Index
 |
Login System - I want to make a login system using Mysql. I am amateur in these thing | ||
Discussion by priteshgupta with 12 Replies.
Last Update: July 27, 2009, 3:34 pm | |||
 |
|||
Best Regards
Pritesh Gupta
Tue Oct 28, 2008 Reply New Discussion
Next you'll need a password database, in this database you re-use the user ID and have another collumn containing the password (preferably save using MD5).
So you have something like
user database:
CODE
| ID | NAME | MAIL || 11 | John | john@johnymail.com |
| 12 | Frans | Frans@fransmail.com|
password database
CODE
| ID | password || 11 | 8896e76cb1c472a1847e75cf23324577 |
| 12 | e36aea312ecf63d21b5d134b6998d529 |
User 11 has password: hallo priteshgupta
User 12 has password: dit is een ongeloofelijk lang en belachelijk wachtwoord om te gebruiken
There's a lot of info available about creating login systems and the use of md5 in php (altough I do suggest to use javascript to use the md5-hash because this way you don't send any password in the clear).
And of course, search the internet
, probably the best way to learn something.
Tue Oct 28, 2008 Reply New Discussion
Tue Oct 28, 2008 Reply New Discussion
ID: Set this to auto-increment - Int with max length 4 should suffice, it allows for 10000 users, increase the length later if necessary
User: A log-in username - Tinytext with max length 16 should be fine.
Password: The hash of a password - Tinytext with max length 40.
Sid: A session ID relating to a user - e.g. Tinytext with max length 40.
Any other data you wish to keep can be stored as well, for example columns:
LLI: The last logged in date
Name: A user's first name
etc.
A hash function is a function which takes an input of any length, and returns a fixed-length output. Common hashes include MD5 and SHA1 (the latter is more secure). Hashes are used because they are irreversible (easily verified with the pigeon hole theorem).
In a registration page, you should have a series of text boxes for each relevant column (i.e. username and password - plus extras you want like first name). On the page this data is submitted to, what you want to do it:
Retrieve the data using $_POST['user'], where 'password' is replaced with whatever you named it in the previous page. You need some basic checks e.g. username is between 4 and 16 characters (long usernames are annoying!), username consists only of alphanumerical characters (or something similar).
Calculate the hash of the password - e.g. $hash = sha1($_POST['password']);
INSERT INTO the SQL database the relevant data.
When you log in, (use a similar form to the registration form except only with username and password boxes), you should SELECT from the table WHERE the username and password (hash) match - if the mysql_num_rows($result) is 1 then success, else fail.
You need to set a session ID associated with the account, which will be used to authenticate the user when he visits other pages. An example could be sha1($user+date("FjYg:ia"));. You need to UPDATE the session ID value stored in the database and set the value as a cookie to the client.
When the user visits other pages, you should check whether the session ID is associated with any IDs in the database (basically logging in but checking for session ID match).
QUOTE
There's a lot of info available about creating login systems and the use of md5 in php (altough I do suggest to use javascript to use the md5-hash because this way you don't send any password in the clear).I hope you realise how stupid this is, this less less secure than sending passwords as plaintext. If a hacker is able to sniff the password sent, they can easily log in, yes. If it's a hash instead, they can easily spoof the request (e.g. tamper data, javascript injection, packet editor). However if there is an SQL injection vulnerability, a hacker will immediately be able to access any account, regardless of password strength, if the hash is done locally. If the hash is done on the server, one would need to first crack the hash.
Tue Oct 28, 2008 Reply New Discussion
Notice the way it works, hopefully you already know PHP.
It includes an admin center, a login/register system, profiling system, and a session check system.
If you are the type of person who learns from examples this is the best file to use. Read all the comments to understand what is going on exactly.
Wed Oct 29, 2008 Reply New Discussion
If you aren't going to have cookies, then the only options (which I can think of) are having to log in on every page, having some form of verification data (e.g. a session ID) on each link on each page, or storing the log-in data to be associated with your IP. I don't see how any of these are better than simply storing a cookie.
Wed Oct 29, 2008 Reply New Discussion
QUOTE (Nabb)
I don't get what you're trying to say - look at /include/session.php for example. Lots of cookies there.If you aren't going to have cookies, then the only options (which I can think of) are having to log in on every page, having some form of verification data (e.g. a session ID) on each link on each page, or storing the log-in data to be associated with your IP. I don't see how any of these are better than simply storing a cookie.
Link: view Post: 130121
I use that, $_SESSION['id'], it works and you don't have to relogin unless you close the window. It works fine and i think its better than creating and using a cookie since some antispyware or some browsers might block cookies from untrusted sites.
Wed Oct 29, 2008 Reply New Discussion
This is a good login system script of PHP which uses mySQL. It is simple but very effective. Check here yourself:
codingtricks.Blogspot.Com/2008/10/php-login-script-using-sessions-secure.html
-Khurram
Wed Jan 7, 2009 Reply New Discussion
QUOTE (priteshgupta)
have already made a database in http://www.sitebooth.com now what type of tableLink: view Post: 130063
When I try your URL, I get :
QUOTE
SITEBOOTH.COM HAS SHUT DOWNPlease use this site for free web hosting: http://www.x10hosting.com/
Thu Jan 8, 2009 Reply New Discussion
A simple login system might not pose a problem, but "simple" usually means "not secure". What is more, even the easiest ones need to make use of cookies or sessions, or even both. I have been writing PHP code for over a year now, and I still try to postpone writing login systems as much as I can
It might be a good idea to start with fetching data from the MySQL database, as this is one of the most simple tasks. You can also install different web applications and examine their MySQL structure - reading their PHP code as well is not a good idea, as these applications have very complex coding.
Fri Jan 9, 2009 Reply New Discussion
CODE
$query1 = mysql_query(INSERT INTO userstable (user, password) VALUES ($user, sha1('".$password."');
// This will create the user. The password will be stored as a random 40 character sting, so make sure your table can fit that.
$query2 = mysql_query(SELECT * FROM userstable WHERE username = '$user' AND
password = sha1('".$password."');
//This how you find and select the user...
But I do agree that learning php by coding a login system is like learning to use a drill by building a house. You should start off slow and learn the basics before you tackle a login system.
Tue Feb 17, 2009 Reply New Discussion
What do you use to make and edit a mySQL database table?
thats all I need to know!
-reply by JulianFri Jul 3, 2009 Reply New Discussion
I have a website www.Musicseensa.Com and I want to try and make it easier for the user to navigate it. I am really new to mysql and don't really know how to do much on it but I currently have 4 databases set up and would like to make it to where people don't have to log in multiple times. I have wordpress set up with one user name and password and then zencart with another and simplemachinesforum with yet another and want to consolidate them into one database so that people only have to log in once to use all the services. Any help would be greatly appreciated.
-question by OscarMon Jul 27, 2009 Reply New Discussion
 |
 |
|
 |
 |
| Reply / Comment | Ask a Question? | Share / Bookmark | E-Mail a Friend |
 Free Or Opensource Database/schema Browser? Alternatives to TOAD or PL/SQL Developer (6)
|
(2) Some Help With Data Basing 
|