Ad

Friday, April 25, 2008

An Example of User Authentication System in PHP II

This is a short follow-up of the last post An Example of User Authentication System in PHP. In this post we’ll talk about the two methods of from sending GET and POST and how thy affect the way data sending

From the previous posts example, when we provided the username and password and clicked on submit, we saw something like this:

User Authentication Example in PHP


If you look at the address bar, you can see the data (username and password) being sent. Now, that’s not a good thing, if we are using a password box to hide the password being entered then what its use is if it can be seen this way!

The good thing is that with very few modifications, the data passed can be made invisible (not to appear on the address bar). How? By using POST method of data sending for the HTML form.

It can be done like below:


  <html>
  <head>
  <title>Simple Uesr Authentication System</title>
  </head>

  <body>
  <form name="form1" method="post" action="verify.php">
    <p>Uername
      <input name="user" type="text" id="user">
    </p>
    <p>Password
      <input name="pass" type="password" id="pass">
    </p>
    <p>
      <input type="submit" name="Submit" value="Submit">
    </p>
  </form>
  </body>
  </html>

As you cab see we’ve to change only one thing, just the method=”get” to method=”post”.

And for the PHP script, we’ve got to access the data from the $_POST [] array rather than from $_GET[].

The PHP script would look like this:


  <?php
  //define some constants
  define("USERNAME",  "goodjoe");
  define("PASSWORD",  "123456");
  define("REALNAME",  "Joe Burns");

  //have the data being passed
  $user=$_POST['user'];
  $pass=$_POST['pass'];

  //if username and password match
  if($user==USERNAME && $pass==PASSWORD)
  {
    echo "<h1>Hello ".REALNAME."</h1>";
    echo "<p>Nice to see you logging in again...</p>";
    echo "<p>USER: <i>".USERNAME."</i></p>";
  }
  //if not
  else
  {
    echo "<h1>Wrong username or password!</h1>";
  }
  ?>

That’s it, now if you try to log in to this page; the address bar would only show the name of the script as below:

User Authentication Example in PHP

This is because data is sent in another way which doesn’t need the address bar (URL) to contain the data string.

Related Articles:

No comments:

Post a Comment

You are free to comment anything, although you can comment as 'Anonymous' it is strongly recommended that you supply your name. Thank You.

Please don't use abusive language.