[Lovelock]

Hello,

Im looking to start a new project involving users being able to login.

I have searched for ages to find a decent tutorial but theres loads out there and none of them seem too good!

They either have issues with the scripts or the sql querys etc.

Anyone help me out?

[Samus]

Here's one: http://net.tutsplus....ch-day-6-login/

It's written in codeigniter though. So you may have to read up on that abit, but the video tutorial is very explantory and guides you through the basic logic of a login system.

[itodd]

I used this one as the basis for when I wrote my own login script, pretty easily to follow it and make any changes if you know any php

http://www.evolt.org...mber_me_feature

[kensha]

The only thing you need to have are these codes.


<?php session_start(); ?>
<html>
<head>
<title>Login check</title>

</head>

<body>
<?php
include("msql.php");

$user=$_POST["user"];
$password=$_POST["password"];
$query=mysql_query("SELECT * FROM member WHERE Username = '$user' AND Password = '$password'");
$resultaat=mysql_fetch_array($query);
if($resultaat > 0 )
{
session_start();
$_SESSION['user']=$user;
header('location: index2.php');
}
else
{
echo "Move to the previous page" . '<a href="index.php">: Index</a>';

}
?>
</body>

</html>

Included file;
<?php
$localhost="localhost";
$user="Richard";
$password="Richard";

$verbinding=mysql_connect($localhost, $user, $password);
if(!$verbinding)
{
die("Kon geen verbinding maken");
}

mysql_select_db("richard", $verbinding);
?>


This is all you need to know.
Beside that you must start with a session() at every page and it must be placed a top.
The user id just get moved around because of the $_SESSION['user'] variable.
Warning, you can't make this as a normal variable because that's only active for 1 page.


This is mine code when the user registered on the database.

<?php
include("msql.php");

mysql_select_db("richard",$verbinding);

$sql=mysql_query("INSERT INTO member (Username, Password)
VALUES('$_POST[user]','$_POST[password]')");
?>

Warning; Those 3 script are not secured.

For security lesson you need to have a more look on the string manipulation once the parser has succeed.

This post has been edited by kensha: 05 January 2012 - 09:35 AM

[Lovelock]

I seem to keep getting this everytime...

Access denied for user 'root'@'localhost' (using password: NO)

[webdesigner93]

Lovelock, on 05 January 2012 - 03:28 PM, said:

I seem to keep getting this everytime...

Access denied for user 'root'@'localhost' (using password: NO)

means your database info is incorrect

[kensha]

look up in your PHPMyAdmin.

Got to MySQL and then to user there you see the details you need.

Warning;
Online MySQL servers usual use the password that you use for log in on the phpmyadmin server.

This post has been edited by kensha: 05 January 2012 - 07:35 PM

[rallport]

@kensha - are you really expecting someone to use that code?

[webdesigner93]

rallport, on 05 January 2012 - 09:09 PM, said:

@kensha - are you really expecting someone to use that code?

was waiting for someone to mention that

[Samus]

rallport, on 05 January 2012 - 09:09 PM, said:

@kensha - are you really expecting someone to use that code?

He stated all/most form of security was left out + the OP seems to just want to learn how a basic one is setup.

[kensha]

@Samus
People are to lazy to ready now a days.

What usual happens people create scripts with a ton of security stuff in it that they don't explain further up.

The best practice is to learn how everything works.
Create a small blogging on your wamp server and once you know how everything goes around then you take care of the security.

For example, Yesterday I have created a very small forum without the security and everything seems to work correctly.
Now I have that under the knee[not the arrow in the knee] next week I'm going to secure it.

[webdesigner93]

kensha, on 06 January 2012 - 09:44 AM, said:

@Samus
People are to lazy to ready now a days.

What usual happens people create scripts with a ton of security stuff in it that they don't explain further up.

The best practice is to learn how everything works.
Create a small blogging on your wamp server and once you know how everything goes around then you take care of the security.

For example, Yesterday I have created a very small forum without the security and everything seems to work correctly.
Now I have that under the knee[not the arrow in the knee] next week I'm going to secure it.

mmm it dont take much time to use mysql_real_escape_string, encrypt ur passwords and create a small function like clean_data that uses strip_tags, htmlentities etc.. people are here to learn the right way from the get go rather it takes a little more code or not.

[gadgetgirl]

PHP and MySQL for Dynamic Web Sites by Larry Ullman has a chapter on user registration which is good. It is supported by an online forum. To use PHP and MySql requires a bit of set up initially - and its worth investing the time to ensure your setup is correct.

[pat24]

rallport, on 05 January 2012 - 09:09 PM, said:

@kensha - are you really expecting someone to use that code?

because this is the way Rallport does it.......... oh wait Rallport never gave a correct way of doing it

[dcoder]

i think this also good
to know the basic

[GalaxyTramp]

kensha, on 06 January 2012 - 09:44 AM, said:

@Samus
People are to lazy to ready now a days.

What usual happens people create scripts with a ton of security stuff in it that they don't explain further up.

The best practice is to learn how everything works.
Create a small blogging on your wamp server and once you know how everything goes around then you take care of the security.

For example, Yesterday I have created a very small forum without the security and everything seems to work correctly.
Now I have that under the knee[not the arrow in the knee] next week I'm going to secure it.

I have to agree. The best way to learn is to get stuck in and have a go, then when it fails or doesn't work in the first place you dont have line after line of somebody elses uncommented code to trawl through in order to find the problem.

Get the basics working then add security, validation etc. It might seem the hard way to do it when you could cut and paste code you have found on the web, but it will be worth the extra effort.

Colin