Announcement

Collapse
No announcement yet.

Basic Login System

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Basic Login System

    Overview
    A login system is a way to filter unwanted activity in area's you dont want that activity to be, for such, a comment system. When making a login system, it is vital that you make it secure from any type attacks or bypassing, otherwise, there really is no point having one.

    What do you need to learn
    Sessions
    Mysql Functions
    mres
    unset
    Switch (Possibly)
    connect to the database

    What you need
    • [li]Knowledge of using a database (to hold users information)[/li]
      [li]Database management system, For example phpmyadmin[/li]


    Psuedo code In plain English, what do you need to do?
    connect to the database
    start sessions
    show a form, where the user types in their credentails
    secure input data from the user
    check user inputs against database
    show any errors at all
    start login session
    show success text

    Ways of going about creating a login system
    There are many ways of creating the login system. Using the switch function or the predefined variable $_GET/isset you can create the whole login and register system in one file. You can also add jQuery/Ajax effects to make it more user friends and customise it with css.

    Skeleton Code
    Code:
    <?php
    $link = mysql_connect('localhost', 'mysql_user', 'mysql_password');
    mysql_select_db('foo', $link);
    session_start();
    if(isset($_POST['submit'])) //pressed the submit button
    {
     * //do more
    }
    else
    {
     *//show form
    }
    ?>
    Creating the form
    I assume you know the pre-defined variable $_POST and how to use it.
    Code:
    <form action='' method='post'>
     * * * * *Login Name: <input type='text' name='login' length='5' maxlength='15' />
     * * * * *Passcode: <input type='password' name='passcode' length='5' maxlength='25' />
     * * * * *<input type='submit' name='submit' value='Login!'>
    </form>
    Skeleton Code [Update w/ Form]
    Code:
    <?php
    $link = mysql_connect('localhost', 'mysql_user', 'mysql_password');
    mysql_select_db('foo', $link);
    session_start();
    if(isset($_POST['submit'])) //pressed the submit button
    {
     * //do more
    }
    else
    {
     * echo "<form action='' method='post'>
     * * * * *Login Name: <input type='text' name='login' length='5' maxlength='15' />
     * * * * *Passcode: <input type='password' name='passcode' length='5' maxlength='25' />
     * * * * *<input type='submit' name='submit' value='Login!'>
     * * * * *</form>";
    }
    ?>
    Assigning the inputs to variables and securing them
    Code:
    <?php
    $login_name = htmlspecialchars(mysql_real_escape_string($_POST['login']));
    $passcode = md5($_POST['passcode']); //Its best to use an alternative encryption method rather than md5 as it can be decrypted
    ?>
    Checking to see if their inputted data exists on the database (assuming you have already created one)
    Code:
    <?php
    $exists = mysql_query("SELECT `key` FROM `tablename` WHERE `fieldname`='$login_name' AND `fieldname`='$passcode'");
    if(mysql_num_rows($exists) == 0)
     *{
     * * *echo "You do not exist!";
     * }
    ?>
    Skeleton Code Updated (w/ Form, $_POST and checking)
    Code:
    <?php
    $link = mysql_connect('localhost', 'mysql_user', 'mysql_password');
    mysql_select_db('foo', $link);
    session_start();
    if(isset($_POST['submit'])) //pressed the submit button
    {
     *$login_name = htmlspecialchars(mysql_real_escape_string($_POST['login']));
     *$passcode = md5($_POST['passcode']); //Its best to use an alternative encryption method rather than md5 as it can be decrypted
     *$exists = mysql_query("SELECT `key` FROM `tablename` WHERE `fieldname`='$login_name' AND `fieldname`='$passcode'");
     *if(mysql_num_rows($exists) == 0)
     * *{
     * * *echo "You do not exist!";
     * * }
     *else
     * *{
     * * * //They exist
     * * }
    }
    else
    {
     * echo "<form action='' method='post'>
     * * * * *Login Name: <input type='text' name='login' length='5' maxlength='15' />
     * * * * *Passcode: <input type='password' name='passcode' length='5' maxlength='25' />
     * * * * *<input type='submit' name='submit' value='Login!'>
     * * * * *</form>";
    }
    ?>
    Assigning a session
    Code:
    <?php
    $u = mysql_fetch_array(mysql_query("SELECT `key` FROM `tablename` WHERE `fieldname`='$login_name' AND `fieldname`='$passcode'"));
    $_SESSION['user'] = $u['key'];
    ?>
    Skeleton Code - Finished
    Code:
    <?php
    $link = mysql_connect('localhost', 'mysql_user', 'mysql_password');
    mysql_select_db('foo', $link);
    session_start();
    if(isset($_POST['submit'])) //pressed the submit button
    {
     *$login_name = htmlspecialchars(mysql_real_escape_string($_POST['login']));
     *$passcode = md5($_POST['passcode']); //Its best to use an alternative encryption method rather than md5 as it can be decrypted
     *$exists = mysql_query("SELECT `key` FROM `tablename` WHERE `fieldname`='$login_name' AND `fieldname`='$passcode'");
     *if(mysql_num_rows($exists) == 0)
     * *{
     * * *echo "You do not exist!";
     * * }
     *else
     * *{
     * * * $u = mysql_fetch_array(mysql_query("SELECT `key` FROM `tablename` WHERE `fieldname`='$login_name' AND `fieldname`='$passcode'"));
     * * * $_SESSION['user'] = $u['key'];
     * * * echo "You have loggedin!";
     * * }
    }
    else
    {
     * echo "<form action='' method='post'>
     * * * * *Login Name: <input type='text' name='login' length='5' maxlength='15' />
     * * * * *Passcode: <input type='password' name='passcode' length='5' maxlength='25' />
     * * * * *<input type='submit' name='submit' value='Login!'>
     * * * * *</form>";
    }
    ?>
    Now that they have loggedin, you can then do the following with all other pages that require them to be loggedin
    Code:
    <?php
    session_start();
    if(!isset($_SESSION['user']))
    {
     * echo "You need to login";
     * exit;
    }
    ?>
    Thanks for reading, if you have any other questions, Please reply or PM

    -sniko


    If you found this post useful, consider donating: https://www.paypal.me/harrydenley
    Latest free module: Free real time chat for McCodes.
    Humanity sets its own stage for extinction

  • #2
    [font='Tahoma, Arial, Helvetica, sans-serif']Looking good sniko

    Well done mate
    [/font]
    Self taught website developer.

    --
    I will not be around much, If you wish to contact me for any reason please use the MSN/Skype provided on my profile.

    Comment


    • #3
      Nice to see people posting tutorials again. Good work sniko.

      On a side note nice to see the community posting more, may it not be in the mccodes section as before it does meaning that with more posts the forum will become alive again. Also it is nice to see the posts are looking at different areas than just good ole mccodes.
      [tabmenu][tab='About Me'] Hello,
      My name is scott. I have been a member of "Make Web Games"/"PHP=Games"/"Criminal-Existence for over 3 years. In this time i have left for a few periods of time, my longest being January 2009 until i returned February 2010. When i signed up to this site it was originally called Criminal-Existence so if you hear me refer to this site as CE that will be the reason. When i first joined, i knew nothing, zilch, nada about coding.
      [progressbar=93,#00cc00]Xvon[/progressbar][tab='My Mods (5)'] Version 1
      Updated Help Tutorial
      Updated friends and black lists
      Version 2
      Updated mailbox
      Updated friends and black lists
      Updated preferences[/tabmenu]

      Comment


      • #4
        Very nice tutorial sniko.

        I would just suggest adding a complete script and sample table structure for a login system.
        I think it would help people a little bit more to see a complete script, and and you could possibly also add for a next tutorial why input filtering is needed, and the correct uses of it.

        Comment


        • #5
          well this is a basic login script, i dont personally like to check if user is online via Sessions, checking user on this way allows multilogin. in your script i would personally suggest to save session_id() in the database and to check if user is online, just get the userID WHERE session = session_id(),

          for all your mysql_* functions i would suggest to add or die(mysql_error()); at the end.

          MD5 can be decrypted with a Rainbow Table just add a personal salt and add it to the password , but dont forget to add it in the Database on creating user.

          But what is really positive, is that this Tutorial is really short AND it have mysql_real_escape_string function.. most ppl forget it, but you didnt great

          Best regards BlackScorp

          Comment


          • #6
            Very insightful Sniko, well done.
            sigpic
            Official MCCODES developer
            MCCodes | License | Support

            Comment

            Working...
            X