PHP Login Script with Encryption.

Why not set a session/cookie, store the id in the database, timestamp, etc.?

I would recomend to have a auth class with auth methods, so we can pass the auth method to the whole page.

K, Nice. I am going to do this in Java.

nice script thanks a lot

md5 != Encryption ;)

muy basico para mi
ubieras implementado con ajax y el post te ubiera quedado chulo :P

This is good back in 1990 but things have changed since then.

use salt..

спасибо за подсказку! thanks !

Thank you srinu nice tip,
I want to encrypted password to decrypt , is that possible in php, i want to use in forgot password page.

you don't check POST submitted data for vulnerabilities, that will create major security holes

This is pretty good, but we should note two things:
1. This isn't encryption, it's hashing.
2. It would be even better to salt the hash. For more information on salting database hashes, consult Google.

@anon, he is using mysql_real_escape_string to sanitize for mysql and is NOT echoing the POST values back to the form, there isn't a strict need to htmlentities or strip tags if you are not echoing the data back to your page.

Still point taken, I sanitize all get and post data out of habit/paranoia.

As others have said using MD5 alone is not encryption, it's simply hashing. This method is very insecure if your database were to become vulnerable.

Salt!

I was also mislead by the word "encryption."
Good simple script though.

Thank you. This is really nice for a PHP learner like me. The critics should realize that anyone can enhance or extend your script based on their levels of expertise.

Keep the scripts coming!

If you can read Spanish, you will find a good post about PHP´s login system on this Blog:
http://www.juangiordana.com.ar/blog/2006/11/28/php-login-script/

Regards

I think you need also to secure the communication line between user browser and your server using HTTPS so when user click login button data transfered in encrypted format.

Do NOT use simple md5!
Check out my password hashing class with salt and random iterations:
http://juliusbeckmann.de/blog/php-easy-and-secure-password-hashing-class.html

This is a good example for a First Step in a Tutorial but for a secure and encrypted php login there are more things needed.

e.g.: http://xkcd.com/327/

Lol, why use 50 bytes for password hash
---
passcode VARCHAR(50)
---
when md5 always produces hash of the fixed 32-char width? Also, hashing without salt is one of the worst examples you can provide for beginners.

*Not recommended until rewrite and update.*

Using the crypt function in PHP to encrypt passwords and other data and keep them safe.

thanx nice script i use my web site login but char(50) why md5 = 32 char ?????

thats easy but there is no session cookie/remember me feature

next update you consider it

Hey,

Great script and works perfectly. Thanks so very very much! I searched and searched and tried others and none worked but this one!!!

hey how to do with session?? and needed to destroy

@josea

http://www.9lessons.info/2009/09/php-login-page-example.html

nice

hi srinivas really very good link
thanks lot

Hi, Srinivas the registration is ok. but the login not go to my page welcome. please tell me how do it. I look it but tell me more please http://www.9lessons.info/2009/09/php-login-page-example.html

Change this in registry file

$password=md5($password); // Encrypted Password

to

$salt1 = "18gI%f5A";
$salt2 = "@Y4p91bN";
$password = md5($salt1.$password.$salt2);

This don't work. I've tried evrything. When i've put the codes fom Welcome.php into my index.php it gives me this error; Parse error: syntax error, unexpected T_STRING, expecting '(' in /home/srkiller/public_html/s/index.php on line 5

+ Where do i change password+username, because when i enter somthing on login.php it come this;


Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/srkiller/public_html/s/login.php on line 16

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/srkiller/public_html/s/login.php on line 19

hey back button brings it back to login page how to fix that

md5 is not better... PHP encourage to use Crypt.. one way password encryption.

good

Simple Login , Thank YOu Man.

gr8 man

your 'msql' queries are no longer supported in PHP. You should now be using 'mysqli'.

thank you sir i have very very need this

another thanks for you

This is indeed a fantastic resource. Thank you for making this publicly available.

Thank you so much..
it was realy useful ^_^

Notice: Undefined index: active in E:\xampp\htdocs\results\parent\student-login1.php on line 120

Fatal error: Call to undefined function session_register() in E:\xampp\htdocs\results\parent\student-login1.php on line 125

I got these two error wat i have to do

session_register() is not defined there in your script...

Thank you very much for you can share your post,the article content written very well,extremely is worth my study.

nice

is good, bat if you register 2 times with the same user the password change

i tried this but whenever i click on the submit button, it will redirect to the process page showing nothing but white blank view, what is the probem? Btw,i'm using phpmyadmin for my database

any one slove my error

Fatal error: Call to undefined function mysql_select_login1() in C:\wamp\www\hari\config.php on line 8

Nice script, well eine ☺

Nice code...my Problem is Solve

very helpful and easy code.

Hey is this a best secure way to login with php or if there is more better way bcz i was developing for tue startup which concerns more about the security. will this be enough for that ..?