Junk | Iklan



Thursday, February 18, 2010

Login dgn login check ( PHP )

just nak tunjuk salah satu cara login coding gune PHP yg slalu aku guner dalam web application ak...ak tau coding ni x berape secure dan skang ni ak tgh mencari satu kaedah yg paling baik untuk secure PHP coding dari kne spools, LFI, MD5 hash .....ish mcm2 lg lah..

ok ad due file di mana satu file ad coding utk display login form...

bwah ni coding utk display form :-

<span ><table width="100%" border="0" height="329"><tbody><tr><td align="center" background="images/bg_content.gif" valign="top"><table width="90%" align="center" border="0" height="398">
<tbody><tr>
<td width="71%" align="center" bgcolor="#000000" height="284" valign="middle"><p></p>
<table width="100%" border="0">
<tbody><tr>
<td width="32%" height="130">
</td>
<td width="38%"><form id="loginuser" name="loginuser" method="post" action="login_chck.php">
<table width="100%" border="0">
<tbody><tr>
<td class="font-pristina">Login</td>
</tr>
<tr>
<td><span class="style5">
<label><span class="font-pristina">username</span>
<input name="username" id="username" size="20" maxlength="16" type="text">
</label>
</span></td>
</tr>
<tr>
<td>
<label class="font-pristina style6"><span class="style7">password</span></label>
<span class="style5">
<label>
<input name="password" id="password" size="20" maxlength="16" type="password">
</label>
</span></td>
</tr>
<tr>
<td align="right" height="27"><label>
<input name="submit" id="submit" value="Submit" type="submit">
</label></td>
</tr>
<tr>
<td class="style5" align="right" height="37"><span class="font-pristina"><a href="http://www.blogger.com/register.php">new user? register here..</a></span><a href="http://www.blogger.com/register.php">.</a></td>
</tr>
</tbody></table>
</form></td>
<td width="30%">
</td>
</tr>
</tbody></table></td>
<td style="color: rgb(0, 0, 0);" width="29%" align="left" valign="top"><h1><span class="style4 style10">Welcome to </span></h1>
<p><img src="http://www.blogger.com/images/cklogobig.gif" width="236" height="164" /></p>
<p> </p></td></tr>
</tbody></table></td>
</tr>
</tbody></table>
</span>



lepas user click login button, dorang akan dibawak k satu page dimana login authentication akan diproses utk verification...so kt bwah ni code utk login verifications...

<? include "db_connect.php";
//include "session.php";
if (!isset($_SESSION)) {
session_start();
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>USER LOGIN</title>
<style type="text/css">
<!--
body {
background-color: #000000;
}
.style1 {
color: #FFFFFF;
font-family: Pristina;
font-size: xx-large;
}
-->
</style></head>
<body>
<? require_once("header.php"); ?>
<?php
$username =$_POST["username"];
$pw =$_POST["password"];


$msg= "wrong username";

mysql_select_db($database_dbconnect, $dbconnect) or die(mysql_error());

$query = "SELECT userid, password, position FROM ckcollection_login WHERE userid= '$username' AND password= '$pw'" ;

$result = mysql_query($query);
if (!$result || mysql_num_rows($result) < 1)
{
echo "<HTML><META HTTP-EQUIV='REFRESH' CONTENT='1; URL= login.php'><BODY bgcolor='#FFFFFF'>

<CENTER><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><table width=70% class='msgborder' border='0' cellpadding='0' cellspacing='2' bordercolor='#CCCC99'>
<tr>
<td align='center'> <font color=#000000><h1>".$msg."</h1><br><h4>Wrong Username or password<br/>Redirecting....<br/><br/>Please Wait..</h4></font></td>
</tr>
</table><p>&nbsp;</p><p>&nbsp;</p></CENTER></BODY></HTML>";

}
else {
//include "newsession.php";

$row = mysql_fetch_array($result);
$position = $row["position"];
$username= $row["userid"];

$_SESSION['MM_Username'] = $username;
$_SESSION['MM_UserPos'] = $position;

$user= $_SESSION['MM_Username'];

if($position!='user')
{


$msgA = "You login with username $user";
$gotoA = "admin/index.php";
echo "<HTML><META HTTP-EQUIV='REFRESH' CONTENT='1; URL=".$gotoA."'><BODY bgcolor='#FFFFFF'>

<CENTER><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><table width=70% class='msgborder' border='0' bordercolor='#FFFFFF' cellpadding='0' cellspacing='2'>
<tr>
<td align='center'><span class='style1'><h1>".$msgA."</h1><br><h4>please wait...</h4></span></td>
</tr>
</table><p>&nbsp;</p><p>&nbsp;</p></CENTER></BODY></HTML>";
}
else {
$msgA = "You login with username $user";
$gotoA = "user/index.php";
echo "<HTML><META HTTP-EQUIV='REFRESH' CONTENT='1; URL=".$gotoA."'><BODY bgcolor='#FFFFFF'>

<CENTER><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><table width=70% class='msgborder' border='0' cellpadding='0' cellspacing='2' bordercolor='#FFFFFF'>
<tr>
<td align='center'> <span class='style1'><h1>".$msgA."</h1><br><h4>please wait...</h4></span></td>
</tr>
</table><p>&nbsp;</p><p>&nbsp;</p></CENTER></BODY></HTML>";
}
}
?>



p/s : coding ni utk tujuan education (pembelajaran) so coding ni "vulnerable" to spammers and hackers and crackers and biskut merry.....trime kaseh...klu ade coding yg lbh cantik dan kemas sila lah comment ataupn email kt aku yer...ur attention is very2 appreciated..^^

No comments:

Post a Comment