mysql php html login user database hidden code

Posted on 2013-09-23
Medium Priority
Last Modified: 2013-10-06
My question is a bit theory than asking for code. I created this website using html. I don’t like using other peoples code, plugins. I want to create a table in sql with user names and passwords. Then force people to logon.

The code that deals with MY connection to the database has to be hidden from the user for obvious reasons. Conceptually how would i do that?
Question by:Roodona
LVL 58

Accepted Solution

Gary earned 1800 total points
ID: 39515506
Nothing wrong with using other people's code - we all do it!

Conceptually you need your database as you realise, then you have a FORM where the visitor can enter their username and password
When they click submit they are passed to another page that gets the username and password and does a select against the db with that data. If nothing is returned then the user doesn't exist, if you get the row with that data back then they do exist and you can 'log them in'
That is just the basics - there is a lot more to it like sanitizing your data, encrypting your passwords, how to store the user state etc

You don't need to worry about your db connection - it is written in PHP and will never be seen by the user.
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39515509
Create an include file which is stored in a folder structure not publicly accessible.

For example d:\apache\htdocs\example.com you could store as d:\includes\dbconnect.php

Instead of ...
 // Connects to Our Database 
 mysql_connect("your.hostaddress.com", "username", "password") or die(mysql_error()); 
 mysql_select_db("Database_Name") or die(mysql_error()); 

Open in new window

You'd just include this line:

 //MySQL Database Connect
 include '/includes/dbconnect.php'; 

Open in new window

Or you'd provide default credentials in your php.ini file, which is also stored in a folder not publicly accessible.


Then you'd just use:
mysql_connect() or die(mysql_error()); 
mysql_select_db("Database_Name") or die(mysql_error()); 

Open in new window

LVL 53

Expert Comment

ID: 39515646
Generally you just put the file with the connect function in a folder above the root, so it is not accessible from the browser then you just include the connect in page where you will need to access the db.

This is a basic login form that you should be able to customize for your requirements.

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 200 total points
ID: 39515924
Every web site that does this (correctly) follows the same general design.  This article explains how it's done, complete with code samples.

The "Login" article is rather old, and today you would choose the MySQLi or PDO extension to access the data base.  This article maps the extensions showing how to accomplish the conversion from procedural MySQL to a newer extension.  In my experience the easiest conversion for existing MySQL code is the MySQLi object-oriented code.

And if you're new to PHP, this article will point you to some good learning resources.

Author Comment

ID: 39520841
   Just a update I’m currently working on all of your recommendations. Thanks for your responses it has been so helpful!!

Author Closing Comment

ID: 39551093
Everyone had great input and I much appreciate your help. Thank you so much for your time!

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This holiday season, we’re giving away the gift of knowledge—tech knowledge, that is. Keep reading to see what hacks, tips, and trends we have wrapped and waiting for you under the tree.
The viewer will learn how to count occurrences of each item in an array.
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question