Scribd Logo
Upload

Welcome to Scribd!

  • 03 Authentication Example

    Uploaded by

    Dua Abu Hamdi
    16 views4 pages
    Authentication

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Authentication

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views4 pages

    03 Authentication Example

    Uploaded by

    Dua Abu Hamdi
    Authentication

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Web Programming and Security

    Authentication
    Page name: Reg.php

    <htm>

    <head>

    <title> Registration Page</title>

    </head>

    <body>

    <form method="post" action="Regp.php">

    <pre>

    First name: <input type="text" name="fname" placeholder="Enter first name"><br/>

    Last name: <input type="text" name="lname" placeholder="Enter last name"><br/>

    User Name: <input type="text" name="username" placeholder="Enter user name"><br/>

    Password: <input type="password" name="pass" placeholder="Enter password"><br/>

    Confirm Password: <input type="password" name="confpass" placeholder="Confirm


    Password"><br/>

    <input type="submit" name="btnReg" value="Register">

    </pre>

    </form>

    </body>

    </htm>
    Page name: Regp.php

    <?php

    $dbuser="root";
    $dbname="northwind";
    $spass="";
    $dbhost="localhost";
    $dbhandle=mysql_connect($dbhost,$dbuser,$spass) or die("Unable to connect to the
    database");

    $selected=mysql_select_db("northwind",$dbhandle);

    if(isset($_POST['username'])){

    $ffname=$_POST['fname'];
    $flname=$_POST['lname'];
    $fuser=$_POST['username'];
    $fpass=$_POST['pass'];
    $fconfpass=$_POST['confpass'];

    $query=mysql_query("SELECT * from registration where username='$fuser'");


    if(mysql_num_rows($query)>0){
    echo "User name allready exists <br />";
    echo "<input type='button' value='Try again' onclick='history.back(-1)'
    />";

    } else if ($fpass!=$fconfpass){
    echo "Paswords do not match<br />";
    echo "<input type='button' value='Try again' onclick='history.back(-1)'
    />";
    }
    else{

    $sfpass=password_hash("$fpass",PASSWORD_DEFAULT,["Cost"=>12]);
    mysql_query("INSERT INTO `Registration` (`username`, `firstname`,
    `lastname`, `password`) VALUES ('$fuser', '$ffname', '$flname', '$sfpass')");
    echo "Record has been added successfully";

    }
    ?>
    Page name: login.php
    <html>
    <head>
    <title> User Login</title>
    </head>
    <body>
    <form method="post" action="loginp.php">
    <pre>
    User Name: <input type="text" name="uname" placeholder="Enter user name"><br/>
    Password: <input type="password" name="upass" placeholder="Enter password"><br/>
    <input type="submit" name="btnReg" value="Register">
    </pre>
    </form>
    </body>
    </html>

    Page name: loginp.php

    <?php
    $servername="localhost";
    $username = "root";
    $password ="";
    $database = "northwind";
    $conn= mysqli_connect("$servername","$username","$password") or die ("could not connect to
    mysql");
    mysqli_select_db($conn, "northwind") or die ("no database");
    if(isset($_POST['username'])){
    $ffname=$_POST['fname'];
    $flname=$_POST['lname'];
    $fuser=$_POST['username'];
    $fpass=$_POST['pass'];
    $fconfpass=$_POST['confpass'];

    $sql=$sql="SELECT * from registration where username='$fuser'";


    $query=mysqli_query($conn, $sql) or die(mysqli_error($conn));
    if(mysqli_num_rows($query)>0){
    echo "User name allready exists <br />";
    echo "<input type='button' value='Try again' onclick='history.back(-1)' />";
    } else if ($fpass!=$fconfpass){
    echo "Paswords do not match<br />";
    echo "<input type='button' value='Try again' onclick='history.back(-1)' />";
    }
    else{
    $sfpass=password_hash("$fpass",PASSWORD_DEFAULT,["Cost"=>12]);
    $sql = "INSERT INTO `Registration` (`username`, `firstname`, `lastname`,`password`) VALUES ('$fuser',
    '$ffname', '$flname', '$sfpass')";
    $result=mysqli_query($conn, $sql) or die(mysqli_error($conn));
    echo "Record has been added successfully";
    }
    }
    ?>
    Page name: Page1.php

    <?php
    $dbuser="root";
    $dbname="northwind";
    $spass="";
    $dbhost="localhost";
    $dbhandle=mysql_connect($dbhost,$dbuser,$spass) or die("Unable to connect to the
    database");
    $selected=mysql_select_db("northwind",$dbhandle);
    if(isset($_COOKIE['user']) and isset($_COOKIE['passw'])){
    $fuser=$_COOKIE['user'];
    $fpass=$_COOKIE['passw'];
    $query=mysql_query("SELECT * from registration where username='$fuser' and
    password='$fpass'");
    if(mysql_num_rows($query)>0){
    while ($row = mysql_fetch_assoc($query)) {
    $storeduname=$row['username'];
    $storedpass=$row['password'];
    $fprog=$row['Program'];
    }
    echo "Welcome ".$storeduname. ". This is page 1.<br/>";
    echo "You belong to $fprog program.<br />";
    ini_set('session.cookie.httponly',true);
    session_start();
    $_SESSION['sessuser']=$_COOKIE['user'];
    echo "<br />";
    echo "<a href='page2.php'>Page2</a><br />";
    echo "<a href='page3.php'>Page3</a><br />";
    } else {
    header("location:login.php");
    }
    } else
    {
    header("location:login.php");
    }
    ?>

    You might also like