CREATE TABLE `user` ( `userid` INT(11) NOT NULL AUTO_INCREMENT, `username` VARCHAR(30) NOT NULL, `password` VARCHAR(30) NOT NULL, `fullname` VARCHAR(60) NOT NULL, PRIMARY KEY (`userid`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
INSERT INTO `user` (`username`, `password`, `fullname`) VALUES ('user', 'user', 'hello world');
<?php // Check connection { } ?>
<!DOCTYPE html> <html> <head> <style> .message {color: #FF0000;} </style> </head> <body> <?php // define variables and set to empty values $Message = $ErrorUname = $ErrorPass = ""; if ($_SERVER["REQUEST_METHOD"] == "POST") { $username = check_input($_POST["username"]); if (!preg_match("/^[a-zA-Z0-9_]*$/",$username)) { $ErrorUname = "Space and special characters not allowed but you can use underscore(_)."; } else{ $fusername=$username; } $fpassword = check_input($_POST["password"]); if ($ErrorUname!=""){ $Message = "Login failed! Errors found"; } else{ include('conn.php'); $query=mysqli_query($conn,"select * from `user` where username='$fusername' && password='$fpassword'"); $num_rows=mysqli_num_rows($query); $row=mysqli_fetch_array($query); if ($num_rows>0){ $Message = "Login Successful!"; } else{ $Message = "Login Failed! User not found"; } } } function check_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } ?> <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> Username: <input type="text" name="username" required> Password: <input type="password" name="password" required> <input type="submit" name="submit"> </form> <span class="message"> <?php if ($Message=="Login Successful!"){ echo $Message; echo 'Welcome, '.$row['fullname']; } else{ echo $Message; } ?> </span> </body> </html>
Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. After downloading it, you will need a program like Winzip to decompress it.
Virus note: All files are scanned once-a-day by SourceCodester.com for viruses, but new viruses come out every day, so no prevention program can catch 100% of them.
FOR YOUR OWN SAFETY, PLEASE:
1. Re-scan downloaded files using your personal virus checker before using it.
2. NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.