0

Normally I would just use basic PHP and MySQL and some simple CSS to style. However I like the look and feel of the Bootstrap framework and would like to incorporate it into my PHP, but am a relative newbie of where to begin. I would like to start with a simple hands-on example.

Using the code below, which is a simple login script using PHP and MySQL, which changes would I need to make in order to use Bootstrap.?

I have already downloaded the Bootstrap files..

<?php  
$connect = mysqli_connect("db location","username","password", "forks") or die(mysql_error()); 


if(isset($_COOKIE['ID_your_site'])){ //if there is, it logs you in and directes you to the members page
    $username = $_COOKIE['ID_site']; 
    $pass = $_COOKIE['Key_site'];
    $check = mysqli_query($conect, "SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

    while($info = mysqli_fetch_array( $check )){
        if ($pass != $info['password']){}
        else{
            header("Location: login.php");
        }
    }
 }

 //if the login form is submitted 
 if (isset($_POST['submit'])) {

    // makes sure they filled it in
    if(!$_POST['username']){
        die('You did not fill in a username.');
    }
    if(!$_POST['pass']){
        die('You did not fill in a password.');
    }

    // checks it against the database
    if (!get_magic_quotes_gpc()){
        $_POST['email'] = addslashes($_POST['email']);
    }

    $check = mysqli_query($conect, "SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

 //Gives error if user dosen't exist
 $check2 = mysqli_num_rows($check);
 if ($check2 == 0){
    die('That user does not exist in our database.<br /><br />If you think this is wrong <a href="login.php">try again</a>.');
}

while($info = mysqli_fetch_array( $check )){
    $_POST['pass'] = stripslashes($_POST['pass']);
    $info['password'] = stripslashes($info['password']);
    $_POST['pass'] = md5($_POST['pass']);

    //gives error if the password is wrong
    if ($_POST['pass'] != $info['password']){
        die('Incorrect password, please <a href="login.php">try again</a>.');
    }

    else{ // if login is ok then we add a cookie 
        $_POST['username'] = stripslashes($_POST['username']); 
        $hour = time() + 3600; 
        setcookie(ID_your_site, $_POST['username'], $hour); 
        setcookie(Key_your_site, $_POST['pass'], $hour);     

        //then redirect them to the members area 
        header("Location: members.php"); 
    }
}
}
else{
// if they are not logged in 
?>

 <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">  
 <table border="0">  
 <tr><td colspan=2><h1>Login</h1></td></tr>  
 <tr><td>Username:</td><td>  
 <input type="text" name="username" maxlength="40">  
 </td></tr>  
 <tr><td>Password:</td><td>  
 <input type="password" name="pass" maxlength="50">   
 </td></tr> 

 <tr><td colspan="2" align="right">  
 <input type="submit" name="submit" value="Login">  
 </td></tr>  
 </table>  
 </form> 

 <?php 
 }
 ?>

Any help would be appreciated.

Hongbin Wang
  • 1,186
  • 2
  • 14
  • 34
gentlebreeze
  • 31
  • 6
  • You really shouldn't use [MD5 password hashes](http://security.stackexchange.com/questions/19906/is-md5-considered-insecure) and you really should use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. Make sure that you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard May 05 '16 at 18:27
  • [Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard May 05 '16 at 18:27

1 Answers1

-3

Appart from the security problems inside your script you can check out: https://getbootstrap.com/examples/signin/

if you take a look at the source you'll see the familiar < form >

source:

<!-- here your php code -->
<!DOCTYPE html>
<html lang="en">
  <head>
    <title>Signin Template for Bootstrap</title>

    <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet">

  </head>

  <body>

    <div class="container">

      <form class="form-signin" action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
        <h2 class="form-signin-heading">Please sign in</h2>
        <label for="inputEmail" class="sr-only">Email address</label>
        <input type="email" id="inputEmail" class="form-control" placeholder="Email address" name="username" required autofocus>
        <label for="inputPassword" class="sr-only">Password</label>
        <input type="password" id="inputPassword" name="pass" class="form-control" placeholder="Password" required>
        <div class="checkbox">
          <label>
            <input type="checkbox" value="remember-me"> Remember me
          </label>
        </div>
        <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
      </form>

    </div>
  </body>
</html>
wodka
  • 1,320
  • 10
  • 20