Code-Bin #465 - Login Form

PHP Code

<?php

// Sanitization
function safeData($data) {
	$returnData = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars(trim($data)))));
	return $returnData;
}

// Only begin logging the user in if the form has been submitted,
// and if the 'login' variable is set to 'yes'.
if (isset($_POST['submit']) && $_GET['login'] == "yes")) {

mysql_connect('p80mysql90.secureserver.net','AmieAmie88','SexyAmieTits88');      mysql_select_db('amiedata');

// Sanitize these variables and make sure they are safe.
// Sometimes malicious users try to inject bad things into your site.
$user = safeData($_POST['user']);
$pass = safeData($_POST['pass']);

# Authenticate the user

// Check if there is a user in the database that matches the entered data.
$check1 = mysql_query("SELECT * FROM login WHERE user = '$user' AND pass='$pass'");

// If no user matches the entered data, then display an error.
if (mysql_num_rows($check1) != 1) {
	mysql_close();
	die("Invalid Login");

}
// Otherwise, log him/her in.
else {

echo "Login Success!";

// Set the session
session_start();
$_SESSION['user'] = $user;
	}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Log In</title>
</head>

<body>
<form action="index.php?login=yes" method="post">
Username: <input type="text" name="user" /><br />
Password: <input type="text" name="pass" /><br />
<input type="submit" name="submit" value="Log In" /><p>
</form>

</body>
</html>

Syntax Highlighting

[Open in new window]

Author Comments

Just ask questions if you're confused. I tried to comment everything as much as possible.

- Vince
v.simp@hotmail.com

Rating

4.69 / 8
54 Votes