 PHP: Writing A Generic Login And Register Script |
|
|
|
|
  |
 Feb 25 2005, 06:06 PM
Post
#11
|
|
|
Member [ Level 2 ]  Group: Members Posts: 56 Joined: 24-December 04 Member No.: 1,874  |
Well its that time again. First thing we have to do is modify our login script.
CODE function loginUser() { session_start(); .... if (md5(password) == $row['fldPassword']) { $_SESSION['loggedin'] = true; .... } } Now we add the session_start at the beginning of our function so that it starts our session. Now we replace our setcookie with the $_SESSION variable. Now in any other php page you want to protect just add the following code: CODE <?php session_start(); if (!$_SESSION['loggedin']) { die("Not logged in"); } ?> Now there is a lot more that can be done with this but its a basic script that should get you started. Well that should be about it for this set of tutorials. |
 |
 
|
|
Nov 24 2007, 05:49 AM
Post
#12
|
|
|
Newbie [ Level 1 ] Group: Members Posts: 0 Joined: 1-November 07 Member No.: 25,869 |
You said this in ur register script ok :>> Now this HTML defines a form with to input fields and a button. The thing to look at though is the action attribute of the form tag. Here we have another php code section. This puts the path of the current script as our action with the variable register equal to true. We will deal with that in our code later. For now your code should look like this:
ok you said that. now the part I need is the path of the current script as my action with the variable register equal to true can you reply asap Please thanks -paul redpath |
|
|
|
|
Dec 17 2007, 12:52 AM
Post
#13
|
|
|
PESTICIDAL MANIAC Group: Members Posts: 626 Joined: 1-September 04 From: Auckland, New Zealand Member No.: 27 |
Just leaving a message in this post so I know to come back here when I have enough time and show certain security flaws with this simple login script.
Cheers, MC |
|
|
|
|
Apr 12 2008, 12:15 AM
Post
#14
|
|
|
Newbie [ Level 1 ] Group: Members Posts: 0 Joined: 1-November 07 Member No.: 25,869 |
Another great login script
PHP: Writing A Generic Login And Register Script There is also a great login/registration script at www.Easykiss123.Com/?p=33 It's a free script and there is a video that walks you through setting it up for your existing site. -reply by Quantum PHP |
|
|
|
|
Aug 14 2008, 05:22 PM
Post
#15
|
|
|
Newbie [ Level 1 ] Group: Members Posts: 0 Joined: 1-November 07 Member No.: 25,869 |
There are a few more things I always add to my registration code.
1. Convert the username string to lowercase, strtolower(STRING), I do this so you won't get a user called User, one called user, one called USer, one called USEr, one called USER, one called uSER, and so on.. :P 2. Check in the registration code if the username already exists in the database, you don't want someone to overwrite your account by simply creating a new one. - Falcon -reply by Falcon |
|
|
|
|
Nov 7 2008, 03:44 PM
Post
#16
|
|
|
Newbie [ Level 1 ] Group: Members Posts: 1 Joined: 6-November 08 Member No.: 34,637 |
hello
i found this script on www.marakana.com I cant find how it connecnts to DB can u guide me where exactly it is? (i think there is not any DB connection setup. it just uses users in array) and if you guys know any source where can find code which will help me to make the following…. i whant to make users which can change the content of div element on the page… something like this comment box.. but i whant to give this permission manualy to users and also activate there accounts manualy (like on forums)and secured as much as it posible and with registration page security i have problems as well i am noob in php. i dont even know if this code is secured well if u guys can help me with this here is the code maybe it will help other members as well =/ File name: login.php CODE <?php ///////////////////////////////////////////////////////////////////////////// // // LOGIN PAGE // // Server-side: // 1. Start a session // 2. Clear the session // 3. Generate a random challenge string // 4. Save the challenge string in the session // 5. Expose the challenge string to the page via a hidden input field // // Client-side: // 1. When the completes the form and clicks on Login button // 2. Validate the form (i.e. verify that all the fields have been filled out) // 3. Set the hidden response field to HEX(MD5(server-generated-challenge + user-supplied-password)) // 4. Submit the form ////////////////////////////////////////////////////////////////////////////////// session_start(); session_unset(); srand(); $challenge = ""; for ($i = 0; $i < 80; $i++) { $challenge .= dechex(rand(0, 15)); } $_SESSION[challenge] = $challenge; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html> <head> <title>Login</title> <script type="text/javascript" src="http://pajhome.org.uk/crypt/md5/md5.js"></script> <script type="text/javascript"> function login() { var loginForm = document.getElementById("loginForm"); if (loginForm.username.value == "") { alert("Please enter your user name."); return false; } if (loginForm.password.value == "") { alert("Please enter your password."); return false; } var submitForm = document.getElementById("submitForm"); submitForm.username.value = loginForm.username.value; submitForm.response.value = hex_md5(loginForm.challenge.value+loginForm.password.value); submitForm.submit(); } </script> </head> <body> <h1>Please Login</h1> <form id="loginForm" action="#" method="post"> <table> <?php if (isset($_REQUEST[error])) { ?> <tr> <td>Error</td> <td style="color: red;"><?php echo $_REQUEST[error]; ?></td> </tr> <?php } ?> <tr> <td>User Name:</td> <td><input type="text" name="username"/></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="password"/></td> </tr> <tr> <td> </td> <td> <input type="hidden" name="challenge" value="<?php echo $challenge; ?>"/> <input type="button" name="submit" value="Login" onclick="login();"/> </td> </tr> </table> </form> <form id="submitForm" action="authenticate.php" method="post"> <div> <input type="hidden" name="username"/> <input type="hidden" name="response"/> </div> </form> </body> </html> File name: common.php CODE <?php //////////////////////////////////////////////////////////////////////////////// // // COMMON PAGE // // Defines require_authentication() function: // If the user is not authenticated, forward to the login page // //////////////////////////////////////////////////////////////////////////////// session_start(); function is_authenticated() { return isset($_SESSION[authenticated]); amp;amp; $_SESSION[authenticated] == "yes"; } function require_authentication() { if (!is_authenticated()) { header("Location:login.php?error=".urlencode("Not authenticated")); exit; } } ?> File Name: authenticate.php CODE <?php ///////////////////////////////////////////////////////////////////////////// // // AUTHENTICATE PAGE // // Server-side: // 1. Get the challenge from the user session // 2. Get the password for the supplied user (local lookup) // 3. Compute expected_response = MD5(challenge+password) // 4. If expected_response == supplied response: // 4.1. Mark session as authenticated and forward to secret.php // 4.2. Otherwise, authentication failed. Go back to login.php ////////////////////////////////////////////////////////////////////////////////// $userDB = array("john" => "abc123", "bob" => "secret", "anna" => "passwd"); function getPasswordForUser($username) { // get password from a simple associative array // but this could be easily rewritten to fetch user info from a real DB global $userDB; return $userDB[$username]; } function validate($challenge, $response, $password) { return md5($challenge . $password) == $response; } function authenticate() { if (isset($_SESSION[challenge]) && isset($_REQUEST[username]) && isset($_REQUEST[response])) { $password = getPasswordForUser($_REQUEST[username]); if (validate($_SESSION[challenge], $_REQUEST[response], $password)) { $_SESSION[authenticated] = "yes"; $_SESSION[username] = $_REQUEST[username];; unset($_SESSION[challenge]); } else { header("Location:login.php?error=".urlencode("Failed authentication")); exit; } } else { header("Location:login.php?error=".urlencode("Session expired")); exit; } } session_start(); authenticate(); header("Location:secret.php"); exit(); ?> File name: secret.php CODE <?php //////////////////////////////////////////////////////////////////////////////// // // SECRET PAGE // // Invokes require_authentication() to ensure that the user is authenticated // //////////////////////////////////////////////////////////////////////////////// require("common.php"); require_authentication(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html> <head> <title>Secret Page</title> </head> <body> <h1>This is a Secret Page</h1> <p>You must have successfully authenticated since you are seeing this page.</p> <p> <a href="<?php echo $_SERVER[PHP_SELF]; ?>">View again?</a> </p> <p> <a href="login.php">Logout?</a> </p> </body> </html> I would appreciate it p.s sorry for english =/ This post has been edited by Shag: Nov 7 2008, 03:54 PM |
|
|
|
|
Similar Topics
| Topics | Topics | |
|---|---|---|
|
|
|
|
Lo-Fi Version | Time is now: 5th December 2008 - 02:06 AM |