اسکریپت صفحه لاگین

اسکریپت صفحه لاگین در php

//================================================ db.php
<?php
    $DB_hostname = "hostname";
    $DB_user = "username";
    $DB_password = "password";
    $DB_name = "dbname";
 
    $DB_link =mysqli_connect($DB_hostname,$DB_user,$DB_password,$DB_name)
    or die ("error : can't connect database !!");
 
    mysqli_set_charset($DB_link, 'utf8');
?>
 
 
//================================================ login.php
<?php
include("db.php");
session_start();
header('Content-type: text/html; charset=utf-8');
 
if($_SERVER["REQUEST_METHOD"] == "POST")
{
    $myusername=mysqli_real_escape_string($DB_link, $_POST['username']);
    $mypassword=mysqli_real_escape_string($DB_link, $_POST['password']);
 
    // to validate username (length between 5 and 20) (contaning characters A-Z or a-z or _)
    if (!preg_match('/^\w{5,20}$/', $myusername)){
        echo '<B><FONT SIZE="4" COLOR="#FF0000">error: bad username</FONT></B>';    
    }
    else{
    // to encrypt login password, also password stored in database is encrypted.
    $md5_password = md5($mypassword);
 
    $sql="SELECT * FROM user_tb WHERE login='$myusername' and password='$md5_password'";
    $result=mysqli_query($DB_link, $sql);
    $row=mysqli_fetch_array($result);
    $count=mysqli_num_rows($result);
 
    if($count==1)
        {
        $_SESSION['login_user']= $myusername;
        $_SESSION['login_name']= $row['name'];
        header("location: index.php");
        }
    else
        {
        echo '<B><FONT SIZE="4" COLOR="#FF0000">incorrect login or password </FONT></B>';
        }
    }
}
 
?>
<form action="" method="post">
<label>user login :</label><input type="text" name="username"/><br>
<label>Password :</label><input type="password" name="password"/><br>
<input type="submit" value=" Submit "/><br>
</form>
 
 
//================================================ logout.php
<?php
session_start();
if(session_destroy())
    header("Location: login.php");
?>
 
 
//================================================ index.php
<?php
session_start();
header('Content-type: text/html; charset=utf-8');
 
$S_login_user    =    $_SESSION['login_user'];
$S_login_name    =    $_SESSION['login_name'];
 
if(!isset($S_login_user))
    header("Location: login.php");
 
?>
<body>
    <h1>Welcome :<?php echo $S_login_name; ?></h1>
    <A HREF="logout.php">logout</A>
</body>