Home/ Questions/Q 8032911
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T01:32:05+00:00

I want to code a login script where a user enters the email id

  • 0

I want to code a login script where a user enters the email id and password and is taken to another page if both email and password are correct.
Also if the email and password are correct; the values get stored in DB.

Here’s the entire corrected-working-code:

    <?php
    if($_POST['submit']){
        $email = protect($_POST['email']);
        $password = protect($_POST['password']);
        $md5password=MD5($password);

        if(!$email || !$password){
            echo '<span style="color: red;" /><center>You need to fill in your <b>User Name</b> and <b>Password</b>!</center></span>';
        }else{
            $res = mysql_query("SELECT * FROM `employer` WHERE `email` = '".$email."'");
            $num = mysql_num_rows($res);

            if($num == 0){
                echo '<span style="color: red;" /><center>The <b>E Mail ID</b> you supplied does not exist!</center></span>';
            }else{
            $res = mysql_query("SELECT * FROM `employer` WHERE `email` = '".$email."' AND `password` = '".$md5password."'");
            $num = mysql_num_rows($res);

            if($num == 0){
                echo '<span style="color: red;" /><center>The <b>Password</b> you supplied does not match the one for that E Mail ID!</center></span>';}else{
                $row = mysql_fetch_assoc($res);

                $_SESSION['uid'] = $row['id'];
                echo "<center>You have successfully logged in!</center>";

                $time = date('U')+50;
                mysql_query("UPDATE `employer` SET `online` = '".$time."' WHERE `id` = '".$_SESSION['uid']."'");
                mysql_query("UPDATE employer (date) VALUES (NOW())");

                header('Location: loggedin_employer.php');
                }
            }
        }
    }
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There’s a tutorial here and several dozen other places.

    But before you view that tutorial, check out the OWASP Authentication cheat sheet.

    Too many people build insecure systems. Don’t be one of those guys. OWASP is an excellent resource that all web developers should be intimately familiar with.

    And while you’re at it, you might want to consider Jeff Atwood’s excellent advice.

    Excerpt from Jeff’s article:

    It always pained me greatly that every rinky-dink website on the
    entire internet demanded that I create a special username and password
    just for them. Yes, if you’re an alpha geek, then you probably use a
    combination of special software and USB key from your utility belt to
    generate secure usernames and passwords for the dozens of websites you
    frequent. But for the vast, silent majority of normals, who know
    nothing of security but desire convenience above all, this means one
    thing: using the same username and password over and over. And it’s
    probably a simple password, too.

    Jeff also has another nice article on OpenId worth reading before embarking on your quest.

    And finally, and probably most importantly, Don’t Store Your Passwords Incorrectly! Given that most people use the same username/password everywhere, if YOUR site gets compromised, then ALL of their accounts could potentially be compromised.

    enter image description here

    • 0