Pre-built login system for my webpage

Soldato
Joined
1 Dec 2004
Posts
23,261
Location
S.Wales
Hi,

Im after an easy to implement login system for my webpage, I know there are pre-built ones out there that you can use as i dont want to (if possible) make one from scratch.

Can anybody reccomend anything for me?

what im trying to do is create a portal on my webpage which allows me to log in and access my own area of the site.

Is there anything out there which is like this being secure?
 
Its for my own personal site, im creating myself a site which will be used as a profile on me and my work, the login system will be a portal for me to use to log in to my own personal pages to access certain objects and features which I plan on building.
 
DJMK4 - if it's a display of your work, then I would have thought you would create the login system yourself to demonstrate your skills.

Well, my primary work is not web-design ;) but I would like to learn more about web-design so I see your point.

OK, aslong as I can find some decent tutorials on the web (thanks for the one above) I will do it, I did a very basic login system a while back which worked but I dont think it was 100% secure.

Thanks for the info tho :)
 
Going back to this thread, I think im going to follow this tutorial, I just want peoples approval

http://www.tutorialtastic.co.uk/tutorial/creating_a_secure_php_login_page

I got a good idea of how it works, iv messed around myself and from help on these forums iv managed to get a basic login script working. But I want to use extra security, cookies would be good (yum yum) and salting out passwords.

What do you guys think of the above link?
 
Im going to carry on with this tutorial I think, you can spend hours looking for tutorials on the web, i think this one is a good base start but it needs to be tweaked to make it secure.

AHarvey - If its ok with you, seeing as we are following the same tutorial, do you wish to swap idea's etc? if you want let me know. I can add you on msn if you want.

Iv got it working, thanks for the tip on how to salt out the password, going to give it a try now. :)

As I go along ill try and implement more features into it.
 
OK

Could somebody give my code the once over and state where I could improve :)

Im in the process of changing so it uses sha1 hashed, I want to make it secure without going over the top, its for a personal website.



Code:
<?php
$host='****'; // Host name
$username='*****'; // Mysql username
$password='*****'; // Mysql password
$db_name='******'; // Database name
$tbl_name='*******'; // Table name

// Connect to server and select databse.
mysql_connect($host, $username, $password)or die('cannot connect');
mysql_select_db($db_name)or die('cannot select DB');

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$encrypted_password=md5($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);



// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($encrypted_password);





// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "****.php"
session_register('myusername');
session_register('mypassword');
header('location:****.php');
}
else {
echo "Wrong Username or Password";
}
?>


I am planning on the following

Changing from MD5 to sha1, is there any other flaws that you can spot but I cannot?
 
Back
Top Bottom