Php Simple Login Tutorial Learn how to make a simple login

[iGuest 3]

I can't login, "Sorry, could not log you in. Wrong login information."help, please.

[iGuest 3]

This will sound like a stupid question to most, but where do you create the database?

- Database can be inserted by CONTROL PANEL/cpanel provided by your website hosting (web-host) like Xisto - Web Hosting.com- Database can be created through SHELL/COMMAND.
- Database can also be already setup (by your web-host) and you just have to use the login credentials.

[iGuest 3]

Ok, when I register for my site I get this:Warning: mysql_pconnect() [function.mysql-pconnect]: Access denied for user 'UserName'@'localhost' (using password: YES) in /home/etzio/ghet.s2sl.net/dbConfig.php on line 12Error connecting to database.Warning: mysql_select_db() [function.mysql-select-db]: Access denied for user 'www-data'@'localhost' (using password: NO) in /home/etzio/ghet.s2sl.net/dbConfig.php on line 20Warning: mysql_select_db() [function.mysql-select-db]: A link to the server could not be established in /home/etzio/ghet.s2sl.net/dbConfig.php on line 20Warning: mysql_query() [function.mysql-query]: Access denied for user 'www-data'@'localhost' (using password: NO) in /home/etzio/ghet.s2sl.net/register.php on line 40Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/etzio/ghet.s2sl.net/register.php on line 40Warning: mysql_insert_id() [function.mysql-insert-id]: A link to the server could not be established in /home/etzio/ghet.s2sl.net/register.php on line 43Error: User not added to database.

[iGuest 3]

Hi, TO all who has the Sorry, could not log you in. Wrong login informationI had the same problem then I changed the password column to varchar 255 then it worksAND Really THANK YOU for the tutorial.Good work keep it up...

[iGuest 3]

This works great, thanks. I'm totally new to PHP and MySQL, and this really helped me understand it. I tried a lot of other online examples, but none worked--either because of the use of deprecated session variables or because the files were in subdirectories. On my system, the passwords were stored encrypted, so I had to increase the password length in the database to get it to work.

[iGuest 3]

Hello everyone,

I always get the following massage, when I like to register: (register.php)

Warning: mysql_query() [function.mysql-query]: Access denied for user 'www-data'@'localhost' (using password: NO) in /srv/www/httpd/phost/m/de/pytalhost/mydataspace/web/login/register.php on line 39
Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /srv/www/httpd/phost/m/de/pytalhost/mydataspace/web/login/register.php on line 39
Error: User not added to database.

Could anyone help me please to solve that?

Thanks

[Marcovich 0]

Hello everybody,

 

at first thanks for that nice tut.

 

I have copied all code and now all works, but the login.php does not.

 

Always, if I would like to login, it applies the following from the else branch.

 

I have read the entire script several times and found no errors.

 

Well could someone help me please? Is that way of login-type save enough?

If you need some more information, please ask me.

 

Thanks for your effort.

 

Okay I have founded my mistake. The length of the password column was too short. Same as Guest_New guy_* said.

 

But I would like to know, if it is save to work with that script. And also I have found something:

If I register twice with the same data, it do that! That should be avoided.

 

I think of an "if - construction", is there anyone who could help me please?

Edited February 8, 2011 by Marcovich (see edit history)

[iGuest 3]

I want to add some java script validation to the register.php script.however!! everythime i try to execute the script.. i get an error on line 108 which says: Header("Location:register.php?op=thanks");PLEASE CAN SOMEBODY HELP!!my script currently looks like this:

<script language = "Javascript">  function Validate(){    if (document.registration_form.fname.value == '')    {        alert('Please fill in your first name!');        return false;    }            if (document.registration_form.lname.value == '')    {        alert('Please fill in your last name!');        return false;    }    if (document.registration_form.email.value == '')     {       alert('Please fill in your email address!');       return false;    }    if (document.registration_form.username.value == '')     {        alert('Please fill in your desired username!');        return false;    }    if (document.registration_form.password.value == '')    {       alert('Please fill in your desired password!');      return false;    }    if (document.registration_form.confirmation.value == '')    {       alert('Please fill in your password again for confirmation!');      return false;    }    if (document.registration_form.password.value !=     document.registration_form.confirmation.value)    {        alert("The two passwords are not identical! "+        "Please enter the same password again for confirmation");        return false;    }    if (document.registration_form.phone.value == '')    {        alert('Please fill in your phone number!');        return false;    }    return true;}</script><?php        // dbConfig.php is a file that contains your        // database connection information. This        // tutorial assumes a connection is made from        // this existing file.        include ("dbConfig.php");//Input vaildation and the dbase code        if ( $_GET["op"] == "reg" )  {  $bInputFlag = false;  foreach ( $_POST as $field )        {        if ($field == "")    {    $bInputFlag = false;    }        else    {    $bInputFlag = true;    }        }  // If we had problems with the input, exit with error  if ($bInputFlag == false)        {        die( "Problem with your registration info. "    ."Please go back and try again.");        }  // Fields are clear, add user to database  //  Setup query  $q = "INSERT INTO `MEMBER` (`username`,`password`,`email`) "        ."VALUES ('".$_POST["username"]."', "        ."PASSWORD('".$_POST["password"]."'), "        ."'".$_POST["email"]."')";  //  Run query  $r = mysql_query($q);    // Make sure query inserted user successfully  if ( !mysql_insert_id() )        {        die("Error: User not added to database.");        }  else        {        // Redirect to thank you page.        Header("Location:register.php?op=thanks");        }  } // end if//The thank you page        elseif ( $_GET["op"] == "thanks" )  {  echo "<h2>Thanks for registering!</h2>";  }  //The web form for input ability        else  {echo "<form name=\"registration_form\" action=\"?op=reg\" method=\"POST\" onsubmit=\"return Validate()\" >\n"; echo "First Name: <input name=\"fname\" MAXLENGTH=\"20\"><br />\n"; echo "Last Name: <input name=\"lname\" MAXLENGTH=\"10\"><br />\n";   echo "Username: <input name=\"username\" MAXLENGTH=\"16\"><br />\n";  echo "Password: <input type=\"password\" name=\"password\" MAXLENGTH=\"16\"><br />\n";  echo "Password Confirmation: <input type=\"password\" name=\"confirmation\" MAXLENGTH=\"16\"><br />\n";  echo "Email Address: <input name=\"email\" MAXLENGTH=\"25\"><br />\n";    echo "Phone Number: <input name=\"phone\" MAXLENGTH=\"11\"><br />\n";    echo "Date Of Birth: <input name=\"DOB\" MAXLENGTH=\"10\"><br />\n";  echo "<input type=\"submit\">\n";  echo "</form>\n";  }        // EOF        ?>

[iGuest 3]

Plz help it keeps saying error cannot connect to database can someone please help me its for a school project!!!

[iGuest 3]

Hi,
TO all who has the

Sorry, could not log you in. Wrong login information

I had the same problem then I changed the password column to varchar 255

then it works

AND Really THANK YOU for the tutorial.

Good work keep it up...

For all you users out there using GoDaddy Hosted sites with Linux and PHP5 , I have some Updates to this that need to be ammended as i just finished this and it's working great, but there were some things that needed to be changed in the build so that this will work on those hosts.

First off , the above post is correct, you will need to change this to VARCHAR 255 in order for it to work , as in the annotated instructions above, it's set for CHAR 16 , to explain this means that that password would need to be explicitly 16 char in order for it to work , else it will fail with "Sorry Wrong Login Info", by switching it to VARCHAR 255 , you now tell the DB it's ok to have any amount of characters, numbers/letters upto 255 of them for the PW> Tested all scenarios on this and verified it's correct.

2nd Issue to correct :

IF YOU ARE USING PHP5 in your HOSTED Account : Use the following PHP code for your dbConfig.php file. I found this thru trial and error in creation via 2 other tutorials to finally find my problems ;

<?phpob_start();$host="hostname of your DB"; // Host name $username="inserttheadminusernameforthedb"; // Mysql username $password="insertheadminusername_pw_forthedb"; // Mysql password $db_name="insertdatabasenamehere"; // Database name // Connect to server and select databse.mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB");?>

To explain the difference from the original to this, it's simply this 1. The PHP5 needs the ob_start(); command to initialize communication to the db server and the db. 2. if you use the $db="insertname"; as originally built, PHP5 will give you a T_STRING Failure error on line 7 due to the fact that in PHP5 it requires the variable to be $db_name="insertnamehere";
3rd. In the connection paramters : mysql_pconnect("$host", "$username", "$password") else IF "Can't Connect" statement, has to be eliminated and replaced with the above as PHP5 cannot parse the line 13 Char which is { insert notification }. So this has to be replaced with a refined version of the code as listed above. ALSO MAKE NOTE : you need to change the command mysql_pconnect to mysql_connect. PCONNECT is not supported - T_STRING Command failure line 10-12.

So other than that, it's working great now, with my modifications and updates, if you wish to have any updates or questions , let me know, other than that , GREAT JOB! this tutorial is helping me build a Online Members Only ACCESS Gallery for a customer.

Nice

D

[Jez 1]

If someone is planning on implementing something like this here on their Xisto account, I suggest you use Pear. When you have people logging into things on your site, you want to make sure that there is no possibility of sql injection. Pear's DB prepared statement function prevents SQL injection attacks. It's very handy.
Something like this could work

require_once("PEAR.php");require_once("DB.php");PEAR::setErrorHandling(PEAR_ERROR_DIE, "Aaaaargh! Error: %s");$conn = DB::connect("mysql://dbuser:dbpassword@localhost/dbname");$preparedstatement = $conn->prepare('INSERT INTO dbUsers (username, password, email) VALUES (?, ?, ?)');$data = array($_POST['username'], $_POST['password'], $_POST['email']);$conn->execute($preparedstatement, $data);

Please note that I haven't tested this code, it should work, but there might be some stupid typo somewhere.

Not too sure about a Xisto account, however you can just use 'mysql_real_escape_string($myinput)' and that would protect you against SQL injections, you see you have to understand by query a database with text (numeric data obviously is not subjected to this), mysql appreciates everything as a command, like SELECT, FROM AND WHERE are all commands.

This allows the user if no SQL injection protection has been used to issue commands that could read from another database, by using mysql_real_escape_string() or prepare in PDO this sends in the requests as pure text and it's left entirely up to your SQL to actually perform the query, thus eliminating the potential for them to either read from another table, database, or even worse dropping a table or database even (if your privileges are not secure, when using the test database myself, I setup accounts that are only allowed to see certain tables, always think beyond the obvious is my key).

A query can be any type of syntax, like an actual query where you're trying to find the value of something, creating a database, these are all technically in Database logic queries.
Edited June 7, 2011 by Jez (see edit history)

[iGuest 3]

ahm. hi sir, i really appreciate those programmers like you. I keep on practicing your code but still I can't make it. Why?

[iGuest 3]

Hey thanks for this awesome guide, im trying to customize my login.php form.

How would I go about changing the font/colour ext of the username/password fields and input boxes in the echo tags?

"//If all went right the Web form appears and users can log in  echo "<form action=\"?op=login\" method=\"POST\">";  echo "Username: <input name=\"username\" size=\"15\"> <br />";  echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";  echo "<input type=\"submit\" value=\"Login\">";  echo "</form>";"

Any help or links would be much appreciated.

thanks

[iGuest 3]

Thanks for the positive feedback, I haven't implemented, nor tested the code myself (just checked to see if it actually showed up), so if any problems persist, tell me about it, so I can adjust the code hoping it could fix it, if there is a flaw and you know the solution, replying with both the flaw and the solution is always welcome of course

 

Hi,

 

Thanks for the code. It works perfectly. I have just made some adjustments inside the PHP code to make the design better. This code was the first one that I've found that worked on my website.

 

Best regards,

Nulteck

[iGuest 3]

I came here via stackoverflow.com, where this tutorial is linked as answer to several "how to build a login" questions. Well, as a basic tutorial it's okay, but it is very very unsecure ! Never never ever, under no circumstances you should write passwords into the database without hashing ! I build my very own script on top of this, so maybe you want to have a look: http://ww1.php-login.net//?gtnjs=1 ! It's free and opensource. And with password hashing