File Upload using PHP and MySQL

This system enable user to;
1. Log in to the system
2. Upload files
3. Delete files
4. Download files

If you are interested on this project please modify it by adding;
1. User manager module
2. User activities tracking module
3. More security features

NB: Files are saved in server and only location is saved to database.
USERNAME: admin
PASSWORD: 123456

BT - Developers

DOWNLOAD HERE

How to Create Secure Registration Page in PHP/MySQL Part III

In our last two articles, we discuss on how to create a registration page using mysql andmysqli extension and how to secure it using mysql_real_escape_string or mysqli_real_escape_string.

This time we will modify our code to use PDO instead of mysql or mysqli extension.

Before we begin, let’s give some few advantages of using PDO in favor of mysqli.

• Portability – supports 12 different drivers
• Prepared statements – no need to use real_escape_string
• Object Oriented
• Named parameters
• Support stored procedures

PDO and mysqli has little to no difference at all except that PDO is more portable. So, if you want to connect to multiple databases without using different drivers, it’s preferable to use PDO.

Now, here’s the code of using PDO with little changes from our previous tutorial.

registration3.html

How to Create Secure Login Page in PHP/MySQL Part II

This is a continuation of the topic that I have discuss yesterday on How to Create Secure Login Page in PHP/MySQL. Since PDO is too complicated compared with mysqli, I decided to separate this tutorial.

So, here we go.

login.html

Modify the code on our previous tutorial from:

to

login3.php

<?php


$username = $_POST['username'];


$password = $_POST['password'];


 


$conn = new PDO('mysql:host=localhost;dbname=login', 'root', '');


 


$query = "SELECT password, salt


        FROM member


        WHERE username = :username";


 


$result = $conn->prepare($query);


$result->bindParam(":username", $username);


$result->execute();


 


$number_of_rows = $result->rowCount();


 


if($number_of_rows == 0) // User not found. So, redirect to login_form again.


{


    header('Location: login.html');


}


 


$userData  = $result->fetch(PDO::FETCH_ASSOC);


 


$hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );


 


if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again.


{


    header('Location: login.html');


}else{ // Redirect to home page after successful login.


 header('Location: home.html');


}


?>

As you can see above, there are some changes that are far different compared to mysqli.

Take this example:

In mysqli we use this code:

$result = $mysqli->query($query);

This is the equivalent in PDO:

$result = $conn->prepare($query);

Another is difference on how to fetch the record. In mysqli:

$userData = mysqli_fetch_array($result, MYSQL_ASSOC);

In PDO:

$userData  = $result->fetch(PDO::FETCH_ASSOC);

How to Create Secure Registration Page in PHP/MySQL Part III

In our last two articles, we discuss on how to create a registration page using mysql andmysqli extension and how to secure it using mysql_real_escape_string or mysqli_real_escape_string.

This time we will modify our code to use PDO instead of mysql or mysqli extension.

Before we begin, let’s give some few advantages of using PDO in favor of mysqli.

• Portability – supports 12 different drivers
• Prepared statements – no need to use real_escape_string
• Object Oriented
• Named parameters
• Support stored procedures

PDO and mysqli has little to no difference at all except that PDO is more portable. So, if you want to connect to multiple databases without using different drivers, it’s preferable to use PDO.

Now, here’s the code of using PDO with little changes from our previous tutorial.

registration3.html

Just change the line from previous tutorial:

to:

register3.php

<?php


//retrieve our DATA FROM POST


$username = $_POST['username'];


$password1 = $_POST['password1'];


$password2 = $_POST['password2'];


$email = $_POST['email'];


 


IF($password1 != $password2)


    header('Location: registration.html');


 


IF(strlen($username) > 30)


    header('Location: registration.html');


 


$hash = hash('sha256', $password1);


 


FUNCTION createSalt()


{


    $text = md5(uniqid(rand(), TRUE));


    RETURN substr($text, 0, 3);


}


 


$salt = createSalt();


$password = hash('sha256', $salt . $hash);


 


$conn = NEW PDO('mysql:host=localhost;dbname=login', 'root', '');


 


$qry = $conn->PREPARE('INSERT INTO member (username, password, email, salt) VALUES (?, ?, ?, ?)');


$qry->EXECUTE(array($username, $password, $email, $salt));


 


header('Location: login.php');


?>

In our next tutorial, we will discuss on how to create a secure login page based on the three tutorials about how to create a secure registration page.