PHP Login Script

MoFish

MoFish

MoFish

Associate
Joined
29 May 2005
Posts
144
Hello. I have made the following registration section to my login, which appears to be working fine, its adding everything to the database as I intended. OK its not very secure and more validation is needed, but its good for the time being.

I'm trying to keep things simple so I can learn better, but from the examples I have come accross on the internet for the next part, checking if the username and password.. errr, well basically im lost, they go into encryption and all sorts, which makes me wanna poke my eyes out.

could anyone perhaps write me up the compairing code) or some pseudocode for the logging in section, to see if indeed we are authenticated or not. This doesn't need to be a highly secure system , its just for me learning. ;)

Thanks a lot - MoFish

Code: 
<?

$errormsg = 'please fill in your registration details below';

if (isset($_POST['submit'])){

 $name = $_POST['name'];
 $password = $_POST['password'];
 $location = $_POST['location'];
 $email = $_POST['email'];
 $query = "insert into `user_details` (`name`, `password`, `location`, `email`) values ('$name', '$password', '$location', '$email')";
 
	if ($name == "" || $password == "" || $location == "" || $email == "") {
	$errormsg = 'please fill in all the fields';
	} else {
					
		if (mysql_query($query)){
			$errormsg = 'thanks for registering ' . $name;
		} else {
			$errormsg = 'error adding to database';
		}
	}
}
	echo "<p style='background-color:FFFFCC; border: 1px dotted;'>$errormsg</p>";

	?>
 
okay, the md5 thing confuzed me before, but I think I have that drilled into my brain now.
okay, i'll give this a go, and post back here tommorow with my code i produce. it will proberly be totally random and incorrect, but i'll give it my best shot.

thanks again for the help - ps Beansprout you a legend.
 
Last edited:
hello, again. i've tryed to incorperate the md5 thing, but am having a few problems. should i be adding the hash'd password to the database? right now i have the following code for my login script, has taken me all week lol. I finally gave up with the md5 thing before adding it to the loginck.php because I was totally lost and didnt know if i was doing this right. Am i on the right lines here?

Thanks again, mofish

you may find reading the code easyer from a paste bin as it is coloured. here are the links:

index1.php (registration page) http://mofish.pastebin.com/583493
login.php http://mofish.pastebin.com/583494
loginck.php http://mofish.pastebin.com/583495

index1.php (this is my registration page)
Code: 
<?php
include 'includes/include.core.php';
?>

<html>
<head>
	<title>work please</title>
</head>

<body>
<?

$errormsg = 'please fill in your registration details below';

if (isset($_POST['submit'])){

 $name = $_POST['name'];
 $password = $_POST['password'];
 $password = md5($password);

 $location = $_POST['location'];
 $email = $_POST['email'];
 $query = "insert into `user_details` (`name`, `password`, `location`, `email`) values ('$name', '$password', '$location', '$email')";
 
	if ($name == "" || $password == "" || $location == "" || $email == "") {
	$errormsg = 'please fill in all the fields';
	} else {
					
		if (mysql_query($query)){
			$errormsg = 'thanks for registering ' . $name;
		} else {
			$errormsg = 'error adding to database';
		}
	}
}
	echo "<p style='background-color:FFFFCC; border: 1px dotted;'>$errormsg</p>";

	?>

   <form action="index1.php" method="post">
   
     <table width="260" style="border: 1px dotted; background-color:#FFFFCC">
	 <tr>
   		 <td width="106">Nick Name</td>
   		 <td width="144"><input type="text" name="name"></td>
 	 </tr>
 	 <tr>
   		 <td width="106">Password</td>
   		 <td width="144"><input type="password" name="password"></td>
 	 </tr>
 	 <tr>
   		 <td width="106">Location</td>
   		 <td width="144"><select name="location" style="width:144px">
   		  					 <option>United Kingdom</option>
   		   					 <option>USA</option>
   						 </select>
   		 </td>
 	 </tr>
	  <tr>
   		 <td width="106">Email</td>
   		 <td width="144"><input type="text" name="email"></td>
 	 </tr>
  	
	 <tr>
   	     <td colspan="2"><input name="submit" type="submit"></td>
 	 </tr> 
    </table>
  </form>
	<?
?>
</body>
</html>

login.php
Code: 
<html>
<head>
<title>login</title>
</head>

<body>

<form action="loginck.php" method="post">
<table border='0' cellspacing='0' cellpadding='0'>
 
  <tr> 
  	<td>Login ID</td> 
	<td><input type ='text' name='name' ></td>
  </tr>

  <tr> 
  	<td>Password</td> 
	<td><input type ='text' name='password' ></td>
  </tr>

  <tr>
  	 <td><input type='submit' value='Submit'> <input type='reset' value='Reset'></td>
  </tr>

  <tr> 
	<td><a href='signup.php'>Sign Up</a></td> 
	<td>Forgot Password</td>
  </tr>

</table>
</form>
</body>
</html>

loginck.php
Code: 
<?php

// loginck.php - performs my login check, or should
include 'includes/include.core.php';
?>

<html>
<head>
<title>ahhhhh this is driving me mad</title>

</head>

<body>

<?
print_r($_POST);

$name = $_POST['name'];
$password = $_POST['password'];

$name=mysql_real_escape_string($name);
$password=mysql_real_escape_string($password);

if($rec=mysql_fetch_array(mysql_query("SELECT * FROM `user_details` WHERE name='$name' AND password ='$password'"))){
	if(($rec['name']==$name)&&($rec['password']==$password)){
	 include "includes/newsession.php";
     echo "<p>Successfully, logged in <a href='logout.php'>Log OUT</a><a href=welcome.php>Members only section</a>";
	} 
}else{
	session_unset();
	echo "Incorrect Login Details Entered<input type='button' value='Retry' onClick='history.go(-1)'>";
}
?>

</body>
</html>
 
ah, was that easy huh ... was pretty damm close, just didn't know if what I was doing was on the right lines.

Thanks again beansprout. ;)
 
Last edited:
I'll stay in the same topic, althought its not about a login script, more layouts. I have the following layout, and am wondering the best way to go around inserting pages into the main section of my table. How exactly do I go about dynamically linking these pages in PHP, without using a massive if statement for each page? Really am unsure on how to go about linking them but am guessing I need to use POST or GET somehow .... not sure how though.

Any help would be appriciated :) *hi beansprout* :)

Thanks Again MoFish

INDEX.PHP( SORRY IM A MESSY CODER I THINKS ;))
Code: 
</head>
<body>
<center>

<table class="MainTable" cellspacing="0px">
 <tr class="banner">
  <td height="100" colspan="2" class="TableSection">&nbsp;</td>
 </tr>
 
 <tr class="topbar" cellspacing="0px">
  <td colspan="2" align="right">
	<table width="100%" class="TableSection">
	 <tr>
	  	<td align="left"><?php include("topbar.php");?></td>
	  	<td align="right"><?php echo date('dS F Y');?></td>	 
	 </tr>
	</table>	
  </td>
 </tr>
 
 <tr>
  <td class="NavigationSection" cellspacing="0px">
	<table cellspacing="0px" width="120px" style="margin:5px;">
	  <?php include("navigation.php");?>
	</table>
  </td>
  
  <td class="MainBody" cellspacing="0px">
      <?php include("main.php"); ?>
  </td>
  
  <tr class="bottombar" cellspacing="0px">
  <td colspan="3" align="right">
	<table width="100%" class="Footer">
	 <tr>
	  	<td align="right">Copyright PGL</td>	 
	 </tr>
	</table>	
  </td>
 </tr>
  
</table>
</center>
</body>
</html>

NAVIGATION.PHP (TOTAL STAB IN THE DARK - But How Do I Call These :confused: )
Code: 
  <ul>
    <li><a href="index.php?url=register.php">Register Account</a></li>
    <li><a href="index.php?url=login.php">Login</a></li>
  </ul>
 
Last edited:
i mean like linking pages, i dont want to link them just like html.

ive seen something like this used in the past 'index.php?url=register.php' but when i click this it isnt calling into my main section of the table where i want it to, actually when i click it, its doing nothing at all. how do i go around making these links so they are included?
 
got that working fine thanks guys.

got another question, but its anoying me. I currently have an index.php using includes to call other pages into the main section of my table. Now I have a core file which contains session start and am using that on a registration.php and a login.php and it doesnt like it. Should i be calling this core once on the index page, and removing it from the login and registration page? or should the session be started when i successfully login, and be removed from the registration and index.php

Ahh hope that makes sence to someone. hehe

thanks mofish
 
I recently tryed to add my login and registration scripts previously made into my design. I added my core on my index page, however my registration and login system have went to pot. They worked perfectly stand alone without being called through an include, but i cant seem to establish what im doing wrong.

MY SITE LINK HERE

This is my first attempt at a website using php, css, and html together so please be nice and say woohoo nice job mofish and stuff, coz then i'll be like all happy and stuff ;)

currently im including the core in my index.php on the 1st line before all html and have removed all includes from the login.php and registration.php as I have already used it in index, which i thought would have established the connection already.

can anyone help me identify where i have went wrong?

Thanks Again MoFish! :p

include.core.php
Code: 
<?php
session_start();
$document_root = dirname(__FILE__);
$document_root = dirname($document_root);
$includes_dir = $document_root.'/includes/';
require $includes_dir.'include.config.php';
require $includes_dir.'include.mysql.php';
?>
include.mysql
Code: 
<?php
if (!$dbc = mysql_connect($conf_mysql_hostnm, $conf_mysql_usernm, $conf_mysql_passwd)) {
	$error = 'MySQL Error, '.mysql_error();
	die($error);
}

if (!mysql_select_db($conf_mysql_dbname)) {
	$error = 'MySQL Error, '.mysql_error();
	die($error);
}
?>

config.php
simply includes my database connection details.
 
OK thanks i'll change that for the sha1, as its reccomended.

Back to the the initial problem.. Am I calling my core (session start) at the right time? this should be the 1st line of my index.php and not the registration.php correct?

My login and registation script dont seem to work now that its been put into the design, it doesnt even add the information to the database anymore :eek:

thanks again fella's - Mofish
 
Last edited:
>AHH, FALSE ALARM,PROBLEM FIXED!<

ahh, im still having problems getting this registration thing incorperated into my layout. Its not adding anymore and its displaying my echo's and stuff on a new page instead of staying in my main table section! arg!

Should I be using echo's to display the form? would that keep it in my main table section? could it be anything to do with using POST or GET, will that effect things?

This script was ... before i included it! DOH!

can't see what im doing wrong :p
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom