Jump to content
Please Use CODE Tags

Login Form Using HTML Continuation <html>

n.stewart
By n.stewart
in Programming
 Share
Go to solution Solved by wasab,

It generally goes like this. Your html form posts to a register rest endpoint. That rest endpoint is handle by a controller, whatever PHP code you wrote in your case, which then validates the input, i.e. check username and password do not already exists and valid, strong enough like 8 characters and so on and so on.

 

 

Later your php controller would hash the password. Use a third party crypto library for this purpose. Bcrypt is a popular one. Then you store the username and the hash password into a database. Let's say you use MySQL in this example. You write a SQL query and then import the mysql library in your php handler code to directly interface with the database server which is probably listening on port 3306. (Check out MySQL driver for php). Assuming you already created a table and schema, you simply insert the username and the password hash into user table. 

 

When user login, you would have a separate controller for the login endpoint. Your php code would parse the input, grab the user credentials and password in this case and use the same bcrypt library to hash it and compare it against the database to see if it has a match. If it does then the password and username is correct and you can then create an authenticated php session and return that within your restful response(it is usually set in the cookie). 

 

That is basically the high level overview. 

 

Edit: You actually do not need to import anything; PHP has many of these as built-in functions already. check out the link below or better yet, the official documentation. also note that php stores the sessions in a temp file on disk by default but in real world, you can and should store this into a database instead. This can be set in the php.ini config file. 

How To Create A Login Page In PHP Using Sessions | Robots.net

 

If you use a web framework like Laravel, they will have this model-view-controller setup, which abstracts away a lot of the lower-level details and boilerplate code for you. You don't even need to write SQL queries or deal with password hashing manually for the most part.

 

Php is also usually used alongside an open source server application like apache and nginx btw and on a Linux/unix operating system. You can do it on windows as well but I wouldn't recommend it, unless you wish to torture yourself. Check out php-fpm and how to set it up for your particular environment. 

 

these videos go over my favorite setup which is basically nginx + php-fpm listening on a unix socket 

 

 

Posted

I have given myself a challenge after deciding I wanted to create a website for automotive information and testing for my dealer group. Simple enough that I want to write and provide this information by choosing any of the website building tools however I have chosen to write the code create the website, sql database and design it. I've made it far enough to create the login page and have it look acceptable using .css. 

 

My question here is can any point me to a resource that explains the process of securely storing the login information and how to do so. It has been a long time since I have done anything like this but thought it may be a rewarding project. I have designed the login form using HTML, unsure if that was a good or bad idea. I have found some login pages being designed with php in mind however I cannot find a resource where I can actually learn how the login information is entered into a database and securely stored. 

 

Thanks for reading

- I lost my old account login information which is disappointing so YAY first post. 

 

 

Currently nothing happens when you press Submit. The idea is I provide the account information to limit access to all the information.

 

Screen Shot 2025-04-29 at 4.41.48 PM.png

Link to comment
https://linustechtips.com/topic/1610455-login-form-using-html-continuation/
Share on other sites
Link to post
Share on other sites
Posted
  • Solution

It generally goes like this. Your html form posts to a register rest endpoint. That rest endpoint is handle by a controller, whatever PHP code you wrote in your case, which then validates the input, i.e. check username and password do not already exists and valid, strong enough like 8 characters and so on and so on.

 

 

Later your php controller would hash the password. Use a third party crypto library for this purpose. Bcrypt is a popular one. Then you store the username and the hash password into a database. Let's say you use MySQL in this example. You write a SQL query and then import the mysql library in your php handler code to directly interface with the database server which is probably listening on port 3306. (Check out MySQL driver for php). Assuming you already created a table and schema, you simply insert the username and the password hash into user table. 

 

When user login, you would have a separate controller for the login endpoint. Your php code would parse the input, grab the user credentials and password in this case and use the same bcrypt library to hash it and compare it against the database to see if it has a match. If it does then the password and username is correct and you can then create an authenticated php session and return that within your restful response(it is usually set in the cookie). 

 

That is basically the high level overview. 

 

Edit: You actually do not need to import anything; PHP has many of these as built-in functions already. check out the link below or better yet, the official documentation. also note that php stores the sessions in a temp file on disk by default but in real world, you can and should store this into a database instead. This can be set in the php.ini config file. 

How To Create A Login Page In PHP Using Sessions | Robots.net

 

If you use a web framework like Laravel, they will have this model-view-controller setup, which abstracts away a lot of the lower-level details and boilerplate code for you. You don't even need to write SQL queries or deal with password hashing manually for the most part.

 

Php is also usually used alongside an open source server application like apache and nginx btw and on a Linux/unix operating system. You can do it on windows as well but I wouldn't recommend it, unless you wish to torture yourself. Check out php-fpm and how to set it up for your particular environment. 

 

these videos go over my favorite setup which is basically nginx + php-fpm listening on a unix socket 

 

 

Sudo make me a sandwich 

Link to post
Share on other sites
Posted

If the application is meant to be access on a domain you have an easier alternative which is not having a login screen at all and use windows authentication. Assign a domain groups to the read/write permission on Apache/IIS. Then it's only a matter to add/remove AD user to the group to give or remove access. User don't need password it's not a SSO. 

Link to post
Share on other sites
  • 2 weeks later...
Posted

This might be a bit late, but I would also like to mention that PHP does have a built-in web server so you won't have to deal with Linux or any of the nginx/apache config if you just want to do a quick test run. However, this is for strictly development purposes. For an actual production environment, you will want to use the PHP FPM so everything is secured, scalable, and performant. 

 

PHP: Built-in web server - Manual

Sudo make me a sandwich 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programming

×