FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Could someone create a really simple login system???





jspets
hi i am createing my website at the moment and i wanted to have a login system in there.
I have been researching the internet and the fri hosting forums. I have tried to make some but some of the sql codes for the databse are wrong, and others are a bit too complicated.

If it is possible it wold be good if someone could post a really simple step by step login system tutorial and a registering form page, explaining where to put files once you have done them and how to encorporate them into your website and making the login system secure etc. i am new to website building, mysql and php, but i have a bit of an understanding Smile Also could someone tell me how tolink it to a database e.g mysql

I think if someone who had a thorough understanding of making login systems could create a really good tutorial explaining the steps thoroughly, then it would benefit numerous amounts of new frihosters.

Thanks Smile
badai
this is not the only way, but almost "universal" on web server with php

just use session, on each and every file (except login page) you start with

session_start()

then check for login_session (which you define in your login page when user succesfully login)

if session does not exist (expired or user try to access the page directly), you can kick that user to login page.

you can store login/password in database.


example of "header" on every file:

Code:
session_start();
<?
if (!(isset($_SESSION['login'])))
{
   header("Location: login.php");
   //or use javascript if php doesn't work. sometime it just don't work. i don't know why
   //echo "<script type=\"text/javascript\">   top.location=\"login.php\";  </script>";
}
?>


on login page:
Code:
<?
session_start();
 if (isset($_POST['do_login']))
 {
  $do_login = $_POST['do_login'];
  $login = $_POST['login'];
  $password = $_POST['password'];
 }
 else
 {
  $do_login = 0;
  $login = "";
  $password = "";
 }
 if ($do_login)
 {
  /*here goes the code to get login and password from db.
if login success (correct password for that login), $authenticated = true; else $authenticated = false;

note:you should not store password as plain text. you can use MD5 to store it, secure, fixed length, short. just an example. use your own imagination for a better way to store password. you will feel really bad if you know you friends' password.

*/

if ($authenticated)
{
 $_SESSION['login'] = $login;
 echo "<script type=\"text/javascript\">   location=\"landing_page.php\";  </script>";
}
else
{
   echo "<div align=\"center\"><br />\n";
   echo "Login incorrect.";
   echo "<br /></div>\n";
   $do_login = 0;
}

 if (!($do_login))
 {

 ?>
<!-- here create your login form -->
  <form action="<?$PHP_SELF?>" method="post">
   <input type="hidden" name="do_login" value="1" />
<!-- the rest of the from here, just a text field: login; password field: password and a big ugly button with "SUBMIT" text on it -->
<?
} //close the curly bracket

?>


if you use MD5 to store the password, don't forget to use

Code:
$password = md5($password)


after

Code:
$password = $_POST['password']


edit by rvec: please keep it all in one post
albuferque
Watch these videos:

http://www.youtube.com/watch?v=7JmSf9JfQjY

http://www.youtube.com/watch?v=7_G6Uh8saFk
erlendhg
Actually, you should use sha1 instead of md5, since md5 has been proven to have several security flaws.
badai
sorry for posting multiple time.

after the first post i realized it wasn't helpful enough, hence the second post. i didn't know we are required to edit our existing post and to add the next post at the bottom of the existing post. i just feel it would make it seem like losing the originality of the flow of what's going on on the thread if we edit an existing post.

what if someone reply to it while i still composing the next post, and somehow i changed the original content of the first post? it will be confusing. because it does take some time for me to compose the next post actually, but now you've merged it, nobody will know how long it elapsed between my two post, which is the time i took to composed the second post.

i think it shouldn't be some kind of requirement here. it will be very weird if we read a thread where someone ask how to do something, and the previous two post actually answer it. we might think the later poster didn't bother read the previous post, while what actually happen is somebody might have merged it.

then again, a moderator always knew what's best.
riccopt
you can do it with .htaccess combined with .htpasswd
all you need to do is add both files inside the directory you want to have "protected"...

here is a link to help you with that:
http://tools.dynamicdrive.com/password/
jspets
Thank you for your feedback but i think it would be good if someone could actually make a tutorial that includes what sql needed to mae the database and also how to php in the website. Very Happy Very Happy Smile

But thanks to everyone who has posted Smile
riccopt
jspets wrote:
Thank you for your feedback but i think it would be good if someone could actually make a tutorial that includes what sql needed to mae the database and also how to php in the website. Very Happy Very Happy Smile

But thanks to everyone who has posted Smile


if you go for htaccess combined with htpasswd you don't need to write anything on a database... the only problem is that it will only work on APACHE servers...
erlendhg
I would give it a try Smile

First you need a mysql database and a user with all privileges to it.
If you need to create a database and user, you could try to google mysql + directadmin/cpanel (I don't know which of those you use).

Then, I have created two files for you: conf.php and install.php
Install.php creates the table you need. I have added one field for username and one for password, but also one for email address and one that could be used for access level restriction.
Conf.php contains a function and information for connection to the database.

Code:
<?php // conf.php

// Edit below
$dbhost = "localhost"; // mysql host, usually localhost
$dbuser = "dbuser"; // <== mysql username goes here
$dbpass = "dbpw"; // <== mysql password goes here
$dbname = "restricted"; // <== mysql database name goes here
// Stop editing

function dbConnect($db) {
    global $dbhost, $dbuser, $dbpass;
   
   $dbcnt = mysql_connect($dbhost, $dbuser, $dbpass)
      or die("The mysql database appears to be down.");
   
   mysql_select_db($db)     
      or die("The mysql database is unavailable.");
      
   return $dbcnt;
}

?>


Code:
<?php // install.php

// Edit below
$table_name = "users"; // <== This is the name of your login table. You can call it whatever you like
$username_max_length = 25; <== How many characters do you allow usernames to be?
// Stop editing

require("conf.php");

dbConnect($dbname);


$has_table = false;
$tables = mysql_list_tables($dbname);
$num_rows = mysql_num_rows($tables);
for ($i = 0; $i < $num_rows; $i++) {
       if (mysql_tablename($tables, $i) == $table_name) {
      $has_table = true;
      break;
   }
}

if ($has_table) die("Table '$table_name' already exists!");


$sql = 'CREATE TABLE ' . $table_name . '
   (username VARCHAR(' . $username_max_length . ') NOT NULL,
   password VARCHAR(40) NOT NULL,
   email VARCHAR(255) NOT NULL,
   access TINYINT NOT NULL)';

mysql_query($sql)
   or die(mysql_error());
   
echo "Table '$table_name' was successfully created :)";

?>


Place both files in the same folder, and run install.php. If everything goes fine, you should delete install.php (you could run it one more time first, to check if the table was actually created).

Then you could use the script that badai wrote, but personally I prefer a slightly different approach (though it is similar) :


restrict.php:
Code:
<?php // restrict.php

session_start();

$loginurl = "login.php?redirect=$PHP_SELF";

if (isset($_REQUEST['logout'])) {
   unset($_POST['username']);
   unset($_POST['password']);
   unset($_SESSION['usr']);
   unset($_SESSION['pwd']);
   
   session_unset();
   
   echo('<meta http-equiv="refresh" content="0; url=index.php">');
   exit;
}

if (isset($_POST['do_login'])) {
   $_SESSION['usr'] = $_POST['username'];
   $_SESSION['pwd'] = $_POST['password'];
} else if (!isset($_SESSION["usr"])) {
   echo('<meta http-equiv="refresh" content="0; url=' . $loginurl . '">');
   exit;
}

$usr = $_SESSION['usr'];
$pwd = $_SESSION['pwd'];

if (get_magic_quotes_gpc()) $pwd = stripslashes($pwd);

$enc_pw = sha1($pwd);
$lusr = strtolower($usr);

require("conf.php");

dbConnect($dbname);

$loginsql = mysql_query("SELECT * FROM users WHERE username = '$lusr' AND password = '$enc_pw'");

if (!mysql_num_rows($loginsql)) {
   unset($_SESSION['usr']);
   unset($_SESSION['pwd']);
 
   session_start();
   die("Your username / password combination was not recognised.<br>
   You could try to <a href=\"$loginurl\">log in</a> again.");
}

$accesslvl = mysql_result($loginsql, 0, 3);

?>


login.php:

Code:
<?php // login.php

if (isset($_REQUEST['redirect']))
   $redirect = $_REQUEST['redirect'];
else
   $redirect = "index.php";
   
?>

<html>
<body>

<form action="<?=$redirect?>" method="post">
   <input type="hidden" name="do_login" value="1">
   <input name="username">
   <input type="password" name="password">
   <input type="submit">
</form>

</body>
</html>


index.php (dummy/example):

Code:
<?php // index.php
require("restrict.php"); // This makes the page "login protected"
?>

<html>
<head>
<body>

This is the main page.<br>
<?php
if ($accesslvl) echo "You have accesslevel: $accesslvl";
?>
<br><br>
<a href="<?=$PHP_SELF?>?logout">Log out</a>

</body>
</html>


This index.php is just a dummy file (as an example), though if you look in restrict.php and login.php, they both point at index.php as a "You start here" file where you go if you log in.

Also, if you try to request another page (different from index.php), you are redirected to login.php, but if you successfully log in, you will be redirected to the intended page (specified in $loginurl in request.php) Smile

Hope that this can be to any help Smile
Related topics
html login system
Simple login system
simple login script
Login System help
Developing a Login System with PHP and MySQL
i need a single user login system
create swishmax Login with phpbb db
Login System Tutorial Part 1 Creating Registration
Frih$ on offer for PHP Login System
how do you create a login field with html?
Protect Your Page With Simple Login But Yet Powerful Script
Login system with uploading features!
Login system doesn't work
Creating safe persistent login system
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.