This system has the capability to create a user account as well it can change password. It can do different transactions such as assigning rooms to a students, view availability of rooms, etc. This is very useful system and easy to use.
File Upload using PHP and MySQL
This system enable user to;
1. Log in to the system
2. Upload files
3. Delete files
4. Download files
1. Log in to the system
2. Upload files
3. Delete files
4. Download files
If you are interested on this project please modify it by adding;
1. User manager module
2. User activities tracking module
3. More security features
1. User manager module
2. User activities tracking module
3. More security features
NB: Files are saved in server and only location is saved to database.
USERNAME: admin
PASSWORD: 123456
USERNAME: admin
PASSWORD: 123456
BT - Developers
How to Create Secure Registration Page in PHP/MySQL Part III
In our last two articles, we discuss on how to create a registration page using mysql andmysqli extension and how to secure it using mysql_real_escape_string or mysqli_real_escape_string.
This time we will modify our code to use PDO instead of mysql or mysqli extension.
Before we begin, let’s give some few advantages of using PDO in favor of mysqli.
- Portability – supports 12 different drivers
- Prepared statements – no need to use real_escape_string
- Object Oriented
- Named parameters
- Support stored procedures
PDO and mysqli has little to no difference at all except that PDO is more portable. So, if you want to connect to multiple databases without using different drivers, it’s preferable to use PDO.
Now, here’s the code of using PDO with little changes from our previous tutorial.
registration3.html
How to Create Secure Login Page in PHP/MySQL Part II
This is a continuation of the topic that I have discuss yesterday on How to Create Secure Login Page in PHP/MySQL. Since PDO is too complicated compared with mysqli, I decided to separate this tutorial.
So, here we go.
login.html
Modify the code on our previous tutorial from:
How to Create Secure Login Page in PHP/MySQL Part I
In our previous tutorial we discuss on how to create a secure registration page using three different approaches. They are:
mysql: How to Create Secure Registration Page in PHP/MySQL Part I
mysqli: How to Create Secure Registration Page in PHP/MySQL Part II
PDO: How to Create Secure Registration Page in PHP/MySQL Part III
mysqli: How to Create Secure Registration Page in PHP/MySQL Part II
PDO: How to Create Secure Registration Page in PHP/MySQL Part III
This time we will create a secure login script based on our previous tutorial. So be sure to read it especially on how to create our database.
I will combine two approaches here begining with mysql extension.
mysql extension
Now let's create the login form.
login.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> </head> <body> <form id="form1" name="form1" method="post" action="login.php"> <table width="510" border="0" align="center"> <tr> </tr> <tr> </tr> <tr> </tr> <tr> </tr> </table> </form> </body> </html>
login.php
<?php $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT password, salt FROM member WHERE username = '$username';"; { } if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again. { }else{ // Redirect to home page after successful login. } ?>
Note, that we are still using the mysql_real_escape_string to secure our login page. Plus using password hashing with salt.
mysqli extension
login.html
Modify the above code from:
<form id="form1" name="form1" method="post" action="login.php">
to
<form id="form1" name="form1" method="post" action="login2a.php">
login2a.php
Procedural style
Procedural style
<?php $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT password, salt FROM member WHERE username = '$username';"; { } if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again. { }else{ // Redirect to home page after successful login. } ?>
As you can see, we just changed some few line based on our previous script called login.php. This is because we are using procedural style of mysqli extension.
Code equivalent:
mysql_connect() = mysqli_connect()
mysql_query() = mysqli_query()
mysql_connect() = mysqli_connect()
mysql_query() = mysqli_query()
login2b.php
Object Oriented style
Again, change the action properties under form tag in login.html script from login2a.php to login2b.php
Object Oriented style
Again, change the action properties under form tag in login.html script from login2a.php to login2b.php
<?php $username = $_POST['username']; $password = $_POST['password']; $mysqli = new mysqli('localhost', 'root', '', 'login'); $username = $mysqli->real_escape_string($username); $query = "SELECT password, salt FROM member WHERE username = '$username';"; $result = $mysqli->query($query); if($result->num_rows == 0) // User not found. So, redirect to login_form again. { } if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again. { }else{ // Redirect to home page after successful login. } ?>
On procedural style we use the following code and its equivalent in object oriented style:
mysqli_connect() = new mysqli()
mysqli_query() = $mysqli->query()
mysqli_query() = $mysqli->query()
In our next tutorial, we will create a new article to differentiate PDO from the above code. PDO is a bit different so we will not cover it here.
Subscribe to:
Posts (Atom)