Fetch password protected data in PHP

**bevort** · Oct 6 '06, 12:49 PM

On <a href="http://www.scribax.com ">www.scribax.c om</a> you can find a free PHP,javascript and MySQL based solution for this.

Saving your password data in a database is more secure then somewere on your server in a .htaccess protected directory. They can be hacked.

The script above sends the password MD5 encripted to the server wher PHP checks the data agains a database.

**ronverdonk** · Oct 6 '06, 08:42 PM

Maybe this one can be of some help. It shows a html screen asking for userid and password. When submitted it goes to the database and checks the existence of the userid/password (SHA1 encrypted) in the db record. All you have to change is the MySql statement, because it uses some db interface I used to use. Here is the code followed by the logout routine.
[php]
LOGIN.PHP routine
------------------
<?php
session_start() ;

if (array_key_exis ts('username', $_SESSION)) {
process_form(1) ;
}
else {
if ($_POST['_submit_check']) {
if ($form_errors = validate_form() ) {
show_form($form _errors);
}
else {
process_form(0) ;
}
}
else {
show_form();
}
}

function show_form($erro rs = '') {
print '<form name="authForm" method="POST" action="'.$_SER VER['PHP_SELF'].'">';
if ($errors) {
print '<span style="color:re d"><ul><li><b>' ;
print implode('</b></li><li><b>',$er rors);
print '</b></li></ul></span>';
}
print 'Username';
print '<input type="text" name="username" value="';
print htmlentities($_ POST[username]) . '"> <br />';
print 'Password';
print '<input type="password" name="password" value="';
print htmlentities($_ POST[password]) . '"> <br />';

print '<input type="submit" name="login" value="Login" />';
print '<input type="hidden" name="_submit_c heck" value="1"/>';
print '</form>';
print '<a href="index.php ">Click</a> here if you want to leave this form.';
}

function validate_form() {
$errors = array();
$userid=$_POST['username'];
$passwd=$_POST['password'];
/*************** *************** *************** *************** *************** *
* Check username and password in database *
*************** *************** *************** *************** *************** */
// ..... connect to data base

$text = "";
$text = $db->get_var("SELEC T * FROM authorized_user s WHERE userid='$userid ' AND passwd=sha1('$p asswd')") ;
if ($text == "") {
$errors[] = 'Enter a valid username and password!';
}
return $errors;
}

function process_form($l ogged_in) {
if ($logged_in == 0) {
// Add the username to the session
$_SESSION['username'] = $_POST['username'];
}
print 'You are logged in as: <b>'.$_SESSIO N['username'].'</b>'.str_repeat( ' ', 10).'<a href="logout.ph p">Logout</a><br />';
print '<p>You can continue processing as a logged-in user ............</p>';
}
?>
LOGOUT.PHP routine:
-------------------
<?php
session_start() ;

unset($_SESSION['username']);
print '<p>You are logged out.</p>';
?>
[/php]

Ronald :cool:

Fetch password protected data in PHP

Fetch password protected data in PHP

Comment

Comment