PHP login page
- Thread starter ivica178
- Start date
LHVWB
New Member
- Messages
- 1,308
- Reaction score
- 0
- Points
- 0
You should store the password and user name in a mysql database.
If you have little experience with PHP then I recommend you either
A quick search on google found these tutorials.
Here is a simple example.
To run it you will have to use cpanel to create a mysql user, a mysql database and then you will have to go into phpmyadmin and add a table called user_table, to this you will then have to add two rows called 'username' and 'password'. Add an entry with phpmyadmin and your script should work. Good luck!
Here's how the script should work (password and username are test).
Note: There are many other ways of creating a login system and this doesn't use cookies so it won't be stored.
If you have little experience with PHP then I recommend you either
- Learn a bit in a tutorial, here's a good one.
- Or install one of the applications such as a forum that creates a login system.
A quick search on google found these tutorials.
- http://www.trap17.com/forums/php-simple-login-tutorial-t7887.html
- http://www.weberdev.com/get_example-3927.html
Here is a simple example.
To run it you will have to use cpanel to create a mysql user, a mysql database and then you will have to go into phpmyadmin and add a table called user_table, to this you will then have to add two rows called 'username' and 'password'. Add an entry with phpmyadmin and your script should work. Good luck!
HTML:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Simple Login Program</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?php
// Get username and password.
$username = $_POST['username'];
$password = $_POST['password'];
$user_logged_in = false;
// Access MySQL.
mysql_connect("localhost", mysql_username, mysql_password);
// Select the database
mysql_select_db(mysql_database name);
// Get all the entries in the table that have the correct username
$mysql_result = mysql_query("SELECT * FROM user_table WHERE username = '$username';");
// If there is a result from the mysql query.
if ($mysql_result && mysql_num_rows($mysql_result))
{
// Itterate through the database table.
while ($row = mysql_fetch_assoc($mysql_result))
{
// If the current username in the database matches the username sent
// and the password then set $user_logged_in as true.
if($row['password'] == $password)
{
$user_logged_in = true;
}
}
}
// Say hello if the user is logged in.
if($user_logged_in)
{
echo("Hello ".$username.", You are logged into this wonderful site.");
}
// Only show login form if the user is not logged in.
else
{
?>
<form action="test.php" method="post">
Password: <input type="text" name="username" ></input><br>
Username: <input type="password" name="password" ></input><br>
<input type="submit" value="Login"></input>
</form>
<?php
}
?>
</body>
</html>Here's how the script should work (password and username are test).
Note: There are many other ways of creating a login system and this doesn't use cookies so it won't be stored.
Last edited:
bugfinder
Retired
- Messages
- 2,260
- Reaction score
- 0
- Points
- 0
Other than you could probably use a little better error checking thats a pretty good example of a login page.
Things you should consider adding, db connection checking, as well as checking for mysql hacks (eg putting "; drop .." type comments in.
Things you should consider adding, db connection checking, as well as checking for mysql hacks (eg putting "; drop .." type comments in.
tittat
Active Member
- Messages
- 2,478
- Reaction score
- 1
- Points
- 38
i will recomend you to use a CMS like e107.
http://e107.org
Any help for installing will be provided by me if required.Post back here.
http://e107.org
Any help for installing will be provided by me if required.Post back here.
Last edited:
Hazirak
New Member
- Messages
- 197
- Reaction score
- 0
- Points
- 0
Along with using MySQL, you could also consider using PHP's crypt() function to perform one-way encryption on the password before it's stored.
Wait a minute - one-way? What's the point of encryption if there's no way to decrypt it again??
That's actually a bit of an advantage in this case. If by some random occurrence someone grabs your password from the MySQL database, they have no straight-forward way of decrypting it because it was never meant to be decrypted in the first place. It's unlikely that anyone will be able to access your MySQL database, but you could always think of it as a "just in case" thing.
So how do you check to see if the unencrypted password you enter at the login page is the same as the encrypted one stored in MySQL? Simple - encrypt the password entered when you log in before checking it against the stored one. If the two encrypted passwords match, it's safe to assume they are the same.
Wait a minute - one-way? What's the point of encryption if there's no way to decrypt it again??
That's actually a bit of an advantage in this case. If by some random occurrence someone grabs your password from the MySQL database, they have no straight-forward way of decrypting it because it was never meant to be decrypted in the first place. It's unlikely that anyone will be able to access your MySQL database, but you could always think of it as a "just in case" thing.
So how do you check to see if the unencrypted password you enter at the login page is the same as the encrypted one stored in MySQL? Simple - encrypt the password entered when you log in before checking it against the stored one. If the two encrypted passwords match, it's safe to assume they are the same.
TechAsh
Retired
- Messages
- 5,853
- Reaction score
- 7
- Points
- 38
I suggest using vAuthenticate. It's the login system I use on my website, and I found it relatively easy to set-up and customise to suit my site. It comes with a simple Admin Panel to control users and groups, as well as a change password page.
To protect your page using this system all you need to do is add three lines of php code to the top of each file you want.
If you want visitors to have the ability to sign up, then vSignup is a good choice. It is built using the same system as vAuthenticate but it has been modified slightly.
Both these login systems can be found as free downloads here
If you need any help setting one of these systems up, I'll be happy to see what I can do.
To protect your page using this system all you need to do is add three lines of php code to the top of each file you want.
If you want visitors to have the ability to sign up, then vSignup is a good choice. It is built using the same system as vAuthenticate but it has been modified slightly.
Both these login systems can be found as free downloads here
If you need any help setting one of these systems up, I'll be happy to see what I can do.
MasterMax1313
New Member
- Messages
- 84
- Reaction score
- 0
- Points
- 0
my personal suggestion is md5 hashing the password and tossing it into the database (one way encryption, though there was recently research on reversing md5 hash), and then creating a cookie to verify that the user is logged in, and then testing the cookie to check against tampering (verify that the permissions the user has matches what is stored in the cookie). Or you could use session variables. w3schools.com has a decent looking bit on how to make the login system appear in html (for user viewing) in their html->forms section, if you are very inexperienced.
iholla
New Member
- Messages
- 68
- Reaction score
- 0
- Points
- 0
A simpler way could be storing the username and password as variables in an external file in a specific folder on your server a calling the variables through a chain of files.
example:
- file name is login.mtt, it contains variables $pass = test, $username = test
- login.mtt is located in directory url like; /temp/data/include/login.mtt
- on your start page, you include(file that calls file that reads login.mtt by line and returns values)
- in your login form, once you hit login, your posted values are then checked with those in login.mtt and if they match, a value is returned.
- depending on the returned value, you can re-direct or re-load login page e.t.c
The above example would work if you have a few members say staff that you want to access that page. If however you want all registered users to have the option of accessing that page, then hashed or encrypted database stored passwords is the way to go.
example:
- file name is login.mtt, it contains variables $pass = test, $username = test
- login.mtt is located in directory url like; /temp/data/include/login.mtt
- on your start page, you include(file that calls file that reads login.mtt by line and returns values)
- in your login form, once you hit login, your posted values are then checked with those in login.mtt and if they match, a value is returned.
- depending on the returned value, you can re-direct or re-load login page e.t.c
The above example would work if you have a few members say staff that you want to access that page. If however you want all registered users to have the option of accessing that page, then hashed or encrypted database stored passwords is the way to go.
Last edited:
Sohail
Active Member
- Messages
- 3,055
- Reaction score
- 0
- Points
- 36
You could find a lot of good login scripts for free at http://hotscripts.com you know .
Hope this helps.
.Hope this helps.
technocrat
New Member
- Messages
- 13
- Reaction score
- 0
- Points
- 0
atleast i would use sessions , than the cookies . the advantage i get is that , even if the person didnt really LOGOUT , the moment the browser is closed , all my data is deleted.
for encryption , i would definitely encourage you to write your own function that wil convert the password into special characters that can be stored into the database.
IF your website is small and contains smaller users , its ok , let it be.
the sample code ( iv used it in one of ma websites , for simple use )
use this at the begining of your login page , and not in the body....
and make sure you start the session by using session_start() in every page where you want your authorized content.
cheers
for encryption , i would definitely encourage you to write your own function that wil convert the password into special characters that can be stored into the database.
IF your website is small and contains smaller users , its ok , let it be.
the sample code ( iv used it in one of ma websites , for simple use )
PHP:
<?php
session_start();
include('config.php');
// CONNECT TO DB DAMIT !
$conn = mysql_connect($dbhost, $dbuser , $dbpass);
mysql_select_db($dbname,$conn);
// helll yeah !
$sql = "SELECT * FROM userdetails";
$result = mysql_query($sql, $conn) or die(mysql_error());
while ($row = mysql_fetch_row($result)){
if($row[1]==$_POST[user1] and $row[2]==$_POST[pass1]){
$_SESSION[auth]=true;
$_SESSION[uid]=$row[1];
break;
}
}
?>use this at the begining of your login page , and not in the body....
and make sure you start the session by using session_start() in every page where you want your authorized content.
cheers
