patternphpMinor
First PHP login system
Viewed 0 times
phpsystemfirstlogin
Problem
This is my first attempt at a login system! I've only had roughly 2 days of experience with MySQL and PHP so far and this is what I came up with:
";
echo "Failed to connect to MySQL: " . mysqli_connect_error();
echo "";
}
// Pretty much kicks out a user once they revisit this page and is logged in
if( $_SESSION["name"] )
{
echo "You are already logged in, ".$_SESSION['name']."! I'm Loggin you out M.R ..";
unset( $_SESSION );
session_destroy();
exit("");
}
$loggedIn = false;
$userName = $_POST["name"] or "";
$userPass = $_POST["pass"] or "";
if ($userName && $userPass )
{
// User Entered fields
$query = "SELECT name FROM Clients WHERE name = '$userName' AND password = '$userPass'";// AND password = $userPass";
$result = mysqli_query( $con, $query);
$row = mysqli_fetch_array($result);
if(!$row){
echo "";
echo "No existing user or wrong password.";
echo "";
}
else
$loggedIn = true;
}
if ( !$loggedIn )
{
echo "
Name:
Password:
";
}
else{
echo "";
echo "You have been logged in as $userName!";
echo "";
$_SESSION["name"] = $userName;
}
?>Solution
At a quick look:
-
Your code is vulnerable to SQL Injection: assume the user wants to hurt you, so always parse superglobals
https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
-
To check if variable have values:
-
More important:
Don't reinvent the wheel unless you plan on learning more about wheels.
A simple search on google for
http://www.phpeasystep.com/workshopview.php?id=6
-
Your code is vulnerable to SQL Injection: assume the user wants to hurt you, so always parse superglobals
$_GET and $_POSThttps://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
-
To check if variable have values:
// good practice
if (isset($userName, $userPass))
// bad practice
if ($userName && $userPass )-
More important:
Don't reinvent the wheel unless you plan on learning more about wheels.
A simple search on google for
PHP login system will give you a limitless number of examples from where you can learn how to build a proper system: http://www.phpeasystep.com/workshopview.php?id=6
Code Snippets
// good practice
if (isset($userName, $userPass))
// bad practice
if ($userName && $userPass )Context
StackExchange Code Review Q#48958, answer score: 8
Revisions (0)
No revisions yet.