Skip to Main Content
Forums

DevOps, CI/CD and Automation

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

PHP - Oracle Simple Login system

795487Sep 2 2010 — edited Nov 19 2010
Sounding like a broken record.... I'm very new at PHP and Oracle.

For a Uni course I need to be able to have some basic user management on a few pages I have. Sorta like an admin area.

I've been playing a little but I'm not having much success... And I can't find anything on the internet.. Everything is MySQL..

So I'll post my scripts, or or better still if any one would care to share an article on how to write a simple login system using ORACLE and PHP. or actually write one :) .. Knock yourself out. We have the ok from the teacher to use opensource or GPL scripts for this section of the assignment, but I just can't find any. And the rare couple I have found, are way over kill.

login.php

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Untitled Document</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>

<body>
<?php
if (isset($_GET['msg']) && $_GET['msg'] == 1) {
echo '<p><strong>Your username and/or password could not be matched to a valid user account</strong></p>';
}
?>
<form name="form1" method="post" action="checklogin.php">
<p>
<label>
User Name
<input type="text" name="username" id="user">
</label>
</p>
<p>
<label>
Password
<input type="password" name="password" id="password">
</label>
<label>
Remember Me:
<input type="checkbox" name="rememberme" value="1"><br>
</label>
<label>
<input type="submit" name="submit" id="button" value="Login">
</label>
</p>
</form>
</body>
</html>

checklogin.php
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Untitled Document</title>
</head>
<body>
<?php

// check to see if they are set before using them.
if (isset($_POST['username']) && isset($_POST['password'])) {


// Login
$dbuser="user";
$dbpass="pass";
$db="db";

// extract all the form fields and store them in variables
$username=$_POST['username'];
$password=$_POST['password'];
$remember=$_POST['remember'];

//Connect to DB
$connect = OCILogon($dbuser, $dbpass, $db);

if (!$connect) {
echo "An error has occured connecting to the database";
exit;
}

//
$query = "SELECT * from MEMBERS WHERE username='".$username."' and password='".$password."'";

//Store resultsof select query
$result = OCIParse($connect, $query);

//Just check
//$sql = OCIParse($connect, $query);
if(! $result) {
echo "An error occurred in parsing the sql string '$query'.\n";
exit;
}

$r = OCIExecute($result);

if(! $r) {
echo "An error occurred in executing the sql '$query'.\n";
exit;
}

/*
$tmpcount = OCIFetch($result);
// COunt Rows
//$Count = OCIRowCount($tmpcount);

if ($tmpcount==1){
*/

$count = OCIRowCount($result);

if ($count == 1) {
// the row returned must have username and password equal to those supplied
// in the form, or it wouldn't be returned.

if (isset($_POST['remember'])) {
/* Set cookie to last 1 year */
setcookie('username', $_POST['username'], time()+60*60*24*365, 'www.UNI.edu.au');
setcookie('security', md5($_POST['password']), time()+60*60*24*365, 'www.UNI.edu.au');

} else {
/* Cookie expires when browser closes */
setcookie('username', $_POST['username'], false, 'www.UNI.edu.au');
setcookie('security', md5($_POST['password']), false, 'www.UNI.edu.au');
}
header('Location: index.php');

} else {
//echo 'Username/Password Invalid';
header('Location: login.php?msg=1');
}

} else {
echo 'You must supply a username and password.';
}
//End Cookie script

?>
</body>
</html>

loginchecker.php
<?php
$loggedIn = false;
if (isset($_COOKIES['username']) && isset($_COOKIES['security'])) {
// Check Login
$dbuser="user";
$dbpass="pass";
$db="db";
//Connect to DB
$connect = OCILogon($dbuser, $dbpass, $db);
if (!$connect) {
echo "An error has occured connecting to the database";
exit;
}
//
$query = "SELECT password FROM MEMBERS WHERE username = '".$username."'";
//Store resultsof select query
$result = OCIParse($connect, $query);
//Just check
//$sql = OCIParse($connect, $query);
if(! $result) {
echo "An error occurred in parsing the sql string '$query'.\n";
exit;
}
$r = OCIExecute($result);
if(! $r) {
echo "An error occurred in executing the sql '$query'.\n";
exit;
}
$count = OCIRowCount($result);

if ($count == 1) {
$pass = "";
while ($row = oci_fetch_array($result)) {
$pass = $row[0];
}
$test = md5($pass);

if ($test == $_COOKIES['security']) {
// The password cookie equals the value stored in the database...
$loggedIn = true;
}
}
}
if (!$loggedIn) {
header("Location: {login.php}");
}
?>

Edited by: 792484 on 2/09/2010 08:34
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Dec 17 2010
Added on Sep 2 2010
#oracle, #php, #security, #web
3 comments
12,936 views