Results 1 to 4 of 4
  1. #1

    How to program a basic but secure login system using PHP and MySQL

    About this tutorial
    This tutorial is intended to explain how to design and build the foundation of a secure user authentication system using PHP's PDO library with a MySQL database. Each security measure is explained and justified, and many contain references to additional information should you wish to explore the subject in more depth. This article highlights insecure practices commonly found in code written by beginning PHP programmers who are simply unaware of how to write secure code.

    Note: The tutorial continues in my second post.

    The latest version of this code is now available on GitHub.

    Target audience and prerequisites
    This tutorial is aimed at programmers with a basic knowledge of PHP and MySQL. It assumes that you already have:
    * A web server with PHP
    * A MySQL database server with a MySQL database created
    * Login details for the MySQL server
    * A basic understanding of general programming concepts and PHP syntax
    * A basic understanding of HTML and HTML forms
    * A basic conceptual understanding of the purpose of a database

  2. #2
    Junior Member
    Join Date
    Apr 2016
    Posts
    0

    How to program a basic but secure login system using PHP and MySQL

    Topics on which this tutorial touches

    Security topics
    * How to prevent SQL injection exploits when using user-supplied data in a SQL query
    * How to prevent XSS attacks when displaying user-supplied data on a web page
    * How to securely store passwords in a database
    * How to securely redirect a user to another web page

    Database interaction topics
    * How to connect to a MySQL database using PHP's PDO library
    * How to insert a new row of data in the database (INSERT query)
    * How to update an existing row of data in the database (UPDATE query)
    * How to fetch a list of data from the database and display it in a table (SELECT query)
    * How to check whether a particular value already exists in the database

    General PHP topics
    * How to use PHP sessions to track a logged-in user
    * How to properly handle non-ASCII characters using UTF-8
    * How to avoid problems with PHP's Magic Quotes feature

    Login system specific topics
    * How to check whether a user is logged in or not, and force them to be logged in to view a particular page
    * How to build a login form, registration form, account details editing form and memberlist page

  3. #3

    How to program a basic but secure login system using PHP and MySQL

    The code

    First, you will need to create a database table with the following structure:
    Code:
    CREATE TABLE `users` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `username` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
    `password` char(64) COLLATE utf8_unicode_ci NOT NULL,
    `salt` char(16) COLLATE utf8_unicode_ci NOT NULL,
    `email` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
    PRIMARY KEY (`id`),
    UNIQUE KEY `username` (`username`),
    UNIQUE KEY `email` (`email`)
    ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=1;
    common.php: This file contains code that is shared between the different parts of your login system.
    PHP Code:


  4. #4

    How to program a basic but secure login system using PHP and MySQL

    The code

    First, you will need to create a database table with the following structure:
    Code:
    CREATE TABLE `users` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `username` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
    `password` char(64) COLLATE utf8_unicode_ci NOT NULL,
    `salt` char(16) COLLATE utf8_unicode_ci NOT NULL,
    `email` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
    PRIMARY KEY (`id`),
    UNIQUE KEY `username` (`username`),
    UNIQUE KEY `email` (`email`)
    ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=1;
    common.php: This file contains code that is shared between the different parts of your login system.
    PHP Code:


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •