Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.


Welcome to AstaHost - Dear Guest , Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply w/o Sign-Up!

Toggle shoutbox Shoutbox

@ agyat	:	(23 May 2013 - 01:23 AM) Wow! Mr. Sb Back Home.
@ OpaQue	:	(23 May 2013 - 12:44 AM) Ting
@ OpaQue	:	(24 April 2013 - 02:44 PM) I guess, Time to run Mycent script.
@ OpaQue	:	(24 April 2013 - 02:43 PM) wow.. not much spam. except habatt posting lot of links..
@ yordan	:	(23 April 2013 - 01:04 PM) You're welcome, agyat. Nice to have been helpful. Second lesson: try full words, "you" instead of "EW".
@ agyat	:	(23 April 2013 - 05:03 AM) @YORDAN: tHANK EW FOR YOUR FIRST LESSON.
@ yordan	:	(22 April 2013 - 09:43 PM) @agyat : "why don't you help me", or "please help me", or "please teach us"
@ yordan	:	(22 April 2013 - 09:42 PM) welcome back, velma
@ velma	:	(22 April 2013 - 07:51 AM) yawns Good to be back, wonder what is going on here
@ agyat	:	(22 April 2013 - 03:50 AM) Oh! so, why don't help me learn english..
@ yordan	:	(21 April 2013 - 08:38 PM) The goal mentioned by shiu : "learning english, learning computer"
@ agyat	:	(21 April 2013 - 06:31 PM) WHAT GOAL?
@ yordan	:	(20 April 2013 - 10:39 AM) yes, that's our goal. simultaneouly learning English and teaching/learning computer using.
@ shiyu	:	(20 April 2013 - 07:30 AM) learning english,learning computer
@ yordan	:	(19 April 2013 - 01:11 PM) Oh, I see, it's just a trick in order to force people looking at your texte. Somehow smart, maybe.
@ agyat	:	(19 April 2013 - 02:54 AM) And of course I know it is not SEO friendly.
@ agyat	:	(19 April 2013 - 02:52 AM) There may be two possible answers for that .... 1) Shout was posted using mobile keypad. 2) To force people read content carefully and/or with more concentration.
@ agyat	:	(19 April 2013 - 02:49 AM) There may be two possible answers for that ....
@ yordan	:	(18 April 2013 - 09:35 PM) however, why this mixing of capital letters in the middle of your text?
@ agyat	:	(18 April 2013 - 11:10 AM) false feelings.

Replying to PHP: Writing A Generic Login And Register Script

Post Options

Enable emoticons?

Enter Your Name

Security Check *

[quote name="-=Wrighty=-" post="16370" timestamp="1107796340"] Althoguh I already knew how to do this, thank you as I'm sure it will definitely help other users.[/quote] [quote name="-=Wrighty=-" post="16370" timestamp="1107796340"] Althoguh I already knew how to do this, thank you as I'm sure it will definitely help other users.[/quote]

or Cancel

Topic Summary

Posted 10 November 2012 - 06:24 AM

@coder2000 i like this [pst and i am using your code to my new custome email sending and tickting system.
hope it works find. finger crossed.

Posted 22 March 2012 - 12:33 AM

Now there are basically 3 functions that a user management system provides: login, register, and protection. A user management system can do more than this but that is all that this tutorial will be covering. I will try to explain what I am doing as I go along but to fully understand what is happening you should have a basic knowledge of PHP, SQL, and HTML. This tutorial assumes you are using MySQL, adjust accordingly for a different DBMS.

First off lets define the database table where our users will be stored. Using phpMyAdmin run this statement to create our table:
CREATE TABLE tblUsers  (
   fldId INT NOT NULL AUTO_INCREMENT,
   fldUsername VARCHAR(40) NOT NULL,
   fldPassword VARCHAR(40) NOT NULL
);
Now a little explanation as to what this will do. It will create a table in your database called tblUsers with fields fldId, fldUsername, and fldPassword. The last two fields are self explanitory they contain the username and password of the user. The fldId is the user id automatically assigned by the database. For more information on the syntax read the MySQL documentation.

Lets continue by creating the script where our users will register. Open your favorite text editor and enter the following:
<?php

?>
This tells the webserver that we are starting a php code section. You can have more than one in a script and you can include HTML in your code files as well, more on that later. Lets create a function that will actually do the work of adding the user to the database. Lets call it registerUser, now enter the following in between the php tags:
function registerUser() {
   mysql_connect('server', 'username', 'password', 'database');
   $username = $_POST['username'];
   $password = md5($_POST['password']);

   $sql = "INSERT INTO tblUsers (fldUsername, fldPassword) VALUES ($username, $password);";

   mysql_query($sql);
}
We now have a very basic registration function. Now we need to create the form the user will see. So below the ?> lets start our HTML. It should look a bit like this:
<html>
   <head>
       <title>Registration</title>
   </head>
   <body>
       <form action="<?php $_SERVER['PHP_SELF']."?register=true" ?>" method="post">
           Username: <input type="text" name="username">
           Password: <input type="password" name="password">
           <input type="submit" value="Register">
       </form>
   </body>
</html>
Now this HTML defines a form with 2 input fields and a button. The thing to look at though is the action attribute of the form tag. Here we have another php code section. This puts the path of the current script as our action with the variable register equal to true. We will deal with that in our code later. For now your code should look like this:
<?php
function registerUser() {
   mysql_connect('server', 'username', 'password', 'database');
   $username = $_POST['username'];
   $password = md5($_POST['password']);

   $sql = "INSERT INTO tblUsers (fldUsername, fldPassword) VALUES ($username, $password);";

   mysql_query($sql);
}
?>

<html>
   <head>
       <title>Registration</title>
   </head>
   <body>
       <form action="<?php $_SERVER['PHP_SELF']."?register=true" ?>" method="post">
           Username: <input type="text" name="username">
           Password: <input type="password" name="password">
           <input type="submit" value="Register">
       </form>
   </body>
</html>
There is one more thing left to do. Handle the variable we passed to the script called register. Lets do that now. Here is the code:
<?php
if ($_GET['register'] == 'true') {
   registerUser();
}

function registerUser() { ....
Here we use an if statement to check and see if it has been set to true if it is we call the function we defined earlier.

That is all I will be doing for today. Later we will go over how to login, protect your pages and some basic error checking.

I dont get the last part.

<?php
if ($_GET['register'] == 'true') {
   registerUser();
}

function registerUser() { ....

Can you post the final source please

Posted 14 November 2011 - 01:18 AM

Stop following this useless and poorly scripted tutorial!PHP: Writing A Generic Login And Register Script

Replying to iGuestThe reason = $row line doesn't work is because its trying to make a assign to a function.If (md5($password) = $row['fldPassword']) {Should beIf (md5($password) == $row['fldPassword']) {Remember when using a = inside a if statement that assigns the right hand side value to the left hand variable.And == is a bool checkMost of what they have posted is very poor formating of SQL and PHPSorry but thats my view!

-reply by Dazaster

Posted 22 April 2011 - 12:38 AM

How do I verify email and password through sql?PHP: Writing A Generic Login And Register Script

I am working on a successful register and login for my website. So I created a successful registeration with email confirmation but I don't know how to create a login that will verify the info.

When a person registers it saves in a database named eventdatabase.

It has the table registered_members.

It has the following rows:

CREATE TABLE `registered_members` (`id` int(4) NOT NULL auto_increment,`name` varchar(65) NOT NULL default '',`email` varchar(65) NOT NULL default '',`password` varchar(65) NOT NULL default '',`country` varchar(65) NOT NULL default '',PRIMARY KEY (`id`)) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

I want a login that asks for the email and password and then verifies it through eventdatabase and then through registered_members.

Then after login if it is successful I want to redirect it to www.Mywebsite.Com/profile.Php

Thank you, Billy

-reply by Billy

Posted 21 May 2011 - 06:56 PM

i have a problemPHP: Writing A Generic Login And Register Script

It says fatal error by the last part of the login script afterThe last part at$row = ...What do I do?

-reply by chatroverse

Posted 17 September 2010 - 08:51 AM

SecurityPHP: Writing A Generic Login And Register Script

I'm suprised this tutorial takes no account into SQL injection :O

The best thing to do is run all user-input through mysql_real_escape_string().

It would be no problem for the password, as this is being MD5'ed, so can't contain any SQL language characters.

$username = mysql_real_escape_string($_POST['username']);

$sql = "SELECT fldId, fldPassword FROM tblUsers WHERE fldUsername = '$username';";

Becouse if I were to try and login with a username containing the following

' OR fldId = 1; --

It would result into the following query:

SELECT fldId, fldPassword FROM tblUsers WHERE fldUsername = '' OR fldId = 1;--';

The '--' means the rest of the query is considered a comment.

This way MySQL will return a row where the id is 1, which is always a valid user, and in the worst case, a administrator user.

These patches should ofcourse also apply on the other queries.

http://xkcd.Com/327/

-reply by Dennis de Greef

yordan

Posted 24 March 2010 - 10:38 PM

Hi,

how easy is it to add the register page, cant see the code here?

thanks

read again the starter post of the present topic, you will see the code :

Lets continue by creating the script where our users will register. Open your favorite text editor and enter the following:

CODE<?php

?>

This tells the webserver that we are starting a php code section. You can have more than one in a script and you can include HTML in your code files as well, more on that later. Lets create a function that will actually do the work of adding the user to the database. Lets call it registerUser, now enter the following in between the php tags:

CODEfunction registerUser() {
mysql_connect('server', 'username', 'password', 'database');
$username = $_POST['username'];
$password = md5($_POST['password']);

$sql = "INSERT INTO tblUsers (fldUsername, fldPassword) VALUES ($username, $password);";

mysql_query($sql);
}

fredted40x

Posted 24 March 2010 - 01:43 PM

Hi,

how easy is it to add the register page, cant see the code here?

thanks

Shag

Posted 07 November 2008 - 03:44 PM

hello
i found this script on www.marakana.com

I cant find how it connecnts to DB
can u guide me where exactly it is? (i think there is not any DB connection setup. it just uses users in array)
and if you guys know any source where can find code which will help me to make the following….
i whant to make users which can change the content of div element on the page…
something like this comment box..
but i whant to give this permission manualy to users and also activate there accounts manualy (like on forums)and secured as much as it posible
and with registration page security i have problems as well

i am noob in php.
i dont even know if this code is secured well
if u guys can help me with this

here is the code
maybe it will help other members as well =/

File name: login.php

<?php  
///////////////////////////////////////////////////////////////////////////// 
// 
// LOGIN PAGE 
// 
//   Server-side: 
//	 1. Start a session
//	 2. Clear the session
//	 3. Generate a random challenge string
//	 4. Save the challenge string in the session
//	 5. Expose the challenge string to the page via a hidden input field
//
//  Client-side:
//	 1. When the completes the form and clicks on Login button
//	 2. Validate the form (i.e. verify that all the fields have been filled out)
//	 3. Set the hidden response field to HEX(MD5(server-generated-challenge + user-supplied-password))
//	 4. Submit the form
////////////////////////////////////////////////////////////////////////////////// 
session_start();
session_unset();
srand();
$challenge = "";
for ($i = 0; $i < 80; $i++) {
	$challenge .= dechex(rand(0, 15));
}
$_SESSION[challenge] = $challenge;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
	<head>
		<title>Login</title>
		&lt;script type="text/javascript" src="http://pajhome.org.uk/crypt/md5/md5.js"></script>
		&lt;script type="text/javascript">
			function login() {
				var loginForm = document.getElementById("loginForm");
				if (loginForm.username.value == "") {
					alert("Please enter your user name.");
					return false;
				}
				if (loginForm.password.value == "") {
					alert("Please enter your password.");
					return false;
				}
				var submitForm = document.getElementById("submitForm");
				submitForm.username.value = loginForm.username.value;
				submitForm.response.value = 
					hex_md5(loginForm.challenge.value+loginForm.password.value);
				submitForm.submit();
			}
		</script> 
	</head>
	<body>
		<h1>Please Login</h1>
		<form id="loginForm" action="#" method="post">
			<table>
				<?php if (isset($_REQUEST[error])) { ?>
				<tr>
					<td>Error</td>
					<td style="color: red;"><?php echo $_REQUEST[error]; ?></td>
				</tr>
				<?php } ?>
				<tr>
					<td>User Name:</td>
					<td><input type="text" name="username"/></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type="password" name="password"/></td>
				</tr>
				<tr>
					<td> </td>
					<td>
						<input type="hidden" name="challenge" value="<?php echo $challenge; ?>"/>
						<input type="button" name="submit" value="Login" onclick="login();"/>
					</td>
				</tr>
			</table>
		</form>
		<form id="submitForm" action="authenticate.php" method="post">
			<div>
				<input type="hidden" name="username"/>
				<input type="hidden" name="response"/>
			</div>
		</form>
	</body>
	</html>

File name: common.php

<?php
//////////////////////////////////////////////////////////////////////////////// 
// 
// COMMON PAGE 
// 
//   Defines require_authentication() function: 
//	 If the user is not authenticated, forward to the login page 
//	 
////////////////////////////////////////////////////////////////////////////////  
session_start();
function is_authenticated() {
return isset($_SESSION[authenticated]); amp;amp;
$_SESSION[authenticated] == "yes";
}
function require_authentication() {
if (!is_authenticated()) {
header("Location:login.php?error=".urlencode("Not authenticated"));
exit;
}
}
?>

File Name: authenticate.php

<?php  
///////////////////////////////////////////////////////////////////////////// 
// 
// AUTHENTICATE PAGE 
// 
//   Server-side: 
//	 1. Get the challenge from the user session 
//	 2. Get the password for the supplied user (local lookup) 
//	 3. Compute expected_response = MD5(challenge+password) 
//	 4. If expected_response == supplied response: 
//		4.1. Mark session as authenticated and forward to secret.php 
//		4.2. Otherwise, authentication failed. Go back to login.php 
////////////////////////////////////////////////////////////////////////////////// 
$userDB = array("john" => "abc123", 
"bob"  => "secret",
"anna" => "passwd");  
function getPasswordForUser($username) {
// get password from a simple associative array
// but this could be easily rewritten to fetch user info from a real DB
global $userDB;	 return $userDB[$username];
}  
function validate($challenge, $response, $password) {
return md5($challenge . $password) == $response;
}  
function authenticate() {
if (isset($_SESSION[challenge]) &&
isset($_REQUEST[username]) &&
isset($_REQUEST[response])) {
$password = getPasswordForUser($_REQUEST[username]);
if (validate($_SESSION[challenge], $_REQUEST[response], $password)) {
$_SESSION[authenticated] = "yes";
$_SESSION[username] = $_REQUEST[username];;
unset($_SESSION[challenge]);
} else {
header("Location:login.php?error=".urlencode("Failed authentication"));
exit;
}
} else {
header("Location:login.php?error=".urlencode("Session expired"));
exit;
}
}
session_start();
authenticate();
header("Location:secret.php");
exit();
?>

File name: secret.php

<?php  
//////////////////////////////////////////////////////////////////////////////// 
// 
// SECRET PAGE 
// 
//   Invokes require_authentication() to ensure that the user is authenticated 
//	 
////////////////////////////////////////////////////////////////////////////////  
require("common.php"); 
require_authentication(); 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"	  
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 
<html>	 
<head>
<title>Secret Page</title>	 
</head>
<body>		 
<h1>This is a Secret Page</h1>
<p>You must have successfully authenticated since you are seeing this page.</p>
<p>
<a href="<?php echo $_SERVER[PHP_SELF]; ?>">View again?</a>
</p>
<p>
<a href="login.php">Logout?</a>
</p>
</body>
</html>

I would appreciate it
p.s sorry for english =/

Posted 14 August 2008 - 05:22 PM

There are a few more things I always add to my registration code.

1. Convert the username string to lowercase, strtolower(STRING), I do this so you won't get a user called User, one called user, one called USer, one called USEr, one called USER, one called uSER, and so on.. :P

2. Check in the registration code if the username already exists in the database, you don't want someone to overwrite your account by simply creating a new one.

- Falcon

-reply by Falcon

Review the complete topic (launches new window)