how to login using salt hash password and logout php mysql

5
12703

Overview

-signup form using salt hash sha256 for password encryption
-login verification for salt hash sha256 for password encryption
-login and logout button in dummy site
-after login make SESSION variable for show welcome guest or login user name
-Show logout button when user logged in+logout page and show/hide signup and logout button when required

login.php snippet code :

   <form name="loginform" action="login_nextpage.php" method="get">
<input type="text" name="username" placeholder="enter username" 
value="<?php if(isset($_COOKIE['username'])) echo $_COOKIE['username']; ?>" required>
<input type="password" id="passwordID" name="password" placeholder="enter password" 
value="<?php if(isset($_COOKIE['password'])) echo $_COOKIE['password']; ?>" required>
 <div class="checkbox">
 <input name="remember" id="remember" type="checkbox" 
<?php if(isset($_COOKIE['username'])){echo "checked='checked'"; } ?> value="1">
                                    <label for="remember">
                                        Remember Me
                                    </label>
                                </div>
<input type="submit" value="Login">
</form>

 

login_nextpage.php snippet code :

<?php
$usernameVal=$_REQUEST["username"];
//$passwordVAl=$_REQUEST["password"];

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "userstest_db";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 
else
{

     $escapedPW = mysqli_real_escape_string($conn,$_REQUEST['password']);

     //save this user and pass as cookie if remeber checked start
 if (isset($_REQUEST['remember']))
   $escapedRemember = mysqli_real_escape_string($conn,$_REQUEST['remember']);

 $cookie_time = 60 * 60 * 24 * 30; // 30 days
  $cookie_time_Onset=$cookie_time+ time();
  if (isset($escapedRemember)) {
    /*
     * Set Cookie from here for one hour
     * */
    setcookie("username", $usernameVal, $cookie_time_Onset);
    setcookie("password", $escapedPW, $cookie_time_Onset);  

  } else {

      $cookie_time_fromOffset=time() -$cookie_time;
setcookie("username", '',$cookie_time_fromOffset );
    setcookie("password", '', $cookie_time_fromOffset);  

  }
  //save this user and pass as cookie if remember checked end
     
//now check user and pass verification
 $query = "select * from user where username = '$usernameVal';";
 
     $resultSet = mysqli_query($conn,$query);

                           if(@mysqli_num_rows($resultSet) > 0){
                           //check noraml user salt and pass
                           //echo "noraml";
                            
 $saltQuery = "select salt from user where username = '$usernameVal';";
$result = mysqli_query($conn,$saltQuery);
$row = mysqli_fetch_assoc($result);
$salt = $row['salt'];

$saltedPW =  $escapedPW . $salt;

$hashedPW = hash('sha256', $saltedPW);

 $query = "select * from user where username = '$usernameVal' 
and password = '$hashedPW' ";
                        
                            $resultSet = mysqli_query($conn,$query);

                           if(@mysqli_num_rows($resultSet) > 0){
                               $row = mysqli_fetch_assoc($resultSet);
                               echo "your username and  password is corrent";
                               session_start();
                               $_SESSION["user_id"]=$row["user_id"];
                               $_SESSION["user_name"]=$row["username"];
header("location:index.php");
}
else
{
echo "your username or password is incorrect";
}

}
     
}
?>

signout.php snippet code :

<?php 
session_start();
$_SESSION["user_id"]="";
$_SESSION["user_name"]="";
header("location:index.php");
?>

index.php header menu snippet code :

    <ul class="nav navbar-nav navbar-right">
                 <?php            
 if(isset($_SESSION['user_name']) && !empty($_SESSION['user_name']) ){
    //if(1){ 
     ?>
     <style>
     #signupID
     {
         display:none;
     }
     #loginID
     {
         display:none;
     } 
     </style>
    <?php } else{ ?>
    <style>
     #signoutID
     {
         display:none;
     }
     </style>
     <?php } //else end of if(isset($_SESSION['user_name'])....?>
                     <li>
                        <a class="page-scroll" href="">Welcome : 
                        <?php            
         if(isset($_SESSION["user_name"]) &&!empty($_SESSION["user_name"]))
                            echo $_SESSION["user_name"];
                        else
                            echo "Guest";
                        ?>
                        </a>
                    </li>                           
                   <li>
                        <a class="page-scroll" href="#about">About</a>
                    </li>
                    <li>
                        <a class="page-scroll" href="#services">Services</a>
                    </li>
                 <li>
                        <a class="page-scroll" id="signoutID" href="signout.php">
<span class="fa fa-sign-out"></span> Signout</a>
                    </li> 
                   <li>
                        <a class="page-scroll" id="loginID" href="login.php">
<span class="fa fa-sign-in"></span> Login</a>
                    </li>
                     <li>
                        <a class="page-scroll" id="signupID" href="signup.php">
<span class="fa fa-user"></span> Sign Up</a>
                    </li>
                </ul>