HiveBrain v1.2.0
Get Started
← Back to all entries
patternphpMinor

First PHP login system

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
phpsystemfirstlogin

Problem

This is my first attempt at a login system! I've only had roughly 2 days of experience with MySQL and PHP so far and this is what I came up with:

";
            echo "Failed to connect to MySQL: " . mysqli_connect_error();
            echo "";
        }

    // Pretty much kicks out a user once they revisit this page and is logged in
    if( $_SESSION["name"] )
    {
        echo "You are already logged in, ".$_SESSION['name']."!  I'm Loggin you out M.R ..";
        unset( $_SESSION );
        session_destroy();
        exit("");
    }

    $loggedIn = false;
    $userName = $_POST["name"] or "";
    $userPass = $_POST["pass"] or "";

    if ($userName && $userPass )
    {
        // User Entered fields
        $query = "SELECT name FROM Clients WHERE name = '$userName' AND password = '$userPass'";// AND password = $userPass";

        $result = mysqli_query( $con, $query);
        $row = mysqli_fetch_array($result);

        if(!$row){
            echo "";
            echo "No existing user or wrong password.";
            echo "";
        }
        else
            $loggedIn = true;
    }

    if ( !$loggedIn )
    {
        echo "
            
                Name: 
                Password: 
                
            
        ";
    }
    else{
        echo "";
        echo "You have been logged in as $userName!";
        echo "";
        $_SESSION["name"] = $userName;
    }

?>

Solution

At a quick look:

-
Your code is vulnerable to SQL Injection: assume the user wants to hurt you, so always parse superglobals $_GET and $_POST

https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php

-
To check if variable have values:

// good practice
if (isset($userName, $userPass))
// bad practice
if ($userName && $userPass )


-
More important:


Don't reinvent the wheel unless you plan on learning more about wheels.

A simple search on google for PHP login system will give you a limitless number of examples from where you can learn how to build a proper system:

http://www.phpeasystep.com/workshopview.php?id=6

Code Snippets

// good practice
if (isset($userName, $userPass))
// bad practice
if ($userName && $userPass )

Context

StackExchange Code Review Q#48958, answer score: 8

Revisions (0)

No revisions yet.