Expand / Collapse Navigation
|
|
|
| Web Hosting |
 |
Very Simple Login-script, This is a very simple and secure login-script |
 Jan 13 2008, 12:32 PM
Post
#1
|
|
|
Kinda N00B  Group: Members Posts: 235 Joined: 13-January 08 From: Sweden Member No.: 27,579  |
Hi. This is my first post here. please Tell me if i do something wrong.
This is a very simple and secure login script. I will try to add as many comments as possible, to make it easier to understand. Lets start with the database. Just make a new SQL file, and call it whatever you want. Paste this code: CODE CREATE TABLE `user` ( `id` int(4) unsigned NOT NULL auto_increment, `username` varchar(32) NOT NULL, `password` varchar(32) NOT NULL, `level` int(4) default '1', PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=27 DEFAULT CHARSET=latin1; Now we have made a table called 'user' in the SQL We have made 4 colums. Id, Username, Password, And Level. Level is made for the Admin level. Save the file, and import it into your database. Now that part is done. Now lets begin with the Index.phppage. CODE <?php session_start(); require_once 'database.php'; if (isset($_SESSION['user'])){ echo "Welcome ".$_SESSION['user']; ?> <form name="logout" method="post" action="logout.php"> <input type="submit" name="logout" id="logout" value="Logout"> </form> <br /><form name="news" method="post" action="news.php"> <input type="submit" name="news" id="news" value="News"> </form> <?php } elseif(isset($_SESSION['admin'])){ echo"Welcome ".$_SESSION['admin']; echo"<br><br>You are logged in as an Admin"; ?> <form name="logout" method="post" action="logout.php"> <input type="submit" name="logout" id="logout" value="Logout"> </form> <br /><form name="news" method="post" action="news.php"> <input type="submit" name="news" id="news" value="News"> </form> <?php }else{ ?> <form name="login_form" method="post" action="login2.php"> <label> <input name="user" type="text" id="user">ID<br /> <input name="pass" type="password" id="pass">Password<br /> </label> <input type="submit" name="login" id="login" value="Login"> </label> </p> </form> <form name="Register" method="post" action="reg.php"> <input type="submit" name="register" id="register" value="Register"> </form><br /> <form name="news" method="post" action="news.php"> <input type="submit" name="news" id="news" value="News"> </form> <?php } ?> The First Thing We Do, Is Starting The Session And we require the database file, so that the code can connect to the database After that, we check if the 'user' session is active. If it is, the code will show u a text that says Welcome 'your name' and a logout button. Then we check if the 'admin' session is active. if it is, the code will write Welcome 'your name'. But it will also write that you are logged in as an admin, and show you a logout button. Then we check if there is a session at all  If there isn't, we'll just show the login form and some buttons. Now Lets Begin with "Login2.php" CODE <?php session_start(); require_once 'database.php'; # make a variable out of the username that was posted in the index-page. $username = $_POST['user']; # I am not sure what this thing makes.. but it has something with safety to do. $escaped_username = mysql_real_escape_string($username); # make a md5 password. $md5_password = md5($_POST['pass']); $queryN = mysql_query("select * from user where username = '".$username."' and password = '".$md5_password."' AND level='1'");#This variable will check if the user is a level 1 user (Normal User) $queryA = mysql_query("select * from user where username = '".$username."' and password = '".$md5_password."' AND level='9'");#This variable will check if the user is a level 9 user (Admin User) if(mysql_num_rows($queryN) == 1) { $resultN = mysql_fetch_assoc($queryN); $_SESSION['user'] = $_POST['user']; header("location:Index.php"); } elseif(mysql_num_rows($queryA) == 1) { $resultA = mysql_fetch_assoc($queryA); $_SESSION['admin'] = $_POST['user']; header("location:index.php"); } else{ echo "Wrong Username or Password"; } ?> <form name="back" method="post" action="login.php"> <input type="submit" name="back" id="back" value="Back to Home"> The First Thing We Do, Is Starting The Session And we require the database file, so that the code can connect to the database then we changing the $_POST['user'] into a variable. Then we add some safety stuff. Then the code will check, if the password, username was correct, and if the user level (admin or normal user) is level 1 (normal user). if it is, the session 'user' will be created. then, it will check if the level is level 9. if it is, the session 'admin' will be created. else if the username or password was incorrect, the code will write that the password or username was wrong, and show a "back to home" button. I require the database.phpin both files. Here it is: CODE <? $con = mysql_connect('localhost','mysql_username','mysql_password'); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db('databasename'); ?> the first thing we do here, is: Open a connection to the mysql server. If the connection failed, the code will write an error then, we select the database we want to use. And Ofc we want the logout.php script: CODE <?php session_start();#This will start the session session_unset(); #Session_unset and Session_destroy session_destroy();#Will remove all sessions. header("location:index.php");#This code will sen du back to the index page ?> the first thing we do, is: start the session. Then, we remove all session data, with session_unset and session_destroy. Then, we make the code send the user back to the "index page" Tell me if i missed something. I would also like to know if you liked this tutorial =) And if you find any errors, tell me, and ill fix them =) //Feelay This post has been edited by Feelay: Jan 18 2008, 06:56 PM |
 |
 
|
|
Jan 13 2008, 04:26 PM
Post
#2
|
|
|
Absolute Newbie  Group: Admin Posts: 888 Joined: 20-February 05 From: Indianapolis, Indiana, USA (Midwest) Member No.: 2,714 myCENTs:35.43 |
Thanks for the tutorial. I'm sure that many people will find it useful.
A lot of comments in the code is very helpful. Sometimes that is more important than the tutorial itself. I also find it useful if you describe the code that you post so that users will have something to refer to if they have a question. vujsa |
|
|
|
|
Jan 13 2008, 04:36 PM
Post
#3
|
|
|
Advanced Member  Group: [HOSTED] Posts: 177 Joined: 25-December 07 Member No.: 27,129 |
Nice tutorial. I usually write my own user systems, but if I'm short on time for a project, I'll probably adapt it in. Also, good commenting, that should help those learning php. One thing though, in the code for login2.php, you have a lot of whitespace. Might want to remove some of it.
|
|
|
|
|
Jan 13 2008, 06:50 PM
Post
#4
|
|
|
Kinda N00B Group: Members Posts: 235 Joined: 13-January 08 From: Sweden Member No.: 27,579 |
QUOTE(vujsa @ Jan 13 2008, 05:26 PM) [snapback]116799[/snapback] I also find it useful if you describe the code that you post so that users will have something to refer to if they have a question. vujsa How do you mean by that last thing u said =? Describing the code? Do u mean something else than comments =? QUOTE(Miles) One thing though, in the code for login2.php, you have a lot of whitespace. Might want to remove some of it. Now I have edited it.. Isn't it harder to read now =? Thanks for the good replies =) This post has been edited by Feelay: Jan 13 2008, 06:53 PM |
|
|
|
|
Jan 14 2008, 12:38 AM
Post
#5
|
|
|
Absolute Newbie Group: Admin Posts: 888 Joined: 20-February 05 From: Indianapolis, Indiana, USA (Midwest) Member No.: 2,714 myCENTs:35.43 |
QUOTE(Feelay @ Jan 13 2008, 01:50 PM) [snapback]116819[/snapback] How do you mean by that last thing u said =? Describing the code? Do u mean something else than comments =? Now I have edited it.. Isn't it harder to read now =? Thanks for the good replies =) I was referring to tutorials writing. Yours flows well and is easy enough to read but for more complex scripts, I find it helps to "translate" your code into English. For example with your logout.php script: QUOTE CODE <?php session_start(); session_unset(); session_destroy(); header("location:index.php"); ?> If you preceded that with an explanation of the script... Then we finish with our logout script: First we open the user's current session with session_start(). We follow this by clearing all of the session variables that might have been set with session_unset(). Then to get rid of the session, we run the session_destroy() function. Finally, we return the user to the index page using the header() function. It should be noted that the location parameter is not the only use of this function. This way the reader can learn more about PHP than just copying a login script! vujsa |
|
|
|
|
Jan 17 2008, 10:56 AM
Post
#6
|
|
|
Kinda N00B Group: Members Posts: 235 Joined: 13-January 08 From: Sweden Member No.: 27,579 |
Ok. I didn't do exactly as u said.. instead, i added some more comments. Because then the user knows exactly what the commets is about, and I find it easier to do it that way..
|
|
|
|
|
Jan 17 2008, 05:13 PM
Post
#7
|
|
|
Premium Member Group: [HOSTED] Posts: 427 Joined: 16-February 06 From: Kolkata, India Member No.: 11,322 myCENTs:29.11 |
If I were you, I would remove the comments and describe each of the steps in layman's terms. That way you would get a lot more credits for your posts. Remember, the text inside the Code block does not fetch you any credit. Also, not everyone feels comfortable with commented descriptions.
|
|
|
|
|
Jan 18 2008, 06:53 PM
Post
#8
|
|
|
Kinda N00B Group: Members Posts: 235 Joined: 13-January 08 From: Sweden Member No.: 27,579 |
Happy now
=?
|
|
|
|
|
Feb 5 2008, 03:30 PM
Post
#9
|
|
|
Member [ Level 1 ] Group: Members Posts: 48 Joined: 5-February 08 From: Japan Member No.: 28,155 |
Sorry if it sounds incompetent but I don't the code behind require_once clause(I don't know what is it - it looks to be a mySQL function, but it isn't standard function, probably a user defined?).
Otherwise the code is quite neat - and pretty easy to follow. If there are questions about the md5() function, a detailed desciption can be found here e.g. http://www.w3schools.com/php/func_string_md5.asp |
|
|
|
|
Apr 22 2008, 02:47 PM
Post
#10
|
|
|
Kinda N00B Group: Members Posts: 235 Joined: 13-January 08 From: Sweden Member No.: 27,579 |
I use require_once when I want to "include" something, but not exactly include it.. it is hard to explain.. I just know, that when you want to check a database file, or something like it, it is better to use the require function instead of include. include is better to use when you want to include a part of a page.
BTW: Sorry for the late answere 
This post has been edited by Feelay: Apr 22 2008, 02:48 PM |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | ||
|---|---|---|---|---|---|---|
 |
 |
9 | priteshgupta | 649 | Yesterday, 10:34 AM Last post by: pyost |
|
|
8 | Grafitti | 16,047 | 2nd January 2009 - 08:45 AM Last post by: Guest |
