로그인 case

1. 식별, 인증 동시

<?php
    $user_id = $_POST['id'];
    $user_pw = $_POST['pw'];
    $conn = mysqli_connect('localhost', 'admin', 'kisec123', 'MEMBER');
    $sql = "SELECT * FROM login where id='$user_id' and pw='$user_pw'"; //id와pw를 동시에 가져와 구문을 실행한다
    $res = mysqli_fetch_array(mysqli_query($conn,$sql));
    if($res){
        session_start();
        $_SESSION['user_id'] = $res['id'];
        $_SESSION['user_name'] = $res['name'];
        echo "<script>alert('Login Success!!');";
        echo "window.location.replace('home.php');</script>";
        exit;
    }
    else{
       echo "<script>alert('retry!!');";
       echo "window.location.replace('login2.php');</script>";
    }
?>

 

2. 식별, 인증 분리

<?php
    $user_id = $_POST['user_id'];
    $user_pw = $_POST['user_pw'];
    $conn= mysqli_connect('localhost', 'admin', 'kisec123', 'MEMBER');
    $sql = "SELECT pw FROM login where id='$user_id'";
    $res = mysqli_fetch_array(mysqli_query($conn,$sql));
    if($res['pw'] == $user_pw){
        session_start();
        $_SESSION['user_id'] = $res['id'];
        $_SESSION['user_name'] = $res['name'];
        echo "<script>alert('로그인에 성공했습니다!');";
        echo "window.location.replace('home.php');</script>";
        exit;
    }
    else{
       echo "<script>alert('아이디 혹은 비밀번호가 잘못되었습니다.');";
       echo "window.location.replace('login.php');</script>";
    }
?>

 

3. 식별, 인증 동시(해시)

<?php
    $user_id = $_POST['user_id'];
    $user_pw = $_POST['user_pw'];
    $conn = mysqli_connect('localhost', 'admin', 'kisec123', 'MEMBER');
    $sql = "SELECT * FROM login where id='$user_id' and pw=md5('$user_pw')"; // 비밀번호만 md5처리 해주면 된다(DB에 pw값도 md5로 받을 수 있게 해줘야 한다)
    $res = mysqli_fetch_array(mysqli_query($conn,$sql));
    if($res){
        session_start();
        $_SESSION['user_id'] = $res['id'];
        $_SESSION['user_name'] = $res['name'];
        echo "<script>alert('Welcome!!');";
        echo "window.location.replace('home.php');</script>";
        exit;
    }
    else{
       echo "<script>alert('invalid account!!');";
       echo "window.location.replace('login3.php');</script>";
    }
?>

 

4. 식별, 인증 분리(해시)

<?php
    $user_id = $_POST['user_id'];
    $user_pw = $_POST['user_pw'];
    $conn= mysqli_connect('localhost', 'admin', 'kisec123', 'MEMBER');
    $sql = "SELECT * FROM login where id='$user_id'";
    $res = mysqli_fetch_array(mysqli_query($conn,$sql));
    if($res['pw'] == md5($user_pw)){
        session_start();
        $_SESSION['user_id'] = $res['id'];
        $_SESSION['user_name'] = $res['name'];
        echo "<script>alert('Welcome!!');";
        echo "window.location.replace('home.php');</script>";
        exit;
    }
    else{
       echo "<script>alert('invalid account!!');";
       echo "window.location.replace('login4.php');</script>";
    }
?>

 

5. 식별, 인증 개행

<?php
    $user_id = $_POST['user_id'];
    $user_pw = $_POST['user_pw'];
    $conn = mysqli_connect('localhost', 'admin', 'kisec123', 'MEMBER');
    $sql = "SELECT * FROM login where id='$user_id' and
            pw='$user_pw'";
    $res = mysqli_fetch_array(mysqli_query($conn,$sql));
    if($res){
        session_start();
        $_SESSION['user_id'] = $res['id'];
        $_SESSION['user_name'] = $res['name'];
        echo "<script>alert('Welcome!!');";
        echo "window.location.replace('home.php');</script>";
        exit;
    }
    else{
       echo "<script>alert('incorrect id or password');";
       echo "window.location.replace('login5.php');</script>";
    }
?>