0)
{
echo “Welcome Mr.$user, you are authenticated”;
}
else
{
echo “Username/password combination Failed”;
}
mysql_close($conn);
?>
The above script checks for the username and password combination, if the combination is success, then atleast one row will be returned, else the returned rows will be 0.

Comments

  1. There are few security breaches in your example.

    First, you store plaintext passwords in database. This way they are visible to everyone who has database access. It is strongly advised that you store password hashes instead.

    Second, you should escape all user input strings before you include them in SQL queries. Without this, you are open to SQL injection attacks.

    Combine these two and you have really poor security on your web site.

    You can read more about these problems in the following article:
    http://bit.ly/BS2fO

    BTW, change the password in your mysql_connect function, this one is not politically correct. :-)

    ReplyDelete

Post a Comment

Popular posts from this blog

Installing ns-3.34 in Ubuntu 20.04

This post shows how to install ns 3.34 in Ubuntu 20.04 LTS Prerequisites: Fresh installation of Ubuntu Version 20.04 LTS  ns3.34 can be downloaded from here Follow the video link for complete step by step instructions on the installation.  This version fixes the compilation issues of vanet-routing-compare.cc (bug in ns3.33)  Issue the following commands after opening a terminal  $ sudo apt update $ sudo apt install g++ python3 python3-dev python-dev pkg-config sqlite3 python3-setuptools git qt5-default gir1.2-goocanvas-2.0 python3-gi python3-gi-cairo python3-pygraphviz gir1.2-gtk-3.0 ipython3 openmpi-bin openmpi-common openmpi-doc libopenmpi-dev autoconf cvs bzr unrar openmpi-bin openmpi-common openmpi-doc libopenmpi-dev tcpdump wireshark libxml2 libxml2-dev Unzip or untar the ns-allinone-3.34.tar.bz2 in the home folder (in my case its /home/pradeepkumar) $ cd ns-allinone-3.34/ $ ./build.py --enable-examples --enable-tests  Once the installation is completed, you may get an output show

Installation of ns3 in Windows 10 and Windows 11 OS using WSL (Windows Subsystem for Linux)

This post shows how to install ns-3.33 in Windows 10 through WSL (Windows Subsystem for Linux) This posts works for Windows 11 also (I have tested it on a Windows 11 ISO and it works the Same way as mentioned in the following post.) This post will work for ns-3.3x version. Prerequisites : Install Windows Subsystem for Linux with GUI: Please refer the following video  System Information: OS used: Windows 10 and WSL (Ubuntu 20.04) GUI: XServer for Windows NS3 Version: ns-3.33 See the following complete video on how to install ns3 in Windows 10 Step 0 : Open XLaunch Step 1 :  Open WSL using PowerShell and open it as Administrator Command:/  wsl $ xfce4-session The GUI of Ubuntu Opens within Windows 10 OS. Step 2 : Download ns3 from nsnam.org website through Mozilla Firefox browser Step 3: Open a Terminal  $ sudo apt update $ sudo apt install build-essential autoconf automake libxmu-dev python3-pygraphviz cvs mercurial bzr git cmake p7zip-full python3-matplotlib python-tk python3-dev qt5-q

Installing NS-3.32 in Ubuntu 20.04

This is about installing ns version 3.32 in Ubuntu 20.04 LTS. #ns3 #ns3 .32 #networksimulation The commands used in the video are given here. $] sudo apt update $] sudo apt install build-essential autoconf automake libxmu-dev python3-pygraphviz cvs mercurial bzr git cmake p7zip-full python3-matplotlib python-tk python3-dev qt5-qmake qt5-default gnuplot-x11 wireshark Download the ns-allinone-3.32.tar.bz2 package from nsnam.org and copy it to /home/ folder See the full video for detailed instructions Extract it either in GUI or using command $] tar jxvf ns-allinone-3.32.tar.bz2 $] cd ns-allinone-3.32/ $] ./build.py --enable-examples --enable-tests The above command will take some time to install all the packages  You can see the output as shown below ns3 To check whether ns3 installed successfully, use the following commands. $] cd ns-3.32/ $] ./waf --run hello-simulator You should get the output as Hello Simulator $] ./waf --run first This is the example from the ns-3.32/exa