Create a simple Password-based authentication using php and mysql

Login authentication is a process of verifying the identity of a user who is trying to access a system or an application. It involves validating the user's credentials such as username and password, and determining whether the user is authorized to access the system or application.

step-by-step guide to creating an authentication system using PHP and MySQL:

Step 1: Setting up the database

First, create a MySQL database and table to store user login information. The table should have at least the following ddl:

CREATE TABLE users (
  id INT PRIMARY KEY AUTO_INCREMENT,
  username VARCHAR(255) NOT NULL UNIQUE,
  password VARCHAR(255) NOT NULL,
  email VARCHAR(255) NOT NULL UNIQUE,
  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
  updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
);

In this script, we create a table named "users" with the following columns:

id: a unique identifier for each user (integer type)
username: the user's chosen username (string type, not null, and unique)
password: the user's password (string type, not null)
email: the user's email address (string type, not null, and unique)
created_at: the date and time when the user was created (timestamp type, default value is the current timestamp)

updated_at: the date and time when the user was last updated (timestamp type, default value is the current timestamp and automatically updated on any update)

Step 2: Creating the login form

Create a login form in HTML that will be used to submit the username and password to the PHP script. The form should have two input fields, one for the username and one for the password.

Step 3: Writing the PHP code for authentication

Create a PHP script that will handle the form submission and authenticate the user. The script should do the following:

<?php
<!DOCTYPE html>
<html>
<head>
    <title>Login</title>
</head>
<body>
    <h1>Login</h1>
    <form method="POST">
        <label>Username:</label>
        <input type="text" name="username" required>
        <br>
        <label>Password:</label>
        <input type="password" name="password" required>
        <br>
        <input type="submit" name="submit" value="Login">
    </form>
</body>
</html>

Retrieve the username and password from the form submission

Query the database to see if the username and password match any records in the user table

If there is a match, create a session for the user and redirect them to a page that requires authentication. If there is no match, display an error message.

Here is an example of what the PHP code might look like:

<?php
session_start();

if(isset($_POST['submit'])) {
    $db_host = "localhost"; // database host
    $db_user = "your_db_username"; // database username
    $db_pass = "your_db_password"; // database password
    $db_name = "your_db_name"; // database name
    
    $conn = mysqli_connect($db_host, $db_user, $db_pass, $db_name);

    if(!$conn) {
        die("Connection failed: " . mysqli_connect_error());
    }
    
    $username = mysqli_real_escape_string($conn, $_POST['username']);
    $password = mysqli_real_escape_string($conn, $_POST['password']);
    
    $sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
    $result = mysqli_query($conn, $sql);
    
    if(mysqli_num_rows($result) == 1) {
        $row = mysqli_fetch_assoc($result);
        $_SESSION['username'] = $row['username'];
        header("Location: dashboard.php"); // replace dashboard.php with your desired page after login
        exit();
    } else {
        echo "Invalid username or password.";
    }
}

Step 4: Creating an authenticated page

Create a page that requires authentication, such as a dashboard or profile page. This page should check for the existence of a session variable and redirect the user to the login page if the session variable is not set.

Here is an example of what the authenticated page might look like:

<?php
session_start();

if(!isset($_SESSION['username'])) {
    header("Location: login.php"); // replace login.php with your login page
    exit();
}
?>

<!DOCTYPE html>
<html>
<head>
    <title>Dashboard</title>
</head>
<body>
    <h1>Welcome, <?php echo $_SESSION['username']; ?>!</h1>
    <p>This is your dashboard.</p>
    <a href="logout.php">Logout</a> <!-- replace logout.php with your logout page -->
</body>
</html>

That's it! With these steps, you should have a working authentication system using PHP and MySQL.

Step 5: Create More Secure using bcrypt to encrypt the password

If you are using bcrypt encryption for passwords, you will need to modify the PHP code to verify the hashed password instead of comparing the plaintext password.

Here's an example of how you can modify the PHP code:

<?php
session_start();

if(isset($_POST['submit'])) {
    $db_host = "localhost"; // database host
    $db_user = "your_db_username"; // database username
    $db_pass = "your_db_password"; // database password
    $db_name = "your_db_name"; // database name
    
    $conn = mysqli_connect($db_host, $db_user, $db_pass, $db_name);

    if(!$conn) {
        die("Connection failed: " . mysqli_connect_error());
    }
    
    $username = mysqli_real_escape_string($conn, $_POST['username']);
    $password = mysqli_real_escape_string($conn, $_POST['password']);
    
    $sql = "SELECT * FROM users WHERE username = '$username'";
    $result = mysqli_query($conn, $sql);
    
    if(mysqli_num_rows($result) == 1) {
        $row = mysqli_fetch_assoc($result);
        if(password_verify($password, $row['password'])) {
            $_SESSION['username'] = $row['username'];
            header("Location: dashboard.php"); // replace dashboard.php with your desired page after login
            exit();
        } else {
            echo "Invalid username or password.";
        }
    } else {
        echo "Invalid username or password.";
    }
}

In this modified PHP code, the password_verify function is used to verify the hashed password stored in the database against the plaintext password entered by the user. If the verification is successful, the user is authenticated and a session is created.

Note that in this example, the hashed password is assumed to be stored in the database in the 'password' field. If your field name is different, you will need to modify the query and the code that fetches the user record accordingly.

Also, it's important to note that bcrypt hashing is one of the most secure ways to store passwords, but it's still important to follow best practices such as using strong passwords, hashing and salting passwords properly, and protecting against SQL injection attacks.

Happy Coding!!!

Membersihkan cache dan dalvik-cache menggunakan link2sd

Mungkin banyak yang menanyakan kenapa internalnya selalu berkurang free space nya. Padahal tidak menginstall applikasi baru. Hanya melakukan aktifitas normal. Dan sampai pada waktunya, internal memory low dan tidak bisa menambah aplikasi baru lagi. Ada kemungkinan file cache dari sebuah aplikasi atau dalvik yang dibuat oleh OS android sudah mulai membengkak. Sehingga perlu di bersihkan secara manual supaya tersedia penyimpanan kosong yang banyak. Sebelum mengetahui cara membersihkan cache dan dalvik cache, kita kupas sekilas apa itu cache dan dalvik cache. Cache adalah sebuah data file sementara yang di hasilkan oleh sebuah applikasi guna mempercepat pemrosesan dimasa yang akan datang (Cache Wikipedia) . Dalvik-cache adalah ruang kosong sementara yang di pake oleh java virtual machine untuk menjalankan aplikasi android (Dalvik Wikipedia) .

Baca selengkapnya

Celoteh Android, IT, Dan Kemanan Siber

Cari Blog Ini