One of the most essential things to get right on a website, is the login page. If your visitors can have accounts on your site, like for some type of social network, or commenting system, you want them to be able to reliably log on.
The first step is confirming that a user name and password is correct. Simply by running a query to the database that contains the users' id and password. The most secure way to run the query is by asking specifically for records that have both the user id and password that's been provided using a single WHERE statement with an AND option. If a record is found, then the login has obviously been successful.
If it hadn't, it might be because the password is incorrect, or the user doesn't even exist. One could just put out a single error message for both conditions, which is easier (and in my opinion more secure), or they could put out two separate error messages, one for each condition. This can be done by checking if the user exists in the database through a simple SQL statement. "SELECT id FROM users WHERE id='".$id."'"
If a record is found, the user exists, but the password was wrong. If nothing is found, the user doesn't exist.
And once the user logs in, they can be given access to more areas of the site, including any personal information. Which we're not doing here. Apparently, all we're doing is displaying the user's name and email. Which isn't really helpful. But look! It can be done!
The raw SQL query file used to set up the user database.Please log in
Enter your login ID and password to connect to this system
Please wait after pressing Log in
while we retrieve your records from our database.
(This may take a few moments)
