Jump to content

A signup/login.php page


Belzar

Recommended Posts

Hello all,I have been trying to get a signup.asp page and a signin page. I was unsuccessful at using it for some reason and it didnt work even after I reposted my problem, I ran into problem after problem. My point is, I figured I would try this in php code. Is there anybody that could help me out with writing a signup.php code. maybe some examples or even some other ideas.Thanks a lot

Link to comment
Share on other sites

Do you mean you want a page for the signup to your site? Or the processor that handles signups, or an entire system for registering?The processor as well as the entire system could be like half of your website, if you integrate it with the rest of your functions. :) Well, registering systems just like login systems, are complicated big codes :) I suggest you learn PHP first, if you haven't already, and after that try to make some experience in coding. It would help you to begin coding from scratch.Can you code in php already? If thats so, we'll help you for your system, if not support for an entire one... :)For a secure system you'll probably need:-a running site-php (or other server-side)-mysql (or other database)-organised files *lol*

Edited by Dan The Prof
Link to comment
Share on other sites

Do you mean you want a page for the signup to your site? Or the processor that handles signups, or an entire system for registering?The processor as well as the entire system could be like half of your website, if you integrate it with the rest of your functions. :) Well, registering systems just like login systems, are complicated big codes :) I suggest you learn PHP first, if you haven't already, and after that try to make some experience in coding. It would help you to begin coding from scratch.Can you code in php already? If thats so, we'll help you for your system, if not support for an entire one... :)For a secure system you'll probably need:-a running site-php (or other server-side)-mysql (or other database)-organised files *lol*

I started learning php a little while ago, I know very little. I already have a website, and I use MySql as my database. I started learning php here on the tutorials, but I am not so sure it answers my question. I dont know how to write the code for a signup.php page still even though I know a small amount of it. Basically the only code I have written in php was what I learned here on this site.
Link to comment
Share on other sites

Okay, thats fine. But before you begin making a code to log in, you need the database to be ready with a well-thought table. First create tables and then code the login.Step 1, create your memberslist, with all the things you want to staticly store about them (such as name, registerdate, ID, country, encrypted password, age, etc.)Step 2, think of the things you'd like to store about the members when they log in or out, like login date and time, member ID or name (or both), status (like "busy" or "away").Step 3, think of how you want to log out the users. Would you modify the login entry with the logout time? Or would you insert a new logout entry?After those plans, you should be able to make some database tables. I recommend having two tables; one for the list of members, and one for their login/outs.Can you do that? :)

Edited by Dan The Prof
Link to comment
Share on other sites

True, but you would have to store the sessions somewhere where it is static, but editable. The session itself will get deleted when the user is inactive for a certain period, and all data will be lost :)

Link to comment
Share on other sites

use the password() function... say you insert drowssap as a password into a database.. if you inserted it as password(drowssap) instead it would put a string of numbers and letters like 1j32jh42kc7c89 and it would do that every time you did that. check out http://w3schools.invisionzone.com/index.php?showtopic=4797 for a more in-depth talk about encrypting..

Link to comment
Share on other sites

A good way you can encrypt password with PHP is to use the sha1() function. The point is to encrypt the password before you store it in the database, and then to encrypt the password you are checking also. That is, when someone logs in, you encrypt the password they type in and check the encrypted password against the encrypted password stored in the database.

<?php#user signup, encrypt the new password and store it$db_password = sha1($user_password);mysql_query("INSERT INTO users (..., password, ...) VALUES (..., '{$user_password}', ...)");#user login, encrypt the entered password and check$db_password = sha1($login_password);mysql_query("SELECT * FROM users WHERE password='{$db_password}'");?>

That's a pretty simple and generalized example, but hopefully you get the point.

Link to comment
Share on other sites

But instead of sha1, there is an easier and much smaller option with MySQL. I don't know the advantage of sha1 over MySQL if there is any, but still this would be quicker:

<?php$result = mysql_query("INSERT INTO table (user,mypass,age)  VALUES ('username',password('something'),'123')");?>

Edited by Dan The Prof
Link to comment
Share on other sites

I'm not sure of the specifics with the password function, but when you rely on things like that, you set a requirement for a specific database version that the server might not have, sha1 has been in PHP since 4.3.0, or md5 has been in PHP since version 3.

Link to comment
Share on other sites

Do you mean you want a page for the signup to your site? Or the processor that handles signups, or an entire system for registering?The processor as well as the entire system could be like half of your website, if you integrate it with the rest of your functions. :) Well, registering systems just like login systems, are complicated big codes :) I suggest you learn PHP first, if you haven't already, and after that try to make some experience in coding. It would help you to begin coding from scratch.Can you code in php already? If thats so, we'll help you for your system, if not support for an entire one... :)For a secure system you'll probably need:-a running site-php (or other server-side)-mysql (or other database)-organised files *lol*

I'm also trying to create a login.php that requires users to login for access to htm pages that contain data from tables.I've created a htm page where users can submit comments, and am pretty sure I can retrieve this data from the same table and display in a htm page, however can't write the login.php that gives access to this page. I assume this process would stop just anyone from accessing this page?Any help would be appreciated.
Link to comment
Share on other sites

If you have static HTML pages (with no PHP or other active scripting), then the only way to password-protect them is to set up the server and set the permissions appropriately to require a user name and password for the files.You probably want the pages showing the data to be PHP pages that get the data and create the table, and if so, you can add some code that checks the session for login info and kick the user out if they aren't logged in. Even if you have pages that end in .htm or .html, you can still send those pages to the PHP engine, you just need to set up the server to associate those extensions with the PHP engine, and then you can include PHP code in your .htm and .html files.

Link to comment
Share on other sites

I have 2 MySql database - 1 is the username & password table, the 2nd is information which will be extracted using PHP to an htm page once the user has logged in once their information matches db1

Link to comment
Share on other sites

But setting up such settings won't be available to webhosts, onwhich the hosts set the default settings standard for every acount.
Yeah, that's another advantage of having your own server or virtual server where you can control those things.
I have 2 MySql database - 1 is the username & password table, the 2nd is information which will be extracted using PHP to an htm page once the user has logged in once their information matches db1
So then make a login form, and in the page that processes it, check the database to make sure they typed everything in right. If they did, you need to give them a session cookie that has their login info in it, and check the cookie on the other pages to make sure they logged in. Search on this forum for logins and cookies if you need more help with that.
Link to comment
Share on other sites

It would be nice if an expert made a small and easy to understand tutorial special for a php-login system, or even for all three systems needed for a members site :)I have made all three systems myself, but cannot explain them and also cannot apply it to other sites if they don't use the same maximum organisation of files and printing my own site uses :)

Link to comment
Share on other sites

True, but you would have to store the sessions somewhere where it is static, but editable. The session itself will get deleted when the user is inactive for a certain period, and all data will be lost :)

what I meant was to use sessions to keep the person logged in. use mysql for the rest.
Link to comment
Share on other sites

Just to say some stuff...A signup loagin would work like this:form to sign up, asks all dynamic information (username, password...)that will be send to php script to write all the data to files.If you have 2 databases, you will open one and write the data to the end (or open it and extract the data, then add the new data to the old, then truncate and write over the file)do that to both...The data is virtually in rows and columns.Then when your loging form send data to the login php script, the php login script will take the data and try to make username to one columns and if that works, it will see if the next column over is the correct password.basicly it!to keep it safe... well you do have it in mysql, people can`t read it like a txt, But you could encode the data and write the encoded password and other data. use sessions... My friend hacker broke my cookies... Also delete the session when the browser closes. Don`t have session cookies at all possible, people can steal the content from that and paste it in there own (My friend hacker got that info then became me and it was hard to undo that... )Also you may want to block usernames if they are used in opening dir. I have to block characters because they could go backwards and junk and access other peoples files but I guess you will not have this problem if data is kept in a 2nd database. hope that helps alittle

Link to comment
Share on other sites

  • 2 weeks later...

Apologies for rehashing an old post, but after much searching on sites such as php.net, webmonkey etc, I was able to create a login page based on a single table containing the username & password fields.It all seems to work ok, but could anyone in the know, advise if there is a security loophole with this script, as I'm unable to send sessions or cookies to the server.<?php// Define variables$user = $_POST['user_name'];$pass = $_POST['password'];// Connect to database $dbh=mysql_connect ("localhost", "user_name", "password") or die ('I cannot connect to the database because: ' . mysql_error());mysql_select_db ("my_database");// Encrypt the password.$encrypted_pass = md5($pass);$result = mysql_query("SELECT * FROM table WHERE user_name='$user' AND password='$pass'");// If successful returnif($row = mysql_fetch_array($result)) { echo "<center>"; echo "Hello"; echo "<br />"; echo $row['user_name']; echo "<br />"; echo $row['comments']; echo "</center>"; }// Or else displayelse { echo "You are not authorized to view this page"; echo "<br />"; echo "Please hit the back button and enter your login details again"; }?>Many thanks

Link to comment
Share on other sites

There is, you have saved the unencrypted password in your database, instead of using the encrypted one. And you may even choose for SQL password() instead of md5, which is reliable too and much easier.But you have build this upon the idea that your database has various accounts, so you connect with the database by using the account each user has. Maybe you should limit those accounts to one, which is your own. And then expand the users table with eg a function column, with which you can check if a user has a function (like moderator) that you have defined as allowed to access the database.In this way, there is no need to manage all the many accounts (like you have defined in your own table, AND the administration tables of your database to grant access to your own tables at the same time!) You may have forgotten MySQL has meta tables, with the users list with their passwords and permissions. When you do it your way, you'd have two entries in two different tables in your database, that should equal. Limit it by one user and you won't :)That is the mayor security leak of what I can think of. :)[*Edit:]You made a table with the acounts of your members, and their database passwords. But this is what the database already has, standardly with the installation :)

Edited by Dan The Prof
Link to comment
Share on other sites

What, if I set up the connection to the database with a user account that has limited functionality and encrypt the password, as well as encrypting the passwords in the database, it would help with security?I'm still fairly new to MySql, so will read up on meta tables, and also where you mention the standard installation that has users & passwords already set up.Thanks

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...