How to Create Secure Login Page in PHP/MySQL Part II

This is a continuation of the topic that I have discuss yesterday on How to Create Secure Login Page in PHP/MySQL. Since PDO is too complicated compared with mysqli, I decided to separate this tutorial.

So, here we go.

login.html

Modify the code on our previous tutorial from:

to

login3.php

<?php


$username = $_POST['username'];


$password = $_POST['password'];


 


$conn = new PDO('mysql:host=localhost;dbname=login', 'root', '');


 


$query = "SELECT password, salt


        FROM member


        WHERE username = :username";


 


$result = $conn->prepare($query);


$result->bindParam(":username", $username);


$result->execute();


 


$number_of_rows = $result->rowCount();


 


if($number_of_rows == 0) // User not found. So, redirect to login_form again.


{


    header('Location: login.html');


}


 


$userData  = $result->fetch(PDO::FETCH_ASSOC);


 


$hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );


 


if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again.


{


    header('Location: login.html');


}else{ // Redirect to home page after successful login.


 header('Location: home.html');


}


?>

As you can see above, there are some changes that are far different compared to mysqli.

Take this example:

In mysqli we use this code:

$result = $mysqli->query($query);

This is the equivalent in PDO:

$result = $conn->prepare($query);

Another is difference on how to fetch the record. In mysqli:

$userData = mysqli_fetch_array($result, MYSQL_ASSOC);

In PDO:

$userData  = $result->fetch(PDO::FETCH_ASSOC);

Share this

Share on FacebookPlus on Google+