how to create make a secure php login script with database password verification mysql
RegisterLogin
Webune Forums » PHP » how to create make a secure php login script with database password verification mysql
how to create make a secure php login script with database password verification mysql
Post Description: how to create make a secure php login script with database password verification mysql
Tags: how, to, create, make, a, secure, php, login, script, with, database, password, verification, mysql
This Post Was Posted On Feb 29, 2008 By web hosting #1243
Post Description: how to create make a secure php login script with database password verification mysql
Tags: how, to, create, make, a, secure, php, login, script, with, database, password, verification, mysql
This Post Was Posted On Feb 29, 2008 By web hosting #1243
how to create make a secure php login script with database password verification mysql by web hosting
if you have a php website, the folks at Webune.com Hosting have provided us with this script you can use on your pages.
step 1. create your mysql table:
CODE:
CREATE TABLE `members` (
`user_id` int(4) NOT NULL auto_increment,
`username` varchar(65) NOT NULL default '',
`password` varchar(65) NOT NULL default '',
PRIMARY KEY (`user_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
--
-- Dumping data for table `members`
--
INSERT INTO `members` VALUES (2, 'admin', MD5('password');
`user_id` int(4) NOT NULL auto_increment,
`username` varchar(65) NOT NULL default '',
`password` varchar(65) NOT NULL default '',
PRIMARY KEY (`user_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
--
-- Dumping data for table `members`
--
INSERT INTO `members` VALUES (2, 'admin', MD5('password');
make sure to change these two lines according to your database. you need to provide:
hostname
database user name
database user name password
database name
so make sure to edit these lines:
$db = mysql_connect("localhost", "user", "password");
mysql_select_db("thiscript",$db);
or else, the script will now work because it cannot connect to your database to validate that the user and password provided in the form is good or not and your script will fail and give you error.
CODE:
<?
# PLEASE DO NOT REMOVE THIS
# THIS SCRIPT WAS CREATED BY WEBUNE.COM
# FIND PHP HOSTING AT WWW.WEBUNE.COM
# FREE WALLPAPERS AND SCRIPTS AT WWW.WALLPAPERAMA.COM
session_start();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Simple Login Script Crated By Wallpapera and Webune Hosting</title>
</head>
<body>
<h1><img src="http://www.webune.com/images/logo4.jpg">~ Webune Login Script ~</h1><hr>
<?
function form($error)
{
?>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr align="center">
<td colspan="3"><? if($error){ echo $error; } else { echo '<strong>Member Login </strong>'; } ?></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<?
}
function login_check($username,$password)
{
$db = mysql_connect("localhost", "user", "password") or die('Script Could not connect to database');
mysql_select_db("script",$db);
$password = md5($password);
$sql = "SELECT username,password FROM members where username = '".$username."'";
$result = mysql_query($sql ,$db);
if ($myrow = mysql_fetch_array($result))
{
if($username == $myrow['username'] && $password == $myrow['password'])
{
$login_check = true;
}
else
{
$login_check = false;
}
}
else
{
$login_check = false;
}
return $login_check;
}
if(isset($_REQUEST['Submit']))
{
if(!$_POST['username'] || !$_POST['password'])
{
$error = 'Error: All fields are required';
echo form($error);
}
else
{
if (login_check($_POST['username'],$_POST['password']))
{
echo 'Congratulations! You are now logged in<br><a href="./">Continue</a>';
session_register("username");
session_register("password");
}
else
{
$error = "Invalid username or password, try again";
echo form($error);
}
}
}
else
{
if($_GET['logout'])
{
session_destroy();
$error = "Logged Out Success - Try Again"; echo form($error); } else { if ($_SESSION['username']) { if (login_check($_SESSION['username'],$_SESSION['password'])) { echo '<a href="?logout=yes">Log out</a>Wallpaperama is a collection of high quality, high resolution wallpapers for free. Download Free Wallpapers for free at Wallpaperama.com'; } else { $error = "Please Login"; echo form($error); } } else { $error = "Welcome, Please Login"; echo form($error); } } } ?><div align="center">
<p> </p>
<p>PHP Hosting By <a href="http://www.webune.com">Webune.com</a></p>
</div> </body>
</html>
# PLEASE DO NOT REMOVE THIS
# THIS SCRIPT WAS CREATED BY WEBUNE.COM
# FIND PHP HOSTING AT WWW.WEBUNE.COM
# FREE WALLPAPERS AND SCRIPTS AT WWW.WALLPAPERAMA.COM
session_start();
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Simple Login Script Crated By Wallpapera and Webune Hosting</title>
</head>
<body>
<h1><img src="http://www.webune.com/images/logo4.jpg">~ Webune Login Script ~</h1><hr>
<?
function form($error)
{
?>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr align="center">
<td colspan="3"><? if($error){ echo $error; } else { echo '<strong>Member Login </strong>'; } ?></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<?
}
function login_check($username,$password)
{
$db = mysql_connect("localhost", "user", "password") or die('Script Could not connect to database');
mysql_select_db("script",$db);
$password = md5($password);
$sql = "SELECT username,password FROM members where username = '".$username."'";
$result = mysql_query($sql ,$db);
if ($myrow = mysql_fetch_array($result))
{
if($username == $myrow['username'] && $password == $myrow['password'])
{
$login_check = true;
}
else
{
$login_check = false;
}
}
else
{
$login_check = false;
}
return $login_check;
}
if(isset($_REQUEST['Submit']))
{
if(!$_POST['username'] || !$_POST['password'])
{
$error = 'Error: All fields are required';
echo form($error);
}
else
{
if (login_check($_POST['username'],$_POST['password']))
{
echo 'Congratulations! You are now logged in<br><a href="./">Continue</a>';
session_register("username");
session_register("password");
}
else
{
$error = "Invalid username or password, try again";
echo form($error);
}
}
}
else
{
if($_GET['logout'])
{
session_destroy();
$error = "Logged Out Success - Try Again"; echo form($error); } else { if ($_SESSION['username']) { if (login_check($_SESSION['username'],$_SESSION['password'])) { echo '<a href="?logout=yes">Log out</a>Wallpaperama is a collection of high quality, high resolution wallpapers for free. Download Free Wallpapers for free at Wallpaperama.com'; } else { $error = "Please Login"; echo form($error); } } else { $error = "Welcome, Please Login"; echo form($error); } } } ?><div align="center">
<p> </p>
<p>PHP Hosting By <a href="http://www.webune.com">Webune.com</a></p>
</div> </body>
</html>
you can copy and paste the code above in notepad if you like then save as login.php and upload to your php website.
IMPORTANT: you must have php on your site: if you don't have PHP, you can buy a PHP plan at our friends at Webune.com
after you have uploaded login.php to your site, open it with your browser and you can login with the default username and password:
username: admin
password: password
hope this helps.
Thanks Webune.com for their support on this.
Leave Your Comments
Related Pages: [Add Your Website]
Post New Topic
yako
#1680 1
this is a login script i had saved in my notes but i dont remember where i got but it works great, very simple script:
create a file called: functions.php
Now Create a file called index.php
Now save this file as login.php
create a file called: functions.php
<?php
function createsessions($username,$password)
{
//Add additional member to Session array as per requirement
session_register();
$_SESSION["gdusername"] = $username;
$_SESSION["gdpassword"] = md5($password);
if(isset($_POST['remme']))
{
//Add additional member to cookie array as per requirement
setcookie("gdusername", $_SESSION['gdusername'], time()+60*60*24*100, "/");
setcookie("gdpassword", $_SESSION['gdpassword'], time()+60*60*24*100, "/");
return;
}
}
function clearsessionscookies()
{
unset($_SESSION['gdusername']);
unset($_SESSION['gdpassword']);
session_unset();
session_destroy();
setcookie ("gdusername", "",time()-60*60*24*100, "/");
setcookie ("gdpassword", "",time()-60*60*24*100, "/");
}
function confirmUser($username,$password)
{
$md5pass = md5($password);
/* Validate from the database but as for now just demo username and password */
if($username == "demo" && $password == "demo")
return true;
else
return false;
}
function checkLoggedin()
Now Create a file called index.php
<?php
ob_start();
session_start();
require_once ("functions.php");
if (checkLoggedin())
echo "<H1>You are already logged in - <A href = "login.php?do=logout">logout</A></h1>";
else
echo "<H1>You are not logged in - <A href = "login.php">login</A></h1></h1>";
?>
Now save this file as login.php
<?php
ob_start();
session_start();
require_once ("functions.php");
$returnurl = urlencode(isset($_GET["returnurl"])?$_GET["returnurl"]:"");
if($returnurl == "")
$returnurl = urlencode(isset($_POST["returnurl"])?$_POST["returnurl"]:"");
$do = isset($_GET["do"])?$_GET["do"]:"";
$do = strtolower($do);
switch($do)
{
case "":
if (checkLoggedin())
{
echo "<H1>You are already logged in - <A href = "login.php?do=logout">logout</A></h1>";
}
else
{
?>
<form NAME="login1" ACTION="login.php?do=login" METHOD="POST" ONSUBMIT="return aValidator();">
<input TYPE="hidden" name="returnurl" value="<?$returnurl?>">
<TABLE cellspacing="3">
<TR>
<TD>Username:</TD>
<TD><input TYPE="TEXT" NAME="username"></TD>
<TD>Password:</TD>
<TD><input TYPE="PASSWORD" NAME="password"></TD>
</TR>
<TR>
<TD colspan="4" ALIGN="center"><input TYPE="CHECKBOX" NAME="remme"> Remember me for the next time I visit</TD>
</TR>
<TR>
<TD ALIGN="CENTER" COLSPAN="4"><input TYPE="SUBMIT" name="submit" value="Login"></TD>
</TR>
</form>
</TABLE>
<?
}
break;
case "login":
$username = isset($_POST["username"])?$_POST["username"]:"";
$password = isset($_POST["password"])?$_POST["password"]:"";
if ($username=="" or $password=="" )
{
echo "<h1>Username or password is blank</h1>";
clearsessionscookies();
header("location: login.php?returnurl=$returnurl");
}
else
{
if(confirmuser($username,$password))
{
createsessions($username,$password);
if ($returnurl<>"")
header("location: $returnurl");
else
{
header("Location: index.php");
}
}
else
{
echo "<h1>Invalid Username and/Or password</h1>";
clearsessionscookies();
header("location: login.php?returnurl=$returnurl");
}
}
break;
case "logout":
clearsessionscookies();
header("location: index.php");
break;
}
?>
so now you should have three files, if you don't know how to save them, you can use notepad just copy and save them with notepad. then upload to your website which has PHP on it and that's it.
Jun 01, 2007 Reply Report abuse
©2011 Webune Forums - Sun Dec 18, 2011 6:01 pm
Powered by: Webune Forums V3
Powered by: Webune Forums V3