Jump to content
xisto Community
Impious

Step By Step: Login System

By Impious, in Programming

Recommended Posts

Impious    0

Impious
Posted (edited)

Making a simple login system. (Step by step)

 

Creating the configuration file:

 

1st Step - Open the notepad. After puting the tag "<?php"(without quotes) write this:

 

 

$server = 'PUT HERE THE URL OF YOUR MYSQL SERVER';$user = 'USER NAME OF YOUR MYSQL ACCOUNT';$pass = 'PASSWORD OF YOUR MYSQL ACCOUNT';$link = mysql_connect($server,$user,$pass);$base = 'DATABASE NAME';$table = 'TABLE NAME';

2nd Step - close the php code with: "?>"

3rd Step - save the file with the name "config.php"

 

Creating the database installation file:

 

1st Step - Open the notepad. After puting the tag "<?php"(without quotes) write this:

 

/* 01 */ include ("config.php"); /* 02 */ mysql_select_db($base,$link);/* 03 */ $install = mysql_query("/* 04 */ CREATE TABLE $table (/* 05 */   id int(255) NOT NULL auto_increment,/* 06 */   login varchar(200) NOT NULL default '',/* 07 */   password varchar(200) NOT NULL default '',/* 08 */   email varchar(200) NOT NULL default '',/* 09 */   date DATE NOT NULL default '0000-00-00',/* 10 */   time TIME NOT NULL default '00:00:00',/* 11 */   PRIMARY KEY (id)/* 12 */ ) TYPE=MyISAM;") or die("Wrong to create: $table <br>".mysql_error());/* 13 */ $insertTest=mysql_query("INSERT INTO $table (id,login,password,email,date,time) VALUES  ('','test','dGVzdGU=','t-traders@hotmail.com','2007/07/05','14:04:23')"); if($install){/* 14 */ print("Instalation complete! Destroy the file install.php to the system run perfectly!"); }else{/* 15 */ print("Error! Verify if the file config.php is configured!"); }?>
Explanation

line____________explanation

01 request the configuration file(config.php)

02 mysql command: open the database (DATABASE NAME, mysql_connect('YOUR MYSQL SERVER','YOUR MYSQL ACCOUNT NAME','YOUR MYSQL PASSWORD');

03 all variables starts with '$' on php, thats a example of one($install)

04 mysql command: create a table on mysql database with the name 'TABLE NAME' ($table)

05 mysql command: insert a field with the name: "id", this is using the auto_increment option, this auto complete the field when added any base

06 mysql command: insert a login field

07 mysql command: insert a password field

08 mysql command: insert a email field

09 mysql command: insert a date field with '0000-00-00' as default

10 mysql command: insert a time field with '00:00:00' as default

11 mysql command: set "id' as primary key of the table

12 mysql command: if have anything wrong and it cant add a table to the database this write the msg with the error

13 mysql command: insert test bases

14 if the script runs OK the msg "Instalation complete! Destroy the file install.php to the system run perfectly!" is show

15 if this not work shows the msg "Error! Verify if the file config.php is configured!"

 

2nd Step - Save the file with the name: install.php

3rd Step - Upload the files: config.php and install.php . Execute the install.php.

4th Step - Delete the file "install.php".

 

Creating the Registration Form:

1st Step - Create a table like this:

 

 

$m is the varible that shows the error message like: "Invalid E-mail"

$loginvalue is the value of the gap "login"(its for when anything is wrong the user dont have to write all gaps again

$emailvalue is like the loginvalue

$code is a random code antibots

the table contains a login gap; a password gap; an e-mail gap and an antibot gap

 

/* 01 */<table style="text-align: left; width: 100%;" border="0" cellpadding="0" cellspacing="0">/* 02 */	<form action="register.php" method="post">	<tbody>/* 03 */	  <tr>/* 04 */		 <font color="#ff0000" size="2"><strong><?= $m ?></strong></font>/* 05 */	  </tr>	  <tr>		<td style="width: 60px;">Login:</td>/* 06 */		<td style="width: 649px;"><input name="login" type="text" value="<?= $loginvalue ?>"></td>	  </tr>	  <tr>		<td style="width: 60px;">Password:</td>/* 07 */		<td style="width: 649px;"><input name="password" type="password"></td>	  </tr>	  <tr>		<td style="width: 60px;">Email:</td>/* 08 */		<td style="width: 649px;"><input name="email" type="text" value="<?= $emailvalue ?>"></td>	  </tr>	  <tr>		<td style="width: 60px;">Code:</td>		<td style="width: 649px;">  /* 09 */		<font color="#6633cc" face="Tahoma" size="2"><strong><?= $code ?></strong></font><font color="#6633cc" face="Tahoma" size="2">	  <input name="code" size="4" maxlength="4" type="text"></font></td>	  </tr>	  <tr>		<td style="width: 60px;"> <input name="correct_code" value="<?= $code ?>" type="hidden">/* 10 */		<input name="Submit" value="Submit!" type="submit"></td>		<td style="width: 649px;"></td>	  </tr>	</tbody>/* 11 */  </form>/* 12 */</table>

Explanation

line____________explanation

01 open a table with this characteristics: align text on left, width size = 100% of the page, none border, cellpadding or cellspacing

02 open a form thats send informations to register.php with the post method

03 <tr> represents rows

04 show the error msg, if exists

05 close this row

06 <td> represents cols, on this col have a login gap with text type

07 password gap, password type is those that transform all character in **************

08 email gap

09 shows the generated random code(antibot system)

10 submit the of information of this gaps to register.php

11 close this form

12 close this table

 

 

2nd Step - placing the table on php code:

Create a file and rename to index.php. Place this:

 

<?phpsrand((double)microtime()*1000000); /* 01 */$code=rand(1000, 5000); /* 02 */$msg = $_GET['msg']; /* 03 */$m=base64_decode($msg); /* 04 */$evalue = $_GET['evalue']; /* 05 */$lvalue = $_GET['lvalue']; /* 06 */$emailvalue=base64_decode($evalue);  /* 07 */$loginvalue=base64_decode($lvalue); ?>/* 08 */  <table style="text-align: left; width: 100%;" border="0" cellpadding="0" cellspacing="0">/* 09 */	<form action="register.php" method="post">	<tbody>/* 10 */	  <tr>/* 11 */		 <font color="#ff0000" size="2"><strong><?= $m ?></strong></font>/* 12 */	  </tr>	  <tr>/* 13 */		<td style="width: 60px;">Login:</td>/* 14 */		<td style="width: 649px;"><input name="login" type="text" value="<?= $loginvalue ?>"></td>	  </tr>	  <tr>/* 15 */		<td style="width: 60px;">Password:</td>/* 16 */		<td style="width: 649px;"><input name="password" type="password"></td>	  </tr>	  <tr>/* 17 */		<td style="width: 60px;">Email:</td>/* 18 */		<td style="width: 649px;"><input name="email"type="text" value="<?= $emailvalue ?>"></td>	  </tr>	  <tr>/* 19 */		<td style="width: 60px;">Code:</td>		<td style="width: 649px;">  /* 20 */		<font color="#6633cc" face="Tahoma" size="2"><strong><?= $code ?></strong></font><font color="#6633cc" face="Tahoma" size="2">/* 21 */	  <input name="code" size="4" maxlength="4" type="text"></font></td>	  </tr>	  <tr>/* 22 */		<td style="width: 60px;"> <input name="correct_code" value="<?= $code ?>" type="hidden">/* 23 */		<input name="Submit" value="Submit!" type="submit"></td>		<td style="width: 649px;"></td>	  </tr>	</tbody>/* 24 */  </form>/* 25 */</table>
Explanation

line____________explanation

01 defines a variable with a code randomized between 1000 and 5000. thats for the antibot system

02 $_GET[] is a sintax that get a information in GET method, thats spefied by the clasps inside. in this example this gets the information sent by 'msg'.

03 base64_decode() decodes values encodeds using base64[to encode use base64_encode()] this decodes the information sent by form with GET method, got by $msg

04 $_GET[] is a sintax that get a information in GET method, thats spefied by the clasps inside. in this example this gets the information sent by 'evalue'.

05 $_GET[] is a sintax that get a information in GET method, thats spefied by the clasps inside. in this example this gets the information sent by 'lvalue'.

06 base64_decode() decodes values encodeds using base64[to encode use base64_encode()] this decodes the information sent by form with GET method, got by $evalue

07 base64_decode() decodes values encodeds using base64[to encode use base64_encode()] this decodes the information sent by form with GET method, got by $lvalue

08 open a table with this characteristics: align text on left, width size = 100% of the page, none border, cellpadding or cellspacing

09 open a form thats send informations to register.php with the post method

10 <tr> represents rows

11 show the error msg, if exists

12 close this row

13 thats the label(login:) for the input <input name="login" type="text" value="<?= $loginvalue ?>">

14 login gap.. the value is to when have any error this returns to this forms and show the information previously typed.. thir shows the login typed.. got by $_GET['lvalue'] and decoded by $loginvalue=base64_decode($lvalue); (7th line)

15 "password:" label for the input: <input name="password" type="password">

16 password gaps (with the type: password, thats transforms all characters in ***********)

17 "email:" for <input name="email" type="text" value="<?= $emailvalue ?>">

18 email gap.. the value is to when have any error this returns to this forms and show the information previously typed.. thir shows the email typed.. got by $_GET['evalue'] and decoded by $emailvalue=base64_decode($evalue); (8th line)

19 "code:" label for <?= $code ?> and <input name="code" size="4" maxlength="4" type="text">

20 shows the code randomized for antibot system.. with #6633cc color, Tahoma face and size 2

21 thats the gap to the user type the code showed before

22 sends the correct code, to compare with the code typed

23 submit gap, sends all this information typed by the user

24 close this form

25 close this table

 

 

Save this file.

 

3rd Step - Validating the antibot code. Create a document with the name "register.php" and place this:

 

<?php$login = $_POST['login']; /* geting the login */$password = $_POST['password']; /* geting the password */$code = $_POST['code']; /* geting the code */$email = $_POST['email']; /* geting the email */$correct_code = $_POST['correct_code']; /* geting the correct code */		 if(!empty($code)){ /* looking if the code was written */		 /* looking if the code is correct */		 if($code == $correct_code){		 $l = base64_encode($login);		 $s = base64_encode($password);		 $e = base64_encode($email);		 header("Location: register2.php?l=$l&s=$s&e=$e"); /* here the code is right and the registration is being redirecting */		 }		 else{		 $lvalue = base64_encode($login);		 $evalue = base64_encode($email);		 $m = base64_encode("Invalid Code!");		 		 header("Location: index.php?msg=$m&evalue=$evalue&lvalue=$lvalue");}}else{$m = base64_encode("Write the code!");$lvalue = base64_encode($login);$evalue = base64_encode($email);header("Location: index.php?msg=$m&evalue=$evalue&lvalue=$lvalue");}?>

4th Step - Filtering the informations. Create a file with the name "register2.php" and write this:

 

<?phpinclude ("config.php");mysql_select_db($base,$link);$e = $_GET['e'];$l = $_GET['l'];$s = $_GET['s'];$email = base64_decode($e);$login = base64_decode($l);$password = base64_decode($s);$pattern2 = "([0-9_A-Z_a-z])+[-_,_._>_<_~_^_/_?_°_\_|_!_š_²_³_£_¢__§_º_@_#_%_¨_&_*_+_}_*_'_]";/* filtering characters on login */if(ereg($pattern2,$login) == true){$m = base64_encode("Login contains invalid characters!");$lvalue = base64_encode($login);$evalue = base64_encode($email);header("Location: index.php?msg=$m&evalue=$evalue&lvalue=$lvalue");exit;}$pattern2 = "([0-9_A-Z_a-z])+[-_,_._>_<_~_^_/_?_°_\_|_!_š_²_³_£_¢__§_º_@_#_%_¨_&_*_+_}_*_'_]";/* filtering characters on password */if(ereg($pattern2,$password) == true){$m = base64_encode("Password contains invalid characters!");$lvalue = base64_encode($login);$evalue = base64_encode($email);header("Location: index.php?msg=$m&evalue=$evalue&lvalue=$lvalue");exit;}$pattern3 = "([0-9_A-Z_a-z])+[,><~^/?°\|!š²³£¢§º#%¨&*+}*']";/* filtering characters on email */if(ereg($pattern3,$email) == true){$m = base64_encode("E-mail contains invalid characters!");$lvalue = base64_encode($login);$evalue = base64_encode($email);header("Location: index.php?msg=$m&evalue=$evalue&lvalue=$lvalue");exit;}/* looking if e-mail is valid */if (!(strpos($email,"@")) OR strpos($email,"@") != strrpos($email,"@")){$m = base64_encode("Invalid E-mail!");$lvalue = base64_encode($login);$evalue = base64_encode($email);header("Location: index.php?msg=$m&evalue=$evalue&lvalue=$lvalue");exit;}/* looking if the password have more than 6 characters */if(strlen($password) < 6){$m = base64_encode("Your password must contain at least 6 characters !");$lvalue = base64_encode($login);$evalue = base64_encode($email);header("Location: index.php?msg=$m&evalue=$evalue&lvalue=$lvalue");exit;}/* looking if the password have more than 3 characters */if(strlen($login) < 3){$m = base64_encode("Your login must contain at least 6 characters !");$lvalue = base64_encode($login);$evalue = base64_encode($email);header("Location: index.php?msg=$m&evalue=$evalue&lvalue=$lvalue");exit;}$sql=mysql_query("SELECT login FROM $table WHERE login='$login'");/* looking if the login exists */if(mysql_num_rows($sql)>0){$m = base64_encode("Existing user!");$lvalue = base64_encode($login);$evalue = base64_encode($email);header("Location: index.php?msg=$m&evalue=$evalue&lvalue=$lvalue");exit;}$sql1=mysql_query("SELECT login FROM $table WHERE email='$email'");/* looking if the email exists */if(mysql_num_rows($sql)>0){$m = base64_encode("Registered email already!");$lvalue = base64_encode($login);$evalue = base64_encode($email);header("Location: index.php?msg=$m&evalue=$evalue&lvalue=$lvalue");exit;}else{	$c_password1= base64_encode($password);	$date= date("Y/m/d");	$hour= date("H:i:s");		mysql_query("	INSERT INTO `$table` ( `id` , `login` , `password` , `email` , `date` , `time` ) 	VALUES (	'', '$login', '$c_password1', '$email', '$date', '$hour'	)") OR die("Error at open database!");	$m = base64_encode("Registration completed. Now you can log in!");	header("Location: login.php?msg=$m");	exit;}mysql_close($link);?>

Creating a Login form:

 

1st Step: Create a file with this name: login.php, and write this:

 

<?phpinclude ("config.php");$msg = $_GET['msg'];$m = base64_decode("$msg");$lvalue = $_GET['lvalue'];$loginvalue = base64_decode("$lvalue");$loginenc = base64_encode("login");$passwordenc = base64_encode("password");$login1 = @$_COOKIE['$loginenc'];$password1 = @$_COOKIE['$passwordenc'];$logout = base64_encode("logout");mysql_select_db($base,$link);$sql5 = "SELECT * FROM $table WHERE login='$login1'";$result = mysql_query($sql5);$row = mysql_fetch_assoc($result);$get_login = $row['login'];$v_password = $row['password'];$get_password = base64_decode("$v_password");$sql1=mysql_query("SELECT login FROM $table WHERE login='$login1'");/* verifying if the user is already log in */if(mysql_num_rows($sql1)>0){if($password1 == $get_password && $get_login == $login1){?> <center>Welcome, <?= $login1 ?><a href="login2.php?action=<?= $logout ?>"> Logout</a><br><br> put here the user page <?exit;}}/* if the user arent logged in, open the login form */else{?><table align="center" style="text-align: center;" border="0"cellpadding="0" cellspacing="0"><form action="login2.php?action=<?= $loginenc ?>" method="post">  <tbody>	<tr>	  <td colspan="2" rowspan="1"><font color="#CC0033" size="2"><strong>		 <?= $m ?><br><br></strong></td>	</tr>	<tr>	  <td style="width: 60px;">Login:</td>	  <td><input class=field name="login" type="text" value="<?= $loginvalue ?>"></td>	</tr>	<tr>	  <td style="width: 60px;">Password:</td>	  <td><input class=field name="password" type="password"></td>	</tr>	<tr>	  <td style="width: 60px;"></td>	  <td><input class=bottom name="Submit" value="Log in!" type="submit"></td>	</tr>  </tbody></table></form><?	}mysql_close($link);?>

 

2nd Step: Create a file with the name: login2.php, and write this:

 

<?phpinclude ("config.php");$get_login = $_POST['login'];$get_password = $_POST['password'];$get_action = $_GET['action'];$loginenc = base64_encode("login");$passwordenc = base64_encode("password");mysql_select_db($base,$link);$sql5 = "SELECT * FROM $table WHERE login='$get_login'";$result = mysql_query($sql5);$row = mysql_fetch_assoc($result);$ver_login = $row['login'];$v_password = $row['password'];$get_password2 = base64_decode("$v_password");/* loging out */$logout = base64_encode("logout");if($get_action == $logout){setcookie('$loginenc',00);setcookie('$passwordenc',00);header('Location: login.php');}if($get_action == $loginenc){$pattern2 = "([0-9_A-Z_a-z])+[-_,_._>_<_~_^_/_?_°_\_|_!_š_²_³_£_¢__§_º_@_#_%_¨_&_*_+_}_*_'_]";if(ereg($pattern2,$get_login) == true || ereg($pattern2,$get_password) == true){$m = base64_encode("Login ou password incorreto!");header("Location: login.php?msg=$m");exit;}/* if the password is valid to this login set a cookie with this information */if($get_password2 == $get_password){setcookie('$loginenc',$get_login);setcookie('$passwordenc',$get_password);header("Location: login.php");exit;}else{$m = base64_encode("Login ou password incorreto!");header("Location: login.php?msg=$m");}}mysql_free_result($result);mysql_close($link);?>

Finishing: up this files and test the system.

 

Sorry if anything is wrong or incomplete, this is my first tutorial.. if anything is wrong please post here and if is possible with the fix xD

 

Yours Impious

Edited by Impious (see edit history)

Share this post

Link to post
Share on other sites

Sten    0

Sten
Posted

Thanks so much for this tutorial!ill try it soon sometime, its just what i needed, to make a members system for my website!i hope it works, after i try it ill tell u any problems i find in it!thanks!

Share this post

Link to post
Share on other sites

jimmy89    0

jimmy89
Posted

Same here! From a quick look the code looks good, but I might have missed something! I'll try it out in a few days - when i get a moment of spare time!-jimmy

Share this post

Link to post
Share on other sites

Chesso    0

Chesso
Posted

Looks pretty good to me at a first glance.Might consider expanding it, to explain some of the code for the newbies out there, maybe some of the functions etc you use?Or perhaps just a bit more in-depth as to what each bits and bobs do.

Share this post

Link to post
Share on other sites

Impious    0

Impious
Posted

you're right chesso.. I already was thinking on explaining the functions, etc better..but, in the principle this post is for more experienced people and/or for who that simply want a system, without knowing necessarily as it functions..but, i'll do this on the next week, cause im very busy now.. :P

Share this post

Link to post
Share on other sites

HellFire121    0

HellFire121
Posted

Nice job anyways, even without an explanation of what things do someone that knows a bit of php/mysql can easily figure out what it is and how you got it to work. This can easily be adapted to form something better as well as giving a good example of how mysql can be used to secuerly store information.-HellFire

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept