sachavdk 0 Report post Posted July 22, 2005 Many people want to make logins to their site. The easiest way to do this is using PHP. I will describe here all steps creating one. You can copy and paste the code and save it as the name of the file given above the code. Save everything in the same directory. NOTE: However the code can be copied its still no basic php anymore. If you have questions you can ask them but a little knowledge of php is useful. First of all we need to make a login form. This can be an htmlpage. We are going to ask the user for his username and his password. File is named: "login.html" <html><head><title>My website</title></head><body><form action="login.php" method="post"><!-- action will be the url where the form is posted to, it can be a page (http://yourdomain/login.php) or a page with variables(http://yourdomain/?page=login) for examle.The method is the way the form is submitted. Using GET the form will be submitted using the addressbar and all values will be visible. Since we're sending apassword this is defenetly not what we want. That's why we're going to use POST. Post sends the form in an "invisible" way. This means the input can not beviewed by the user. This way of sending can still be hacked but in your case it is probably not important enough to do so. --><h1>Login</h1>Username: <input type="textbox" name="username"><br>Password: <input type="password" name="password"><br><input type="submit" value="Login!" name="submit"><br>No an account yet? <a href="register.html">Register</a></form></body></html> That was pretty easy. Now I'm expecting you have your database set up (I use MySQL with these scripts). If not do this now.You will need a table named "tblusers" with fields: * ID, Integer, Null, auto_increment, primary key * Username, Text * Password, Text In the example I will use the following script included in every script so I will have to declare only once my database login settings. Change the settings below to yours. Page is named: "DatabaseConfig.php" <?php // every var gets a prefix "db_" do declare its about the database connection later$db_username="username"; //database username$db_password="password"; //database password$db_host="localhost"; //host of your database$db_database="dbmylogin"; //database name$db_table="tblusers"; // tablename$db_conn = mysql_connect($db_host,$db_username,$db_password) or die (mysql_error());$db_conn = @mysql_select_db($db_database,$db_conn) or die (mysql_error()); // using the "@" gives a secure connection?> Thats it for the database. You see this makes things a lot easier. People want to register on your site before they can login. Here's the registration form: Page is named: "register.html" <html><head><title>My website - Registration</title></head><body><form action="registration.php" method="post"><h1>Registration</h1>Desired username: <input type="textbox" name="username"><br>Desired password: <input type="password" name="password"><br><input type="submit" value="Register!" name="submit"><input type="button" value="Login" onClick="javascript:window.location='login.html'"></form></body></html> That's the registration form.Now we have the registration script wich is going to validate username if it exists and if not, register it. Page is named: "registration.php" <?phpsession_start();if (!isset($_POST["submit"])) // checks wheter the page is called using the registration form{// it is not called using the registration formheader("Location:register.html"); // the script sends the user to the registration page} else {// it is called using the registration formif ($_POST["username"] == NULL || $_POST["password"] == NULL) // check wheter both username and password are filled{ // one of the two is not filled echo "<font color=\"red\">Not all fields were filled. Please go <a href=\"javascript:history.back(1)\">back</a> and fill them</font>";} else { // they are both filled, check wheter the username exists in the database // remember we made "DatabaseConfig.php"? Here it will be included so connection is made with the database. include("DatabaseConfig.php"); // now its simple, otherwise we had to make connection everytime with much more code. $usernameexists = mysql_query("SELECT ID FROM tblusers WHERE username='".$_POST["username"]."'") or die (mysql_error()); if (mysql_num_rows($usernameexists) != 0) { // user exists echo "<font color=\"red\">User exists. Please go <a href=\"javascript:history.back(1)\">back</a> and chose another username.</font>"; } else { // user doesn't exists $add_user = mysql_query("INSERT INTO tblusers (username,password) VALUES ('".$_POST["username"]."','".$_POST["password"]."')"); if ($add_user) { // user is succesfully added echo "<font color=\"red\">You are succesfully registered. You can now <ahref=\"login.html\">login</a></font>"; } else { // error occurd echo "<font color=\"red\">An error occurd. Please go <a href=\"javascript:history.back(1)\">back</a> and try again.</font>"; } } // don't forget to close the database connection when you don't need it anymore mysql_close();}}?> End of registrationscript Loginscript Page is named: "login.php" <?phpsession_start();if (!isset($_POST["submit"])) // checks wheter the page is called using the login form{ // it is not called using the registration form header("Location:login.html"); // the script sends the user to the registration page} else { // login form is used, continue with login if ($_POST["username"] == NULL || $_POST["password"] == NULL) // check wheter both username and password are filled { // one of the two is not filled echo "<font color=\"red\">Not all fields were filled. Please go <a href=\"login.html\">back</a> and fill them</font>"; } else { // they are both filled, check wheter the username and password exists in the database, password must be for the same user // remember we made "DatabaseConfig.php"? Here it will be included so connection is made with the database. include("DatabaseConfig.php"); // now its simple, otherwise we had to make connection everytime with much more code. $usernameexists = mysql_query("SELECT ID FROM tblusers WHERE username='".$_POST["username"]."' && password='".$_POST["password"]."'") or die (mysql_error()); if (mysql_num_rows($usernameexists) != 0) { // user exists $_SESSION["mywebsite_userid"] = mysql_result($usernameexists,'',"ID"); ?> <font color="red">You are successfully logged in.</font><br> Go to the secret page: <a href="secret.php">Secret page</a> <?php } else { // user doesn't exists echo "<font color=\"red\">Wrong combination username/password. <a href=\"login.html\">Try login again</a> or <a href=\"register.html\">register</a></font>"; } // don't forget to close the database connection when you don't need it anymore mysql_close();}}?>that's the loginscript Now the last script we need is the one who takes care on the secured pages to see if you are logged in. And this is the script to check if you're logged in: It's named "checklogged.php" <?phpsession_start();if (!isset($_SESSION["mywebsite_userid"])){ // visitor is not logged in echo "You need to be logged in to see this page. <a href=\"login.html\">Login</a> or <a href=\"register.html\">register an account</a></font>"; die();}echo "<a href=\"logout.php\">Logout</a><br>";?> You use following piece of code in every page you want to secure a page. Just set it in the very top of your script. EVERY PAGE YOU WANT TO SECURE MUST BE A PHP SCRIPT!!! <?phpinclude("checklogged.php");?> And ofcourse we need a logout script:Page is named: "logout.php" <?phpsession_destroy();echo "You are logged out. <a href=\"login.html\">Login</a>."echo $_SESSION["mywebsite_userid"];?> Now that's all. Since I don't know what problems you might have just put them here. PS: for people who don't know php, you can't test it on you pc unless you have a server running on it. But you can test it on Xisto. But nevertheless you will have to create you database. You can do that accessing your control panel and go to "MySQL Databases" and create one there. I'm not used to it on Xisto but I think there are people who will help you with that using this topic. The structure and the name of the table you find some higher on this page. Of course then you have to edit the DatabaseConfig.php script with your settings. PPS: important is that posting this in this topic the structure of the code when you past it isn't correct anymore. If you want to use the script simply download the attachment. It's my working script. Share this post Link to post Share on other sites
Saint_Michael 3 Report post Posted July 22, 2005 good but can i add something i did some modifying for the ipb forum login scripts its just a simple way to have people login on o the forums with out need to login through them <script language='JavaScript' type="text/javascript"> <!-- function ValidateForm() { var Check = 0; if (document.LOGIN.UserName.value == '') { Check = 1; } if (document.LOGIN.PassWord.value == '') { Check = 1; } if (Check == 1) { alert("Please enter your name and password before continuing"); return false; } else { document.LOGIN.submit.disabled = true; return true; } } //--> </script> <form action="http://forums.xisto.com/index.php?act=Login&CODE=01; method="post" name="LOGIN" onsubmit="return ValidateForm()"> <input type="hidden" name="referer" value="http://forums.xisto.com/index.php?amp;act=Login&CODE=01; /> <div class="borderwrap"> <div class="row1"> <div class="maintitle"><img src='style_images/vizion/nav_m.gif' border='0' alt='>' width='8' height='8' /> Log In to Xisto.com</div> <table cellspacing="1"> <tr> <td width="60%" valign="top"> <table cellspacing="1"> <tr><td width="50%"><b>Enter your user name</b></td> <td width="50%"><input type="text" size="10" maxlength="64" name="UserName" class="forminput" /></td> </tr> <tr> <td width="50%"><b>Enter your password</b></td> <td width="50%"><input type="password" size="10" name="PassWord" class="forminput" /></td> </tr> </table> <table cellspacing="1"> <tr> <td width="10%"><input type="checkbox" name="CookieDate" value="1" checked="checked" /></td> <td width="90%"><b>Remember me?</b><br /><span class="desc">This is not recommended for shared computers</span></td> </tr> <tr> <td width="10%"><input type="checkbox" name="Privacy" value="1" /></td> <td width="90%"><b>Log in as invisible</b><br /><span class="desc">Don't add me to the active users list</span></td> </tr> </table> </td> </tr> <tr> <td class="formbuttonrow" colspan="2"><input class="button" type="submit" name="submit" value="Log me in" /></td> </tr> </table> </div> </div> </form> the olny thing you have to do is change the url info colored in red, i havn't test it to see if the cookies work but you can successfully login. Share this post Link to post Share on other sites
thebluekirby 0 Report post Posted July 22, 2005 YES!!! This is like....the exact script I was looking for!!! Thank you SOO much for posting this!!! Share this post Link to post Share on other sites
sachavdk 0 Report post Posted July 22, 2005 good but can i add something i did some modifying for the ipb forum login scripts its just a simple way to have people login on o the forums with out need to login through them the olny thing you have to do is change the url info colored in red, i havn't test it to see if the cookies work but you can successfully login. 164349[/snapback] I did test it neither but it looks great. Though I won't use it because I wrote my own forum and I do not use ipb nor phpBB .Nevertheless people who use ipb will appreciate it I think. Share this post Link to post Share on other sites
Artanis 0 Report post Posted July 23, 2005 Hmm thanks i been looking for login for php and html on google but they jsut give ma useless code that doesnt work. Share this post Link to post Share on other sites
electriic ink 1 Report post Posted July 23, 2005 Thanks so much for this sachavdk. This is exactly the kind of script I've been hunting the web for Share this post Link to post Share on other sites
Saint_Michael 3 Report post Posted July 23, 2005 actually it should be universal, all your doing is changing the url info, so it shouold work for all forums. Share this post Link to post Share on other sites
skynet 0 Report post Posted August 2, 2005 Wow thanks, this is just what I need Been looking for this for a while never tought I will found here. Share this post Link to post Share on other sites
rvovk 0 Report post Posted August 2, 2005 Looking very nice, I need to find email script also. Thanx for nice tutorial. Share this post Link to post Share on other sites
RGPHNX 0 Report post Posted August 7, 2005 HI all,Nice tutorial sachavdk ! QUESTION:Can these scripts be modified to accomplish the following:> the user must provide a "valid" e-mail address to register> the e-mail address is automatically checked & error messages are generated if the e-mail address is not "legit" and regidstration is denied.> the e-mail address is added to the database.Thanks to anybody for ideas.RGPHNX Share this post Link to post Share on other sites
sachavdk 0 Report post Posted August 7, 2005 Well emailchecking is a pretty easy code. This is what I added: if(!preg_match("/([\w\.\-]+)(\@[\w\.\-]+)(\.[a-z]{2,4})+/i", $_POST["email"])) { echo "<font color=\"red\">Emailaddress is not valid. Please go <a href=\"javascript:history.back(1)\">back</a> and correct the emailadres.</font>";} And here's the full script: <?phpsession_start();if (!isset($_POST["submit"])) // checks wheter the page is called using the registration form{// it is not called using the registration formheader("Location:register.html"); // the script sends the user to the registration page} else {// it is called using the registration formif ($_POST["username"] == NULL || $_POST["password"] == NULL) // check wheter both username and password are filled{ // one of the two is not filled echo "<font color=\"red\">Not all fields were filled. Please go <a href=\"javascript:history.back(1)\">back</a> and fill them</font>";} else { // they are both filled, check wheter the username exists in the database // remember we made "DatabaseConfig.php"? Here it will be included so connection is made with the database. include("DatabaseConfig.php"); // now its simple, otherwise we had to make connection everytime with much more code. $usernameexists = mysql_query("SELECT ID FROM tblusers WHERE username='".$_POST["username"]."'") or die (mysql_error()); if (mysql_num_rows($usernameexists) != 0) { // user exists echo "<font color=\"red\">User exists. Please go <a href=\"javascript:history.back(1)\">back</a> and chose another username.</font>"; } else { if(!preg_match("/([\w\.\-]+)(\@[\w\.\-]+)(\.[a-z]{2,4})+/i", $_POST["email"])) { echo "<font color=\"red\">Emailaddress is not valid. Please go <a href=\"javascript:history.back(1)\">back</a> and correct the emailadres.</font>"; } else { // user doesn't exists $add_user = mysql_query("INSERT INTO tblusers (username,password) VALUES ('".$_POST["username"]."','".$_POST["password"]."')"); if ($add_user) { // user is succesfully added echo "<font color=\"red\">You are succesfully registered. You can now <a href=\"login.html\">login</a></font>"; } else { // error occurd echo "<font color=\"red\">An error occurd. Please go <a href=\"javascript:history.back(1)\">back</a> and try again.</font>"; } } } // don't forget to close the database connection when you don't need it anymore mysql_close();}}?>here's the new registrationpage ("register.html") if you want to add an emailfield: <html><head><title>My website - Registration</title></head><body><form action="registration.php" method="post"><h1>Registration</h1>Desired username: <input type="text" name="username"><br>Desired password: <input type="password" name="password"><br>Valid emailaddress: <input type="text" name="email"><br><input type="submit" value="Register!" name="submit"><input type="button" value="Login" onClick="javascript:window.location='login.html'"></form></body></html>if you have already modified your copy of the registerpage, just add Valid emailaddress: <input type="text" name="email"><br>where you want the emailbox in the "registration.html"-page. I have also an error in "registration.html" If you use firefox or any mozilla or opera etc you won't notice. But the problem occurs with ie and netscape Desired username: <input type="textbox" name="username"><br>should be Desired username: <input type="text" name="username"><br> so type="textbox" should be type="text" Now for the emailscript you can just set up an html form and send it to you mailscript just like the login or the registration. To send the mail use the function mail($toaddress, $subject, $message, $headers); ofcourse the variables must be filled. Now I expect you to know php. If not post a reply and I'll write a script. Nevertheless SMTP must be enabled to send mails. Full explanation at:http://be.php.net/manual/en/ref.mail.php Share this post Link to post Share on other sites
sachavdk 0 Report post Posted August 8, 2005 Wel if you asked or not I wrote the script the htmlform: "email.html" <html><head><title>My website - Contact</title></head><body><form action="email.php" method="post"><h1>Contact</h1>Your name: <input type="text" name="name"><br>Your emailaddress: <input type="text" name="email"><br>Your message: <textarea name="message"></textarea><br><input type="submit" value="Submit!" name="submit"></form></body></html> this is the script "email.php"<?if (!isset($_POST["submit"])){ header("Location:email.html");} else { if ($_POST["name"] == NULL || $_POST["email"] == NULL || $_POST["message"] == NULL) // check wheter both username and password are filled { echo "<font color=\"red\">Not all fields were filled. Please go <a href=\"javascript:history.back(1)\">back</a> and fill them</font>"; } else { if(!preg_match("/([\w\.\-]+)(\@[\w\.\-]+)(\.[a-z]{2,4})+/i", $_POST["email"])) { echo "<font color=\"red\">Emailaddress is not valid. Please go <a href=\"javascript:history.back(1)\">back</a> and correct the emailadres.</font>"; } else { $toaddress = "me@hotmail.com"; // here you fill your emailaddress or the address where the email will be sent to $subject = "Contact My Website"; // the subject of the email $message = $_POST['message'] & "<br><br>Van " & $_POST['name'] & " (" & $_POST["email"] & ")"; mail($toaddress, $subsubject, $message); } }}?> ofcourse you still have to deal with the smtp but on Xisto it works, I tested it. Share this post Link to post Share on other sites
RGPHNX 0 Report post Posted August 13, 2005 Hi again sachavdk,Many THANKS for the helpful knowledge. You Da MAN ! I'm sure I'll have further questions..so I'll post back if I hit any snags.This should help many Xisto members. Thanks again on behalf of everyone.RGPHNX Share this post Link to post Share on other sites
Aevum Decessus 0 Report post Posted August 14, 2005 ok, cools. just a few questions. I changed the register page to the following <html><head><title>Register your account</title></head><body><center><img src="file:///F|/Sites/files/Images/AD Banner.gif"</center><body bgcolor="#000000" link="light blue" alink="light blue" vlink="light blue"><form name="registration" action="file:///C|/Documents%20and%20Settings/Administrator.MASTER/Desktop/Loginscript/registration.php" method="post"><h1>Create your account</h1>Valid E-mail address: <input type="text" size ="30" name="email">Verify E-mail address: <input type="text" size="30" name="e-mail2"Desired username: <input type="text" name="username"><br>Desired password: <input type="password" name="password">Confirm password: <input type="password" name="password2"><br>Master: XXXX<select name='AAAA' style='border: 1px solid #FFFFFF; background-color: #000000; color: white'><option value="life">Aevum</option><option value="death">Decessus</option><input type="submit" value="Register!" name="submit"><input type="button" value="Login" onClick="javascript:window.location='login.html'"></form></body></html>as you can see, there are 4 extra fields.Valid EmailConfirm EmailConfirm passwordMaster (I'm 90% sure it will create a pull down menu with 2 choices) *What would this value be stored as?*also, with the confirm e-mail and confirm password, I'm not sure what the code would be to check and see if the match, and if not, to prompt the user to redo them to correct it. If you could help me, it would be greatly appreciated. Share this post Link to post Share on other sites
el_exorcista 0 Report post Posted August 14, 2005 I have seen all the post in here and i havent seen no body talk about security with their login this login is quite insecure and it is really vulnerable. I would recomend using the Md5() function on PHP to secure the password or use another encryption method. $passd=md5($_POST['pass_w']); on the login username search for ' . There is an injection that is ' OR 1=1 and this will give them a full list of all your members. I would encorage you to look on SQL injections and how to protect yourself from them. My knowleged of PHP is not that big but i would do that search making the username an array and comparing each letter with the ' . For does that want to test there script on there own pc i would recomend Easyphp or Appserv they are both good , free and easy to install hope this would help. any question i am here just ask Share this post Link to post Share on other sites