Jump to content
MakeWebGames

Basic Login System

sniko

By sniko
in Tutorials

 Share

Recommended Posts

sniko Apprentice

sniko

Posted
Posted

Overview

A login system is a way to filter unwanted activity in area's you dont want that activity to be, for such, a comment system. When making a login system, it is vital that you make it secure from any type attacks or bypassing, otherwise, there really is no point having one.

What do you need to learn

Sessions

Mysql Functions

mres

unset

Switch (Possibly)

connect to the database

What you need


  • [li]Knowledge of using a database (to hold users information)[/li]
    [li]Database management system, For example phpmyadmin[/li]

 

Psuedo code In plain English, what do you need to do?

connect to the database

start sessions

show a form, where the user types in their credentails

secure input data from the user

check user inputs against database

show any errors at all

start login session

show success text

Ways of going about creating a login system

There are many ways of creating the login system. Using the switch function or the predefined variable $_GET/isset you can create the whole login and register system in one file. You can also add jQuery/Ajax effects to make it more user friends and customise it with css.

Skeleton Code

<?php
$link = mysql_connect('localhost', 'mysql_user', 'mysql_password');
mysql_select_db('foo', $link);
session_start();
if(isset($_POST['submit'])) //pressed the submit button
{
  //do more
}
else
{
 //show form
}
?>

 

Creating the form

I assume you know the pre-defined variable $_POST and how to use it.

<form action='' method='post'>
         Login Name: <input type='text' name='login' length='5' maxlength='15' />
         Passcode: <input type='password' name='passcode' length='5' maxlength='25' />
         <input type='submit' name='submit' value='Login!'>
</form>

 

Skeleton Code [update w/ Form]

<?php
$link = mysql_connect('localhost', 'mysql_user', 'mysql_password');
mysql_select_db('foo', $link);
session_start();
if(isset($_POST['submit'])) //pressed the submit button
{
  //do more
}
else
{
  echo "<form action='' method='post'>
         Login Name: <input type='text' name='login' length='5' maxlength='15' />
         Passcode: <input type='password' name='passcode' length='5' maxlength='25' />
         <input type='submit' name='submit' value='Login!'>
         </form>";
}
?>

 

Assigning the inputs to variables and securing them

<?php
$login_name = htmlspecialchars(mysql_real_escape_string($_POST['login']));
$passcode = md5($_POST['passcode']); //Its best to use an alternative encryption method rather than md5 as it can be decrypted
?>

 

Checking to see if their inputted data exists on the database (assuming you have already created one)

<?php
$exists = mysql_query("SELECT `key` FROM `tablename` WHERE `fieldname`='$login_name' AND `fieldname`='$passcode'");
if(mysql_num_rows($exists) == 0)
 {
     echo "You do not exist!";
  }
?>

 

Skeleton Code Updated (w/ Form, $_POST and checking)

<?php
$link = mysql_connect('localhost', 'mysql_user', 'mysql_password');
mysql_select_db('foo', $link);
session_start();
if(isset($_POST['submit'])) //pressed the submit button
{
 $login_name = htmlspecialchars(mysql_real_escape_string($_POST['login']));
 $passcode = md5($_POST['passcode']); //Its best to use an alternative encryption method rather than md5 as it can be decrypted
 $exists = mysql_query("SELECT `key` FROM `tablename` WHERE `fieldname`='$login_name' AND `fieldname`='$passcode'");
 if(mysql_num_rows($exists) == 0)
   {
     echo "You do not exist!";
    }
 else
   {
      //They exist
    }
}
else
{
  echo "<form action='' method='post'>
         Login Name: <input type='text' name='login' length='5' maxlength='15' />
         Passcode: <input type='password' name='passcode' length='5' maxlength='25' />
         <input type='submit' name='submit' value='Login!'>
         </form>";
}
?>

 

Assigning a session

<?php
$u = mysql_fetch_array(mysql_query("SELECT `key` FROM `tablename` WHERE `fieldname`='$login_name' AND `fieldname`='$passcode'"));
$_SESSION['user'] = $u['key'];
?>

 

Skeleton Code - Finished

<?php
$link = mysql_connect('localhost', 'mysql_user', 'mysql_password');
mysql_select_db('foo', $link);
session_start();
if(isset($_POST['submit'])) //pressed the submit button
{
 $login_name = htmlspecialchars(mysql_real_escape_string($_POST['login']));
 $passcode = md5($_POST['passcode']); //Its best to use an alternative encryption method rather than md5 as it can be decrypted
 $exists = mysql_query("SELECT `key` FROM `tablename` WHERE `fieldname`='$login_name' AND `fieldname`='$passcode'");
 if(mysql_num_rows($exists) == 0)
   {
     echo "You do not exist!";
    }
 else
   {
      $u = mysql_fetch_array(mysql_query("SELECT `key` FROM `tablename` WHERE `fieldname`='$login_name' AND `fieldname`='$passcode'"));
      $_SESSION['user'] = $u['key'];
      echo "You have loggedin!";
    }
}
else
{
  echo "<form action='' method='post'>
         Login Name: <input type='text' name='login' length='5' maxlength='15' />
         Passcode: <input type='password' name='passcode' length='5' maxlength='25' />
         <input type='submit' name='submit' value='Login!'>
         </form>";
}
?>

 

Now that they have loggedin, you can then do the following with all other pages that require them to be loggedin

<?php
session_start();
if(!isset($_SESSION['user']))
{
  echo "You need to login";
  exit;
}
?>

 

Thanks for reading, if you have any other questions, Please reply or PM

-sniko

Link to comment
Share on other sites
03laceys Newbie

03laceys

Posted
Posted

Nice to see people posting tutorials again. Good work sniko.

On a side note nice to see the community posting more, may it not be in the mccodes section as before it does meaning that with more posts the forum will become alive again. Also it is nice to see the posts are looking at different areas than just good ole mccodes.

Link to comment
Share on other sites
Spudinski Newbie

Spudinski

Posted
Posted

Very nice tutorial sniko.

I would just suggest adding a complete script and sample table structure for a login system.

I think it would help people a little bit more to see a complete script, and and you could possibly also add for a next tutorial why input filtering is needed, and the correct uses of it.

Link to comment
Share on other sites
  • 2 months later...
BlackScorp Newbie

BlackScorp

Posted
Posted

well this is a basic login script, i dont personally like to check if user is online via Sessions, checking user on this way allows multilogin. in your script i would personally suggest to save session_id() in the database and to check if user is online, just get the userID WHERE session = session_id(),

for all your mysql_* functions i would suggest to add or die(mysql_error()); at the end.

MD5 can be decrypted with a Rainbow Table just add a personal salt and add it to the password , but dont forget to add it in the Database on creating user.

But what is really positive, is that this Tutorial is really short AND it have mysql_real_escape_string function.. most ppl forget it, but you didnt;) great

Best regards BlackScorp

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...