Hello need help. I have a file with the authorization form and it looks like this.

<form id="login" method="post" action="login.php"> <a href="#" id="flipToRecover" class="flipLink">Забыли?</a> <input type="text" name="loginEmail" id="loginEmail" value="Email" /> <input type="password" name="loginPass" id="loginPass" value="pass" /> <input type="submit" name="submit" value="Login" /> </form> 

The question is, did I attach the php login.php file?

And the second question. There is a file login.php

 // Страница авторизации # Функция для генерации случайной строки function generateCode($length=6) { $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHI JKLMNOPRQSTUVWXYZ0123456789"; $code = ""; $clen = strlen($chars) - 1; while (strlen($code) < $length) { $code .= $chars[mt_rand(0,$clen)]; } return $code; } # Соединямся с БД mysql_connect("localhost", "mysql_user", "mysql_password"); mysql_select_db("testsite"); if(isset($_POST['submit'])) { # Вытаскиваем из БД запись, у которой логин равняеться введенному $query = mysql_query("SELECT user_id, user_password FROM users WHERE user_login='".mysql_real_escape_string($_POST['login'])."' LIMIT 1"); $data = mysql_fetch_assoc($query); # Сравниваем пароли if($data['user_password'] === md5(md5($_POST['password']))) { # Генерируем случайное число и шифруем его $hash = md5(generateCode(10)); # Записываем в БД новый хеш авторизации и IP mysql_query("UPDATE users SET user_hash='".$hash."' ".$insip." WHERE user_id='".$data['user_id']."'"); # Ставим куки setcookie("id", $data['user_id'], time()+60*60*24*30); setcookie("hash", $hash, time()+60*60*24*30); # Переадресовываем браузер на страницу проверки нашего скрипта header("Location: check.php"); exit(); } else { print "Вы ввели неправильный логин/пароль"; } } 

Is everything written correctly? While just learning.

  • @Сякаа, To format the code, select it with the mouse and click on the button 101010 of the editor. - Sergiks
  • Good. Thank. Sorry - Syaskaa
  • @ Syakaa not quite understand what the question is? or do you just brag about the code? :) - Vitalii Maslianok
  • ha ha ha) No)) It's just that I relatively recently have been learning such a great thing as programming. And so the question arose. Is there a php code how to connect it to that form? Somewhere I read that you just need to add the line <form id = "login" method = "post" action = "login.php"> And I laid out the php code to say if it was written correctly, if not - what you need to fix. Regards - Syasaa

1 answer 1

Found a few flaws and one mistake.

  • If you do not have javascript connected to the form, the use of id = "login" and other id is not necessary, rather superfluous;
  • The name of the fields in html must match with the key of the $ _POST ['key'] array in PHP.


  • The variables $_POST['login'] и $_POST['password'] will be empty, that is, they are equal to False, since you have other names in html form;
  • The generateCode function can be replaced by $hash = md5(microtime()); или rand()... $hash = md5(microtime()); или rand()...
  • Using double MD5, possible error `if ($ data ['user_password'] === md5 (md5 ($ _ POST ['password'])))
  • It is better to calculate immediately than to give an extra load to the script. The load will not be noticeable, but all the same (This is so carping) setcookie("hash", $hash, time()+60*60*24*30);
  • Using exit in the header("Location: check.php"); exit(); fragment header("Location: check.php"); exit(); header("Location: check.php"); exit(); - pointless;
  • It is better to use the echo statement for text output than print. By optimizing echo faster;
  • Use conditions such as you are not very comfortable. It is better to use this:

     if(empty($_POST['submit'])) exit("Вы ввели неправильный логин/пароль"); // дальше код $query = mysql_query... 
  • Thank you!) - Syasaa
  • Contact =) - Node_pro