Jump to content

Password System


Recommended Posts

Yeah, I'm good with SQL and all that.I just, don't know where to start.i.e, how to check the password is correct (actualy, that's pretty easy)but then there is encoding the password on the SQL database (It's just too temping >.<).How to check if a user is logged in. ect

Link to post
Share on other sites

This is my homemade login system, you should not use it unless you specify your preferences :)Note: this in ONLY an example!

/* ## Loginsystem by Dan The Prof © ## */if (@$_GET['login'] == "yes") /* ## Start Login (user input has been submitted) ## */{ $User = @$_POST['[color="red"]User[/color]']; $Pass = @$_POST['[color="red"]Pass[/color]'];  $logsquery = "SELECT [color="blue"]Username[/color] FROM [color="blue"]Memberslist[/color]    WHERE [color="green"]some conditions according to your preferences[/color]";  $logresult = mysql_query($logsquery); $loginrows = mysql_num_rows($logresult);  if ($loginrows == 1) /* ## If username and password give permission ## */  { $_SESSION['permission'] = "Yes";    $_SESSION['logname'] = $User;    $_SESSION['password'] = $Pass;    header("Location: [color="green"]this_file[/color]";  } else /* ## If no permission is acquired ## */  { $errormessage = "Your haven't permission to log in here."; }} /* ## End Login script ## */if (@$_POST['[color="red"]Logout[/color]'] != "") /* ## Log out script (User clicked logout button) ## */{ session_destroy(); header("Location: [color="green"]this_file[/color]"); }elseif (@$_SESSION['logname'] != "") /* ## Update script (between pages check) ## */{ $User = $_SESSION['logname']; $Pass = $_SESSION['password'];  $logsquery = "SELECT [color="blue"]Username[/color] FROM [color="blue"]Memberslist[/color]    WHERE [color="blue"]Username[/color]='$User' AND [color="blue"]Password[/color]=password('$Pass')";  $logresult = mysql_query($logsquery); $loginrows = mysql_num_rows($logresult);  if ($loginrows != 1) /* ## If account of logged in user has been updated ## */  { [color="green"]Error page display to your preferences[/color]; session_destroy(); exit(); }} /* ## End Loginsystem ## */  (...) // Lateron in your document, at the display of the login formif (@$errormessage) { echo $errormessage; }echo "[color="green"]Login form, where user should login (again).When submitted, variable 'login' is added to the url, with value 'yes'.Another form where you can logout, should be echoed here when someone is logged in.On logout submit, 'Logout' submitbuttonname should be posted to the next location.[/color]";

Blues are the database's datas,Greens are your preferences,And Reds are your login form inputnames.----Because I don't think this code is very easy, I'll supply a short explanation.This system is a program that should be loaded into the document that would be called when the user submits its login. It could be the same page, and that is what I did.The system is devided into three parts. Every part is a IF construction. The first is the part that logs a user in, the second logs the user out, and finaly the third part checks the users login after each page revisit.Remember the system is only at one page when it is needed at only that page. When more pages use the system you don't have to copy the whole thing to every page that requires it, but for security check, do add only the third part at every page (change the elseif into if in that case).

Edited by Dan The Prof
Link to post
Share on other sites

this is a simple login scriptlogin.htm

<form action="login.php" method="post">Password: <input type="text" name="password"></form>

login.php

<?php$conn = mysql_connect(localhost,db userame,db password);mysql_select_db(db name) or die("Unable to select database");$password = $_POST['password'];$password2 = md5($password);/*To Be really safe you could do this */$password3 = md5($password2);/* Assuming that you have the encrypted password in the db do this */$getdbpassword = mysql_query("SELECT * FROM password");while ($row = @mysql_fetch_assoc($getdbpassword)){$pass = $row['password'];}if($pass == $password3){echo 'Successfully Logged In';}else{echo 'Login Failure. Please try again.';}/* If you don't have the encrypted password in your database, run this and put what gets outputted into a table called password in a field called password in your DB */echo $password3;

Hope this makes sense

Link to post
Share on other sites

I like this example. It's simple and clean and a good basis from which to start.I have a couple of questions though. First, why

$getdbpassword = mysql_query("SELECT * FROM password");while ($row = @mysql_fetch_assoc($getdbpassword)){

Instead of

$getdbpassword = mysql_query("SELECT * FROM password WHERE password='".$password3."'");

And why aren't you asking for a user name and checking for the combination of user name and password?Thanks.

Link to post
Share on other sites

Fair enough :(You should insert session_start() at the top of the document, before everything, after the opening PHP tag <?php. After that, connect to your database. I take it you already have a table in it with member data? It should be there before you do this, and have at least a table with usernames and their passwords.

$host = "mysql"; $user = "dhostacountname"; $pass = "password"; $dbase = "dhostacountname";$conn = mysql_connect($host,$user,$pass);mysql_select_db($dbase,$conn);
And third, place the loginsystem. (Maybe you already have some code in your login document before the loginform, it goes between the system and the comment at its very bottom, the long green lines).1 Look for the added comment at the bottom of this code, and remove it after you carefully read it. Then write the two forms according to the notices, as follows.
<?php // Login form (no login detected, or no access permission)if (@$_SESSION['permission'] != "Yes") {echo "<form ... action='{$_SERVER['PHP_SELF']}?login=yes' method='post'>\n";if (@$errormessage) { echo "$errormessage\n"; } // display the message if an error occuredecho "<input type='text' name='User' value=''>\n";echo "<input type='password' name='Pass' value=''>\n";echo "</form>\n"; }else { // Login detected, and permission to accessecho "<form ... action='{$_SERVER['PHP_SELF']}' method='post'>\n";echo "Welcome {$_SESSION['logname']}, have a plesant stay!\n";echo "<input type='submit' name='Logout' value='Log yourself out!'>\n";echo "</form>"; } ?>
Do you understand these codelines? Notice the reds, they refer to the same reds in the loginsystem.2 If this document is not the only one that should be able to have the user logged in,Then split (in mind) the loginsystem into three parts: two times if(){} and one elseif(){}. Copy the third part,and past it again at the top of the document that also should have the login, always after session_start() and the connection with your database. Remember to replace elseif(){} by if(){} when it is left alone.3 When you're done doing these things, start thinking of replacing the remaining green parts by what they represent in your situation. Such as this_file, which should be myloginpage.php when the containing document is called "myloginpage.php". For those conditions at the login, it is dependant to what you have in your database. You can also check for age (if you don't let users under 13 years login), a certain username (give only permission to certain users), usersfunction (let only admins and moderators login), and many more. If you don't like to use this more advanced way, the condition could be as follows:
WHERE Username='$User' AND Password='$Pass'
==========If this is still complicated, just give a yel :)When done you can use $_SESSION['logname'] in a php-section for the name of the logged in user. Also more values may be set after login, just add more $_SESSIONs at the top of the loginsystem, where you find them. You can then call them too at every logged in page :) (such as the age, the prefered skin color, etc)Edit: I forgot explain some greenlines Edited by Dan The Prof
Link to post
Share on other sites

Though I thought about checking the combination, my system included this :)By the way, I refined the explanation above, have a closer look at step3, which I just added :)In all, it is not that difficult to use my system. It is easier than it looks.

Edited by Dan The Prof
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...