Here is the login system to which the secure login is to be implemented/
main_login.php
<form name="form1" method="post" action="checklogin.php">
Username:<input name="myusername" type="text" id="myusername" /> <br />
Password:<input name="mypassword" type="password" id="mypassword" />
<input type="submit" name="Submit" value="Login" />
</form>
Checklogin.php
<?php
ob_start();
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="cosmos"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
login_success.php
<?php
session_start();
if(isset($_SESSION['username']) && ($_SESSION['username'] == $myusername)){
header("location:main_login.php");
}
?>
<html>
<body>
Login Successful. <a href="logout.php">Logout</a>
</body>
</html>
logout.php
<?php
session_destroy();
header("location:main_login.php");
?>
the problem is that I want to make this secure login by password encryption or any other method (if any). I am beginner to PHP
Encryption of the password: To generate a hash from the string, we use the password_hash() function. The password_hash() function creates a new password hash of the string using one of the available hashing algorithm.
In the past PHP relied on mcrypt and openssl for secret key encryption. PHP 7.2 introduced Sodium, which is more modern and widely considered more secure. If you're running an older version of PHP you can install Sodium via The PHP Extension Community Library aka PECL.
PHP can assist you in this with several extensions, such as OpenSSL and Sodium, covering a wide variety of encryption algorithms. The script encrypts the data before inserting it into the database, and decrypts it when retrieving. See the references for further examples of how encryption works.
You can encrypt the password to a degree with md5. You would need to md5 the password from when the user signs up and before the login md5....
Example:
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$mypassword = md5($mypassword);
You would also need to use this whenever you have a user sign up.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With