First of all this is okay for learning the basics, but you have not added a note anywhere saying this will and should not be used in a real sittuation, because although you have striped slashes, you dont have enough security in there, include some salts and other hashing methods to sanitize the data.

Nicasus wrote It seems that you copied the majority of the code from a website.
[ Register or Signin to view external links. ]

Not even to mention that person explicitly says that he is having trouble with it (getting errors), and you think it's a good idea to use that code for a tutorial? The code you posted is full of errors and mistakes.

Few tips to improve this tutorial:

• It wouldn't hurt to have something about how to actually create a database. If someone needs a tutorial for a login then they probably don't know much about databases either.
  
• The password input field has the type "text" instead of "password". No one wants their password to be displayed on the screen as they enter it.
  
• mysql_* commands are soon to be deprecated, for good reasons. At least switch to mysqli_* commands for basic tutorials, but preferably to MySQLi OO or PDO. They also have good methods to sanitize inputs.
  
• Simply checking if a user has a username registered, with even an already deprecated function, is not good enough. On every page the login details should be run through the database to see if they actually exist or are still the same.

I suggest you look into PHP some more before posting tutorials. At least follow another tutorial and try it out to make sure it actually works.

Z61 wrote This is hardly a tutorial.

And this is hardly feedback. Next time, don't bother posting if you have nothing useful to say.

I actually didn't copy from the site you linked, it is alike but i wouldnt steal someone else's work and say its mine. And i mentioned above that i should of included mysqli instead of just MySql. Like i said this is one of my first tutorials so some things that should of been added didnt cross my mind

Database wrote First of all this is okay for learning the basics, but you have not added a note anywhere saying this will and should not be used in a real sittuation, because although you have striped slashes, you dont have enough security in there, include some salts and other hashing methods to sanitize the data.

Okay i will edit the post and add how to encrypt the password

GameDev14 wrote

Database wrote First of all this is okay for learning the basics, but you have not added a note anywhere saying this will and should not be used in a real sittuation, because although you have striped slashes, you dont have enough security in there, include some salts and other hashing methods to sanitize the data.

Okay i will edit the post and add how to encrypt the password

good job, and also dont do md5, that is crackable, use blowfish.

I thought this was important enough to write up. Here's how to generate a secure hash:salt. I hope I never see another md5() hash in the context of passwords ever again; it wasn't designed with security in mind. NOTE, password_hash is only available in PHP >=5.5.0



EDIT - Just for the hell of it, I had to run md5(/random_pass/) 5500 times before the server even registered the time taken. For you security geeks, that equates to 20,000,000 passwords/second. Stahp. Using. md5().

On the topic of password hashing, I found [ Register or Signin to view external links. ] recently and it's a great read, also has code.