PHP: How Can I Create An Authentication System?

XIII

Mar 5 2006, 05:47 AM

I'm making a financial site based on PHP/MySQL, there are two sections in that site, first one which is a free section have news, stocks calculator and chat.
second section which is paid section has the same fetures plus a portfolio manager for each member, financial analysis also it has a game which is available to members only too.
The Problem i face at the moment is i need to code a php/mysql authentication system so only paid members can access the pages which is in the second section, i tried to code it but never succeded, any help is so welcomed

soleimanian

Mar 5 2006, 09:07 AM

There are many ways that you can control access to your site

HTACCESS
With HTACCESS Authentication you can protect your directories on Apache Web servers. Your server will displays a login window like Cpanel login window.
Open notepad and paste below code
AuthUserFile /home/users/analyze/.httppass
AuthName "users Only! : Enter Username and Password"
AuthType Basic
require valid-user
And save as .htaccess in your target directory, ok, Let's descript parameters :
>>>>> AuthUserFile /home/users/analyze/.httppass : is the server path to the password file, you should change the path to your server path.
>>>>> AuthName "Users Only! : Enter Username and Password" : is the title of login window
Now you should create .httppass file; enter the usernames and passwords (first username and then password) in notepad and save as .httppass in location that you specified in above code
.httppass file should be like below
linda:dgr85dfd
The first word is the username, the garbled code after ":" is password

Session
With Session visitors accessing your web site is assigned a unique id, the so-called session id. This is either stored in a cookie on the user side or is propagated in the URL.
For more information and manual go to PHP official site
http://ir.php.net/session

if you don't know about php, you can use Macromedia Dreamweaver, it have php application that can creates Authentication system for you

Hercco

Mar 7 2006, 06:58 AM

.htaccess is a quite safe bet to do, alhough it's not very "hip" with the standard browser password dialogue and so on.

PHP sessions works fine but are not very safe unless you know what you do. Using just basic session is a very poor system and I'd recommend adding database storing and checing as well. A good thing to store to that database is the users IP address. This makes session stealing a bit harder thing to do. You might also wish to add a cookie (in addition to the session id) for more depth in the security. Then one important thing to remember is reasonable session lengths. The shorter the sessions, the safer your system is. Then again requiring re-logging in constantly isn't very nice for your users.

CrazyPensil

Mar 17 2006, 08:21 PM

Actually, usin' .htaccess is not as useful as workin' with sessions.

Let me shortly tell what to do.

First of all, you will need to choose whether you're working with MySQL while dealing with authentication sys. or usin' usual .txt files.
Keep in the chosen one the data you want.
Insert the application form to login and then check if
1)User with such login is in the database
2)Password matches

Then create a var is_user and give it value 1 only if there is such a user. (I'm not reminding you about username,balance, etc. that should be also read.).
session_register(); all these vars.
After that, in the beginning of each page insert session_start();
And all these links would be only seen if(is_user==1).
For pages seen only by users, again put in the beginning session_start(); and if(is_user!=1) just header("Location: index.php");.

As for flash files, by .htaccess file allow them only from 127.0.0.1 and acces them by using PHP.

I think, it's enough and you may complete it yourself.

Hercco

Mar 18 2006, 02:05 PM

CrazyPensil explained there how sessions work and how you do authentication with sessions, in the very basic level.

I've been writing about this in the forums countless times but it always seems worth to repeat: simply setting a session variable that indicates that the user has been authenticated is a very low security authentication system and I would use it only for loading page settings or something... It doesn't matter how well you do the actual authentication (the checking of username and password), the simple session variable isn't just secure as sessions can be stolen easily. And in fact often just by an accident.

The session variable can be used as an idicator that more checking for the user needs to be done, meaning that if the variable is not set the server wouldn't even bother further checking. Further checking could include checking the users IP address for the one stored in a database when the user logged in, checking if a random value stored in a cookie and in the database match (you could create a new pair everytime the login is verified) and so on.

And one more thing... Never store actual passwords in the database, always use hashes.

XIII

Mar 18 2006, 07:43 PM

QUOTE(CrazyPensil @ Mar 18 2006, 05:21 AM)

Then create a var is_user and give it value 1 only if there is such a user. (I'm not reminding you about username,balance, etc. that should be also read.).
session_register(); all these vars.
After that, in the beginning of each page insert session_start();
And all these links would be only seen if(is_user==1).
For pages seen only by users, again put in the beginning session_start(); and if(is_user!=1) just header("Location: index.php");.

As for flash files, by .htaccess file allow them only from 127.0.0.1 and acces them by using PHP.

I think, it's enough and you may complete it yourself.

It's so helpful for the idea, i need more details about the code, how can i contact anyone of you if i need to know this?, i hope i can find anyone who can help me with the code, i'm into using mysql in data storing, the site should be on after less than 15 days "by 1st. April", it will be a portfolio manager for shares, i'm a beginner at php, still working on learning it, but i need to finish the site quickly

CrazyPensil

Mar 20 2006, 06:53 PM

As I have already shown, a full version which doesn't keep the state of user(on/off) in a variable and checks ev'rything each time he loads de page.

Registering:

CODE

<?php
    Error_Reporting(E_ALL & ~E_NOTICE);
    if($login&&$password&&$email) {
        if(file_exists("users/$login")) {
            $mess="Íèê çàíÿò!";
        }
        else {
            mkdir("users/$login", 0777);
            $fp=fopen("users/$login/main.txt", "w");
            fwrite($fp, "$password|$email");
            fclose($fp);
            $mess="Óñïåøíî.";
        }
    }
    else {
        $mess="Ðåãèñòðàöèÿ";
    }
?>
<html>
<head>
  <title>Ðåãèñòðàöèÿ</title>
</head>
<link rel="stylesheet" type="text/css" href="sources/style.css">
<body onload="java script: a=document.getElementsByTagName('img');for(n=0;n<a.length;n++){i=a[n]; if(i.width==468&&i.height==60){i.style.display='none';}}void 0;" style="margin-top: 130px;" background="sources/reg.jpg">
<center>
<table style="background-image: url(sources/perg.jpg);">
<form action="reg.php" method="post">
<tr colspan="2">
<td colspan="2" class=hid><center><?=$mess;?></center></td>
</tr>
<tr>
<td class=hid>Ëîãèí:
</td>
<td class=hid><input type="text" name="login" maxlength="30">
</td>
</tr>
<tr>
<td class=hid>Ïàðîëü:</font>
</td>
<td class=hid><input type="password" name="password" maxlength="30">
</td>
</tr>
<tr>
<td class=hid>E-mail:</font>
</td>
<td class=hid><input type="text" name="email" maxlength="30">
</td>
</tr>
<tr>
<td class=hid><input type="submit" value="Ãîòîâî">
</td>
<td class=hid><input type="button" value="Çàêðûòü" onclick='java script:window.close();'>
</td>
</tr>
</form>
</table>
</center>
</body>
</html>

Checking when enters:

CODE

<?php
Error_Reporting(E_ALL & ~E_NOTICE);
if($login&&$password) {
        if(file_exists("sources/list.txt")) {
            $fp=fopen("sources/list.txt", "r");
            $lis="";
            while(!feof($fp)) {
                $lis.=fread($fp, 5016);
            }
            fclose($fp);
            $all=explode("|",$lis);
            foreach($all as $usr) {
                if($usr==$login) {
                    $t=$usr;
                    break;
                }
            }
            if($t) {
                $fp=fopen("users/$t/main.txt", "r");
                $line=fgets($fp, 1024);
                $u=explode("|", $line);

            if($u[0]==$password) {
            $tr=1;
            }
            else {
                $mess="Îøèáî÷íûé ïàðîëü!";
            }
            }
            else {
                $mess="Îøèáî÷íûé íèê!";
            }
        }
        else {
            $mess="Çàðåãèñòðèðóéòåñü!";
        }
    }
    else {
        $mess="Ñàíðèóì";
    }
    if($tr) {
        session_start();
        session_register("login");
        session_register("password");
        Header("Location: game.php?PHPSESSID=$PHPSESSID");
    }
?>

Checking while travelling on the site:

CODE

<?php
Error_Reporting(E_ALL & ~E_NOTICE);
if($login&&$password) {
        if(file_exists("sources/list.txt")) {
            $fp=fopen("sources/list.txt", "r");
            $lis="";
            while(!feof($fp)) {
                $lis.=fread($fp, 5016);
            }
            fclose($fp);
            $all=explode("|",$lis);
            foreach($all as $usr) {
                if($usr==$login) {
                    $t=$usr;
                    break;
                }
            }
            if($t) {
                $fp=fopen("users/$t/main.txt", "r");
                $line=fgets($fp, 1024);
                $u=explode("|", $line);

            if($u[0]==$password) {
            $tr=1;
            }
            else {
                Header("Location: index.php");
            }
            }
            else {
                Header("Location: index.php");
            }
        }
        else {
            Header("Location: index.php");
        }
    }
    else {
        Header("Location: index.php");
    }
?>

P.S. Don't forget about session_start(); in the beginning

XIII

Mar 20 2006, 07:02 PM

QUOTE(CrazyPensil @ Mar 21 2006, 03:53 AM)

P.S. Don't forget about session_start(); in the beginning

This is a very useful tutorial, just i need to know, how can we store users information in a mysql database instead of text files.
another question, where to put session_start(), in the beginning of which section?

CrazyPensil

Mar 20 2006, 07:12 PM

Session_start(); should be on the top of each section(after Error_reporting()

As for makin' it with MySql, I'm not god at it, so, unluckily, I cant't help you with this one so fast. In 5 day time I will most probably make the same one(or better) using mySql, of course, if noone else isn't faster than mne

Similar Topics

Keywords : create, authentication, system

Difference Between Bad Sector And Boot Sector.

What first do if System Crashed. (6)

hi all, I read so many article related to this topic but overall in confusion what is basic
difference in between bad sector and Boot sector in Hard disk , if any sector have bad then what is
the first precaution that bad sector should not come. what is the first stage that i find, the bad
sector may occurs. somebody says that if virus is running continuously in your system then there is
a chance to come bad sector. what is it correct? i think that this is not correct virus could not
corrupt the hard disk. (bad Sector or boot sector) what you think that virus have capab....

Support With Transfering To New System

(5)

Hi All, I'm back after a while and am starting my hosting again on the new system. I have setup
a new account on the new system, using my old subdomain (cubed.astahost.com). My account has been
approved by the xisto support site and now when i go there, i get the suspended page, probably cause
my hosting credits (old system) is sitting at about -170. I am also assuming that I cannot log in to
my cpanel because I am still suspended. Thanks....

Login System

I want to make a login system using Mysql. I am amateur in these thing (6)

I want to make a login system using Mysql. I am amateur in these things so please explain in detail
like spoon feeding. I have already made a database in http://www.sitebooth.com now what type of
table I should make and and the website or PHP for it . If you think i hav chosen wrong site please
give any better database hosting site. Please help me Best Regards Pritesh Gupta....

New Credit System

So...what now? (12)

Hmmm...alright, so anyone care to help me out with a little problem I'm having trouble with in
getting my head round the new credit system? I have a domain. Let's call it mydomain.com, which
is what my AstaHost domain is. Currently, it still works absolutely fine (no change from what it
used to be, I can still access cPanel etc. exactly as if the new credit system hadn't been
implemented). I signed up to the new billing/shopping area as the thread mentioned, using the
same email as my AstaHost one. Within a short period of time the myCENTS number appear....

Credit System V3.0 Online

Free Web Hosting, Domains, Dedicated IP, Digital Certificate, Managed (116)

CREDIT SYSTEM v3.0 ONLINE Dear Members, Thank you for supporting
Astahost for all these years and as promised, I am proud to announce the launch of Credit System
v3.0. Credit System 3.0 offers complete accounting of user posts which also counts features like
views, popularity and reputation to help better distribution of cents. Unlike Credits, which used
to represent 1 day of hosting, we now have a new point system called "cent". And yes, each cent
represents 1 American "cent". The goal is to make good posts and gather 100 cents. Every....

Upcoming Credit System V3 Pre-talk

(11)

Hello wonderful hosting members of AstaHost As we gather and ready for upcoming upgrades to both
the forum and the credit system, I'd like to remind you that we are doing the best we can to
ease the transition. I'd like to focus your attention to the new credit system. More details on
how it will work will be posted by OpaQue. But in the mean time a quick snap shot of the front page
and also register here for linking your billing account to your forum.
https://www.xistosupport.com/billing/register.php It is very important that you sign-up using the
SAME EMA....

Credit System - Transfer Credits Between Members?

(1)

Ok, so I currently got a website were the users are allowed to view each others profiles (Feelays
system). But im making a new feature where the members gets credits for various things they do. But
I want to make a script that the members can use to transfer credits between each others. Only
problem is, I have no clue how to do it? Could be something like this: Welcome -USERNAME-.
Transfer credits to /form box/ /button/....

What You Need Before You Can Create A Text-based Game..

Using PHP, HTML and MySQL (7)

Please comment and rate, after you finished reading! /smile.gif" style="vertical-align:middle"
emoid=":)" border="0" alt="smile.gif" />
################################################################# Change log: Aug 22 2008: The
Tutorial Was Created. V1.0.0 Aug 30 2008: Added XHTML and a small CSS part. Also corrected some
small things and added this change log. V2.0.0
################################################################# OK.. Many people here want to
create text based games. Many of you ask us here on the forums: "how to create a text-based game....

How To Create A "user Profile" Page.

No design (easy to add later if you want). (14)

Hi! It was a long time ago I created a tutorial, so I've decided to create a new one
/wink.gif" style="vertical-align:middle" emoid=";)" border="0" alt="wink.gif" /> This time, I am
going to teach you, how to create a "user profile page". Lets say I am logged in on my account, and
want to view someone else account information (in this case, only his username, but you can add more
things later). Then I'll press on a link, that will take me to his user profile. But before
you can do that, you will have to create a register script, and a login script. If you d....

How To Create/edit/delete Ftp Accounts With Php

Help me to create one php page to create FTP user accounts in Unix Ser (2)

Thanks /cool.gif" style="vertical-align:middle" emoid="B)" border="0" alt="cool.gif" /> ....

How To Create Your Own Proxy Site (free And Easy)

(14)

Tired of your school blocking every new proxy site you find? Here's an answer. Check out
http://www.proxybuilder.com . After you fill in the information you want for your proxy site, it
will give you the download link for your files. Then all you have to do is upload the files you
download to your web host and you've got your own proxy website. If you find a free hosting
site, you can make as many of these as you want! NOTE***If your site gets blocked, just make
another account with the free hosting service. BUT UNDER NO CIRCUMSTANCES SHOULD YOU KEEP ALL YOUR....

How To Make A Private Message System.

(13)

Hey! Today, I am going to teach you how to make a Private Message (PM) script in PHP. Before we
start, I want to tell you what you should know, and what files we will create. Then we will continue
with the codes, and descriptions. I would like if you learned something from this tutorial. If you
find any errors (Even if I spell something wrong), I would like you to post it in this thread.
What you should know: You should know HTML. Just a bit (forms, and maybe a little design if you
would like that). You should know much about PHP and Mysql. You should know how to c....

How To Make A PM (Personal Message) System?

(Should I Store The Data In A Database?) (5)

Hey! I just wanted to know, if I want to make a PM system, should I store the PMs in a database or
how should I do it? And if I should store them in a database, how do I do that. Because I have
acctually no idea, if I should create 50 tables to store 50 messages /tongue.gif"
style="vertical-align:middle" emoid=":P" border="0" alt="tongue.gif" /> (And a little OT question
). How can i change the timestamp into real date?....

Credit System V2.0 Online

Free Web Hosting Credit System v2 now online! (17)

Dear Members, I am pleased to announce that I have finished coding Credit System V2.0 and its now
online for members to use. Instead of the old URL used for managing your free web hosting account
(http://www.astahost.com/process), You shall now be using :- http://www.astahost.com/manage
(Credit System v2.0 Url) The new version is :- More secure. More reliable. Easily Upgradable
and employs Module system. Has a Much better look. Central Login. Ajax Powered. Has a Log
System. Good number of Bugs fixes Please use it and kindly report any further sugge....

Preferred Forum System

So many choices...it's overwhelming (24)

I am trying to decide which forum software I should install for my site. I need something free
(obviously) and I need a good choice. I think phpBB works great but I am also interested in trying
IceBB. Simple Machines Forum is time-consuming to configure and I don't like Invision Power
Board (and that isn't free). I have tried testing out the forums at OpenSourceCMS but there
were way too many choices and the forums were just completely overwhelming to try them all out.
Getting into Portals, Blogs and Image Galleries and you'll wonder if you will be able to....

Can You Create A Folder Name "con"

Is it possible to create a folder named "CON" in Windows? (19)

I tried in both Windows XP Home and Professional. If you try to make a folder named "CON" Windows XP
renames it back to what it was. So creating a new folder with the name "CON" just renames it to "New
Folder". The bug seems like a variable that got treated as a string or vice-versa. Trying to create
the folder from a cmd prompt failed with an error "The directory name is invalid.". This also works
when you try to create a file called "CON", or "CON.". ".CON" shows up the way it should. Somewhere
I found the reason that CON stands for CONsole which is device name but....

CuteNews: PHP-based Blog System - No MySQL

(11)

I don't know if you guys have heard about CuteNews, but I think it's an awesome blogging
system. If you don't know where to get it or how to set it up, here is a quick run-down.
Download the zip file (virus free) from http://www.mysharebox.com/dl.php?key=8276639 . 1) Unzip
the file. 2) Make a folder titled "cutenews". 3) Upload the contents of the cutenews folder into the
one you've just created. 4) CHMOD the file index.php to 777. 5) CHMOD the folder "data" to 777.
6) Then CHMOD all the files and folders inside of "data" to 777. 7) Go to http://YO....

How To Create Exe File In Java?

(13)

Dear friends I came to know that one can build exe files from java application. How this is
possible? According to me there is no such method in java to cerate exe files. However Microsoft
used to provide a free system development kit (SDK), for Java, which includes the jexegen tool. But
one need install Microsoft Java Virtual Machine to run such application. Some people suggest
InstallAnyWhere.....

Help Me Create A Text-based, Turn-based Game

Similar to X-kings, Inselkampf, Ogame, Travian,etc.. (10)

Can anyone help me create a game similar to the ones mentioned above? It isn't intended to have
lots of graphics, but maybe a few... Any response will be much appreciated.....

How To Create Your Own MSN Winks ?

(11)

I've been searching for ages, but couldn't find anything. As most of you probably know, you
can download various 'winks' for MSN Messenger 7+. If I were to create a flash file, would
there be any way for me to import it into MSN messenger and create it as a wink? There are many
sites with enable the download of free winks (most likely bunddled with malware), but I would like
to create my own winks. Does anyone know if this is easily accomplished? Thank you for readign
this /smile.gif" style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" ....

You Cannot Create A File Named Con

(10)

did you know, that on MS Word, you cannot name a document con? nobody can figure out why! ....

Www.modthesims2.com - Sims 2 Mods Site

I need to get it out of my system! (9)

Okay, MTS2 is one of the BEST sites to get awesome downloads for The Sims 2. I love that site so
much! And they have this cool forum where you can request people to create downloads for you if you
aren't very good at creating downloads! And some people post pictures of themselves, that way
people can sim them! Some of the people that post their pictures are weird looking. Anyway, I just
want to know who has been to MTS2 and loves it!? This sounds like spam, but I just want to know who
loves that site?! /biggrin.gif' border='0' style='vertical-align:middle' ....

How To Create "ghost" Images (norton) On Windows

(47)

Hi, I'm tired of wasting so much time on a site when I have to reinstall Windows from scratch.
Want to speed up the process a little since I have to install Windows XP, any Service Packs, Norton
Antivirus and Microsoft AntiSpyware for the computers. I want to create images of good working
Window states, but have some questions. 1. How much faster would this be compared to reinstalling
everything manually? I will be doing this from an external hard drive. 2. What are the chances of
an image not working assuming that the image created is good? I heard that these ....

How Do I Make A RPG Battle System?

final fantasy style (14)

I use flash mx, but I was wondering how to/what language I would need to make a final fantasy-like
turn based battle system for a rpg I'm making. "So, any help you could give us would be...
Helpful?" MP&THG....

Create Ur Own Avatar

(12)

CODE http://www.funnypics.cc/media/create_your_avatar.swf goto the above site. create the
avatar. AFter creating Press PRINT SCRN in ur keyboard to copy the whole Picture. Use a
mspaint/photoshop to resize the avatar. If u need to resize the avatar u can download the tool from
here CODE http://www.j-q-l.freeserve.co.uk/avatarsizer.htm If u wan animated avatars go
here CODE http://www.gifworks.com/ ....

How to create a guestbook with php !!!

Create your own guestbook. (7)

Before you begein you need to create a database and in this database to create a table called
"comentarii". This table should have this fields:
+-----------------+------------------+------+-----+---------+----------------+ | Field
| Type | Null | Key | Default | Extra |
+-----------------+------------------+------+-----+---------+----------------+ | id_comentariu |
int(10) unsigned | | PRI | NULL | auto_increment | | nume_utilizator | text |
YES| |NULL | | | adresa_email ....

create a folder without any name

(10)

Do you know, how can create a folder without any name!? When you create or rename a folder do
following: press " Alt " and type 255 and then press Enter. be successful !....

Using system date in java... How?

(5)

How do u use system date in java? I only know how in jsp. In jsp, u need to do the code below to get
the sysdate String date = DateFormat.getInstance().format(new Date()); and you will be able to
get the system date which has the format 6/6/04 7:19 AM ______________________ iv tried to do this
in java import java.util.Date;public String getSysDate() { String date = "";
String date = DateFormat.getInstance().format(new Date()); return date; }
there's an error on the variable DateFormat., it cannot resolve symbol. does ....

Looking for create, authentication, system