CodersPage: 2015

Dormitory Management System

This system has the capability to create a user account as well it can change password. It can do different transactions such as assigning rooms to a students, view availability of rooms, etc. This is very useful system and easy to use.

Hope you learn from this.

DOWNLOAD HERE

File Upload using PHP and MySQL

1 Comment

This system enable user to;
1. Log in to the system
2. Upload files
3. Delete files
4. Download files

If you are interested on this project please modify it by adding;
1. User manager module
2. User activities tracking module
3. More security features

NB: Files are saved in server and only location is saved to database.
USERNAME: admin
PASSWORD: 123456

BT - Developers

DOWNLOAD HERE

How to Create Secure Registration Page in PHP/MySQL Part III

Add Comment

In our last two articles, we discuss on how to create a registration page using mysql andmysqli extension and how to secure it using mysql_real_escape_string or mysqli_real_escape_string.

This time we will modify our code to use PDO instead of mysql or mysqli extension.

Before we begin, let’s give some few advantages of using PDO in favor of mysqli.

Portability – supports 12 different drivers
Prepared statements – no need to use real_escape_string
Object Oriented
Named parameters
Support stored procedures

PDO and mysqli has little to no difference at all except that PDO is more portable. So, if you want to connect to multiple databases without using different drivers, it’s preferable to use PDO.

Now, here’s the code of using PDO with little changes from our previous tutorial.

registration3.html

How to Create Secure Login Page in PHP/MySQL Part II

4 Comments

This is a continuation of the topic that I have discuss yesterday on How to Create Secure Login Page in PHP/MySQL. Since PDO is too complicated compared with mysqli, I decided to separate this tutorial.

So, here we go.

Modify the code on our previous tutorial from:

login3.php



<?php


$username = $_POST['username'];


$password = $_POST['password'];


 


$conn = new PDO('mysql:host=localhost;dbname=login', 'root', '');


 


$query = "SELECT password, salt


        FROM member


        WHERE username = :username";


 


$result = $conn->prepare($query);


$result->bindParam(":username", $username);


$result->execute();


 


$number_of_rows = $result->rowCount();


 


if($number_of_rows == 0) // User not found. So, redirect to login_form again.


{


    header('Location: login.html');


}


 


$userData  = $result->fetch(PDO::FETCH_ASSOC);


 


$hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );


 


if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again.


{


    header('Location: login.html');


}else{ // Redirect to home page after successful login.


 header('Location: home.html');


}


?>

As you can see above, there are some changes that are far different compared to mysqli.

Take this example:

In mysqli we use this code:

$result = $mysqli->query($query);

This is the equivalent in PDO:

$result = $conn->prepare($query);

Another is difference on how to fetch the record. In mysqli:

$userData = mysqli_fetch_array($result, MYSQL_ASSOC);

In PDO:

$userData = $result->fetch(PDO::FETCH_ASSOC);

How to Create Secure Login Page in PHP/MySQL Part I

Add Comment

In our previous tutorial we discuss on how to create a secure registration page using three different approaches. They are:

mysql: How to Create Secure Registration Page in PHP/MySQL Part I
mysqli: How to Create Secure Registration Page in PHP/MySQL Part II
PDO: How to Create Secure Registration Page in PHP/MySQL Part III

This time we will create a secure login script based on our previous tutorial. So be sure to read it especially on how to create our database.

I will combine two approaches here begining with mysql extension.

mysql extension

Now let's create the login form.



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">


<head>


<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />


<title>Login Form</title>


</head>





<body>


<form id="form1" name="form1" method="post" action="login.php">


<table width="510" border="0" align="center">


<tr>


<td colspan="2">Login Form</td>


</tr>


<tr>


<td>Username:</td>


<td><input type="text" name="username" id="username" /></td>


</tr>


<tr>


<td>Password</td>


<td><input type="password" name="password" id="password" /></td>


</tr>


<tr>


<td>&nbsp;</td>


<td><input type="submit" name="button" id="button" value="Submit" /></td>


</tr>


</table>


</form>


</body>


</html>



<?php


$username = $_POST['username'];


$password = $_POST['password'];





$conn = mysql_connect('localhost', 'root', '');


mysql_select_db('login', $conn);





$username = mysql_real_escape_string($username);


$query = "SELECT password, salt


        FROM member


        WHERE username = '$username';";





$result = mysql_query($query);





if(mysql_num_rows($result) == 0) // User not found. So, redirect to login_form again.


{


header('Location: login.html');


}





$userData = mysql_fetch_array($result, MYSQL_ASSOC);


$hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );





if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again.


{


header('Location: login.html');


}else{ // Redirect to home page after successful login.


header('Location: home.html');


}


?>

Note, that we are still using the mysql_real_escape_string to secure our login page. Plus using password hashing with salt.

mysqli extension

Modify the above code from:

<form id="form1" name="form1" method="post" action="login.php">

<form id="form1" name="form1" method="post" action="login2a.php">

login2a.php
Procedural style



<?php


$username = $_POST['username'];


$password = $_POST['password'];





$conn = mysqli_connect('localhost', 'root', '', 'login');





$username = mysqli_real_escape_string($conn, $username);


$query = "SELECT password, salt


        FROM member


        WHERE username = '$username';";





$result = mysqli_query($conn, $query);





if(mysqli_num_rows($result) == 0) // User not found. So, redirect to login_form again.


{


header('Location: login.html');


}





$userData = mysqli_fetch_array($result, MYSQL_ASSOC);


$hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );





if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again.


{


header('Location: login.html');


}else{ // Redirect to home page after successful login.


header('Location: home.html');


}


?>

As you can see, we just changed some few line based on our previous script called login.php. This is because we are using procedural style of mysqli extension.

Code equivalent:
mysql_connect() = mysqli_connect()
mysql_query() = mysqli_query()

login2b.php
Object Oriented style
Again, change the action properties under form tag in login.html script from login2a.php to login2b.php



<?php


$username = $_POST['username'];


$password = $_POST['password'];





$mysqli = new mysqli('localhost', 'root', '', 'login');





$username = $mysqli->real_escape_string($username);





$query = "SELECT password, salt


        FROM member


        WHERE username = '$username';";





$result = $mysqli->query($query);





if($result->num_rows == 0) // User not found. So, redirect to login_form again.


{


header('Location: login.html');


}





$userData = mysqli_fetch_array($result, MYSQL_ASSOC);


$hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );





if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again.


{


header('Location: login.html');


}else{ // Redirect to home page after successful login.


header('Location: home.html');


}


?>