User authentication and login is the common feature available in most of the dynamic websites. Before we move on further in the discussion, you can download the login script too containing the complete PHP source code and a SQL file to populate the demanded tables. The login form has two appropriate fields that is login and password and is self explanatory in whatever manner it does. While creating the web page, always try to keep separately the form and action/submission web pages. Until and unless it is required, don’t make pages post information to them. It would be recommended to append form to web pages and append execution to it that handles the submission process. This really makes the submission and application simpler to manage when the application logic gets more critical.
The login functionality enables customers to login into a website and perform some tasks in a safe and secure manner. In this post, some of the best scripts are depicted in order to provide our readers a valuable insight about the login process, customize the scripts as per your preferences and prerequisites. Moreover, might be you got some designing preference and inspiration from them.
Escape Special Characters – In the easiest way, special characters could simply break your query. In extreme case, a hacker could use SQL injections to gain access to your web applications. Thus it is vital to escape those special characters with a backslash (\). So, insert a backslash before every character. In addition, it is easy to escape special characters by using mysql_real_escape_string or addslashes function. Usually in 90% cases, PHP do this automatically. Though in that situation, it is must that magic_quotes_gpc setting in php.ini file must be open. If the setting is not on, it is must to use mysql_real_escape_string function to escape special characters. MySQL connection is must before using mysql_real_escape_string() otherwise an error level E_WARNING will be generated.
A Simple Function to Escape Special Characters – You can actually use the function to prepare and clean data for queries. The function follows the following steps –
- Trim the strings to get rid of leading and trailing spaces
- If you set the second parameter as true, it will encode characters having HTML character entity equivalents
- Then the function will check for PHP version. If the version is equal or greater than 4.3.0, it will use mysql_real_escape_string() function otherwise will use addslashes() function.
- If there is a connection to the MySQL server, the function mysql_real_escape_string() will work fine. Afterwards we will check whether we are connected to MYSQL server or not by using mysql_ping() function.
Query the Database – Then we will formulate the query that will test whether a customer with that login id and password exists or not. The passwords are not going to be stored in the database as plain text. In fact, they will get stored using md5 hash of the password. Md5 is one of the efficient ways of doing encryption. Make use of md5 function to create a 32 character hash of any string. This is the reason that once the password is encrypted, there is no other way to decrypt it.
Store Authentication – Once we know that the login details are correct, it is must to store that information somewhere so that the subsequent web pages know that the customer has been authenticated successfully. Fetch the member’s ID from the final result set and store it in the session as SESS_MEMBER_ID. Consequent pages will just require testing the existence of SESS_MEMBER_ID to check the authentication status of the customer. After storing the member ID, restore the customer to the member index.php page.
Individual Pages Authentication – The absence or presence of SESS_MEMBER_ID in the session will reveal the fact that the user is logged in or not. If a variable name SESS_MEMBER_ID exists in the session, the user has been authenticated and logged on.
Are you thinking that the aforementioned login script is not safe and secure? To be honest, follow the guide and protect your website from all kinds of attacks that hackers can use and access to gain control of other customer accounts, change data or delete accounts. Moreover, Web Outsourcing Team’s professionals can help you in the same. So feel free to get in touch with them for more detailed information. Stay tune for more posts.