Dormitory Management System

Dormitory Management System

This system has the capability to create a user account as well it can change password. It can do different transactions such as assigning rooms to a students, view availability of rooms, etc. This is very useful system and easy to use.
Hope you learn from this.

DOWNLOAD HERE
File Upload using PHP and MySQL

File Upload using PHP and MySQL

This system enable user to;
1. Log in to the system
2. Upload files
3. Delete files
4. Download files
If you are interested on this project please modify it by adding;
1. User manager module
2. User activities tracking module
3. More security features
NB: Files are saved in server and only location is saved to database.
USERNAME: admin
PASSWORD: 123456
BT - Developers
How to Create Secure Registration Page in PHP/MySQL Part III

How to Create Secure Registration Page in PHP/MySQL Part III

In our last two articles, we discuss on how to create a registration page using mysql andmysqli extension and how to secure it using mysql_real_escape_string or mysqli_real_escape_string.
This time we will modify our code to use PDO instead of mysql or mysqli extension.
Before we begin, let’s give some few advantages of using PDO in favor of mysqli.
  • Portability – supports 12 different drivers
  • Prepared statements – no need to use real_escape_string
  • Object Oriented
  • Named parameters
  • Support stored procedures
PDO and mysqli has little to no difference at all except that PDO is more portable. So, if you want to connect to multiple databases without using different drivers, it’s preferable to use PDO.
Now, here’s the code of using PDO with little changes from our previous tutorial.
registration3.html

How to Create Secure Login Page in PHP/MySQL Part II

How to Create Secure Login Page in PHP/MySQL Part II

This is a continuation of the topic that I have discuss yesterday on How to Create Secure Login Page in PHP/MySQL. Since PDO is too complicated compared with mysqli, I decided to separate this tutorial.
So, here we go.
login.html
Modify the code on our previous tutorial from:
to
login3.php
  1. <?php
  2. $username = $_POST['username'];
  3. $password = $_POST['password'];
  4.  
  5. $conn = new PDO('mysql:host=localhost;dbname=login', 'root', '');
  6.  
  7. $query = "SELECT password, salt
  8. FROM member
  9. WHERE username = :username";
  10.  
  11. $result = $conn->prepare($query);
  12. $result->bindParam(":username", $username);
  13. $result->execute();
  14.  
  15. $number_of_rows = $result->rowCount();
  16.  
  17. if($number_of_rows == 0) // User not found. So, redirect to login_form again.
  18. {
  19. header('Location: login.html');
  20. }
  21.  
  22. $userData = $result->fetch(PDO::FETCH_ASSOC);
  23.  
  24. $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
  25.  
  26. if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again.
  27. {
  28. header('Location: login.html');
  29. }else{ // Redirect to home page after successful login.
  30. header('Location: home.html');
  31. }
  32. ?>
As you can see above, there are some changes that are far different compared to mysqli.
Take this example:
In mysqli we use this code:
$result = $mysqli->query($query);
This is the equivalent in PDO:
$result = $conn->prepare($query);
Another is difference on how to fetch the record. In mysqli:
$userData = mysqli_fetch_array($result, MYSQL_ASSOC);
In PDO:
$userData  = $result->fetch(PDO::FETCH_ASSOC);
How to Create Secure Login Page in PHP/MySQL Part I

How to Create Secure Login Page in PHP/MySQL Part I

In our previous tutorial we discuss on how to create a secure registration page using three different approaches. They are:
This time we will create a secure login script based on our previous tutorial. So be sure to read it especially on how to create our database.
I will combine two approaches here begining with mysql extension.

mysql extension

Now let's create the login form.
login.html
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3. <head>
  4. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  5. <title>Login Form</title>
  6. </head>
  7. <body>
  8. <form id="form1" name="form1" method="post" action="login.php">
  9. <table width="510" border="0" align="center">
  10. <tr>
  11. <td colspan="2">Login Form</td>
  12. </tr>
  13. <tr>
  14. <td>Username:</td>
  15. <td><input type="text" name="username" id="username" /></td>
  16. </tr>
  17. <tr>
  18. <td>Password</td>
  19. <td><input type="password" name="password" id="password" /></td>
  20. </tr>
  21. <tr>
  22. <td>&nbsp;</td>
  23. <td><input type="submit" name="button" id="button" value="Submit" /></td>
  24. </tr>
  25. </table>
  26. </form>
  27. </body>
  28. </html>
login.php
  1. <?php
  2. $username = $_POST['username'];
  3. $password = $_POST['password'];
  4. $conn = mysql_connect('localhost', 'root', '');
  5. mysql_select_db('login', $conn);
  6. $username = mysql_real_escape_string($username);
  7. $query = "SELECT password, salt
  8. FROM member
  9. WHERE username = '$username';";
  10. $result = mysql_query($query);
  11. if(mysql_num_rows($result) == 0) // User not found. So, redirect to login_form again.
  12. {
  13. header('Location: login.html');
  14. }
  15. $userData = mysql_fetch_array($result, MYSQL_ASSOC);
  16. $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
  17. if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again.
  18. {
  19. header('Location: login.html');
  20. }else{ // Redirect to home page after successful login.
  21. header('Location: home.html');
  22. }
  23. ?>
Note, that we are still using the mysql_real_escape_string to secure our login page. Plus using password hashing with salt.

mysqli extension

login.html
Modify the above code from:
<form id="form1" name="form1" method="post" action="login.php">
to
<form id="form1" name="form1" method="post" action="login2a.php">
login2a.php
Procedural style
  1. <?php
  2. $username = $_POST['username'];
  3. $password = $_POST['password'];
  4. $conn = mysqli_connect('localhost', 'root', '', 'login');
  5. $username = mysqli_real_escape_string($conn, $username);
  6. $query = "SELECT password, salt
  7. FROM member
  8. WHERE username = '$username';";
  9. $result = mysqli_query($conn, $query);
  10. if(mysqli_num_rows($result) == 0) // User not found. So, redirect to login_form again.
  11. {
  12. header('Location: login.html');
  13. }
  14. $userData = mysqli_fetch_array($result, MYSQL_ASSOC);
  15. $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
  16. if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again.
  17. {
  18. header('Location: login.html');
  19. }else{ // Redirect to home page after successful login.
  20. header('Location: home.html');
  21. }
  22. ?>
As you can see, we just changed some few line based on our previous script called login.php. This is because we are using procedural style of mysqli extension.
Code equivalent:
mysql_connect() = mysqli_connect()
mysql_query() = mysqli_query()
login2b.php
Object Oriented style
Again, change the action properties under form tag in login.html script from login2a.php to login2b.php
  1. <?php
  2. $username = $_POST['username'];
  3. $password = $_POST['password'];
  4. $mysqli = new mysqli('localhost', 'root', '', 'login');
  5. $username = $mysqli->real_escape_string($username);
  6. $query = "SELECT password, salt
  7. FROM member
  8. WHERE username = '$username';";
  9. $result = $mysqli->query($query);
  10. if($result->num_rows == 0) // User not found. So, redirect to login_form again.
  11. {
  12. header('Location: login.html');
  13. }
  14. $userData = mysqli_fetch_array($result, MYSQL_ASSOC);
  15. $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
  16. if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again.
  17. {
  18. header('Location: login.html');
  19. }else{ // Redirect to home page after successful login.
  20. header('Location: home.html');
  21. }
  22. ?>
On procedural style we use the following code and its equivalent in object oriented style:
mysqli_connect() = new mysqli()
mysqli_query() = $mysqli->query()
In our next tutorial, we will create a new article to differentiate PDO from the above code. PDO is a bit different so we will not cover it here.

Featured Post

Download Music Sharing System PHP Source code

Hello welcome again to my blog, today i`m happy to share my first project that I develop by using codeigniter (MVC based php framework)...

Popular Posts