Jump to content
xisto Community
priteshgupta

Login System I want to make a login system using Mysql. I am amateur in these thing

Recommended Posts

I want to make a login system using Mysql. I am amateur in these things so please explain in detail like spoon feeding. I have already made a database in http://www.sitebooth.com/ now what type of table I should make and and the website or PHP for it . If you think i hav chosen wrong site please give any better database hosting site. Please help me

Best Regards
Pritesh Gupta

Share this post


Link to post
Share on other sites

It's rather easy to do this. I suppose you'll be working with different users, so first you'll need a user database with at least a user ID (a random number, you'll be using this quite often) and a login name.
Next you'll need a password database, in this database you re-use the user ID and have another collumn containing the password (preferably save using MD5).
So you have something like
user database:

| ID   |   NAME	|  MAIL						  || 11   | John		| john@johnymail.com  || 12  | Frans	   | Frans@fransmail.com|

password database
| ID   | password												  || 11   | 8896e76cb1c472a1847e75cf23324577  || 12   | e36aea312ecf63d21b5d134b6998d529  |

User 11 has password: hallo priteshgupta
User 12 has password: dit is een ongeloofelijk lang en belachelijk wachtwoord om te gebruiken

There's a lot of info available about creating login systems and the use of md5 in php (altough I do suggest to use javascript to use the md5-hash because this way you don't send any password in the clear).

And of course, search the internet ;) , probably the best way to learn something.

Share this post


Link to post
Share on other sites

There's no reason to keep the user and password databases separate. One database should suffice, columns you would need are (feel free to change the names, e.g. password to psd, if you want):

ID: Set this to auto-increment - Int with max length 4 should suffice, it allows for 10000 users, increase the length later if necessary

User: A log-in username - Tinytext with max length 16 should be fine.

Password: The hash of a password - Tinytext with max length 40.

Sid: A session ID relating to a user - e.g. Tinytext with max length 40.

Any other data you wish to keep can be stored as well, for example columns:

LLI: The last logged in date

Name: A user's first name

etc.

 

A hash function is a function which takes an input of any length, and returns a fixed-length output. Common hashes include MD5 and SHA1 (the latter is more secure). Hashes are used because they are irreversible (easily verified with the pigeon hole theorem).

 

In a registration page, you should have a series of text boxes for each relevant column (i.e. username and password - plus extras you want like first name). On the page this data is submitted to, what you want to do it:

Retrieve the data using $_POST['user'], where 'password' is replaced with whatever you named it in the previous page. You need some basic checks e.g. username is between 4 and 16 characters (long usernames are annoying!), username consists only of alphanumerical characters (or something similar).

Calculate the hash of the password - e.g. $hash = sha1($_POST['password']);

INSERT INTO the SQL database the relevant data.

 

When you log in, (use a similar form to the registration form except only with username and password boxes), you should SELECT from the table WHERE the username and password (hash) match - if the mysql_num_rows($result) is 1 then success, else fail.

You need to set a session ID associated with the account, which will be used to authenticate the user when he visits other pages. An example could be sha1($user+date("FjYg:ia"));. You need to UPDATE the session ID value stored in the database and set the value as a cookie to the client.

 

When the user visits other pages, you should check whether the session ID is associated with any IDs in the database (basically logging in but checking for session ID match).

 

 

There's a lot of info available about creating login systems and the use of md5 in php (altough I do suggest to use javascript to use the md5-hash because this way you don't send any password in the clear).

I hope you realise how stupid this is, this less less secure than sending passwords as plaintext. If a hacker is able to sniff the password sent, they can easily log in, yes. If it's a hash instead, they can easily spoof the request (e.g. tamper data, javascript injection, packet editor). However if there is an SQL injection vulnerability, a hacker will immediately be able to access any account, regardless of password strength, if the hash is done locally. If the hash is done on the server, one would need to first crack the hash.

Share this post


Link to post
Share on other sites

Again, you can always use md5-based logins instead of cookie-based logins. Here is an example.Notice the way it works, hopefully you already know PHP.It includes an admin center, a login/register system, profiling system, and a session check system.If you are the type of person who learns from examples this is the best file to use. Read all the comments to understand what is going on exactly.

Share this post


Link to post
Share on other sites

I don't get what you're trying to say - look at /include/session.php for example. Lots of cookies there.If you aren't going to have cookies, then the only options (which I can think of) are having to log in on every page, having some form of verification data (e.g. a session ID) on each link on each page, or storing the log-in data to be associated with your IP. I don't see how any of these are better than simply storing a cookie.

Share this post


Link to post
Share on other sites

I don't get what you're trying to say - look at /include/session.php for example. Lots of cookies there.
If you aren't going to have cookies, then the only options (which I can think of) are having to log in on every page, having some form of verification data (e.g. a session ID) on each link on each page, or storing the log-in data to be associated with your IP. I don't see how any of these are better than simply storing a cookie.


I use that, $_SESSION['id'], it works and you don't have to relogin unless you close the window. It works fine and i think its better than creating and using a cookie since some antispyware or some browsers might block cookies from untrusted sites.

Share this post


Link to post
Share on other sites

This is a good login system script of PHP which uses mySQL. It is simple but very effective. Check here yourself:

codingtricks.Blogspot.Com/2008/10/php-login-script-using-sessions-secure.html

-Khurram

Share this post


Link to post
Share on other sites

I do not think making a login system is a good way to start learning PHP - if you are already good at PHP, do carry on.A simple login system might not pose a problem, but "simple" usually means "not secure". What is more, even the easiest ones need to make use of cookies or sessions, or even both. I have been writing PHP code for over a year now, and I still try to postpone writing login systems as much as I can :mellow:It might be a good idea to start with fetching data from the MySQL database, as this is one of the most simple tasks. You can also install different web applications and examine their MySQL structure - reading their PHP code as well is not a good idea, as these applications have very complex coding.

Share this post


Link to post
Share on other sites

Yes SHA1 would be the best hashing algorithm to use for storing passwords. It's used like this in php:

$query1 = mysql_query(INSERT INTO userstable (user, password) VALUES ($user, sha1('".$password."');// This will create the user. The password will be stored as a random 40 character sting, so make sure your table can fit that.$query2 = mysql_query(SELECT * FROM userstable WHERE username = '$user' ANDpassword = sha1('".$password."');//This how you find and select the user...

But I do agree that learning php by coding a login system is like learning to use a drill by building a house. You should start off slow and learn the basics before you tackle a login system.

Share this post


Link to post
Share on other sites
What do you use to make and edit a mySQL database table?Login System

What do you use to make and edit a mySQL database table?

 thats all I need to know!

-reply by Julian

Share this post


Link to post
Share on other sites
Multiple Login HelpLogin System

I have a website http://forums.xisto.com/no_longer_exists/ and I want to try and make it easier for the user to navigate it.  I am really new to mysql and don't really know how to do much on it but I currently have 4 databases set up and would like to make it to where people don't have to log in multiple times.  I have wordpress set up with one user name and password and then zencart with another and simplemachinesforum with yet another and want to consolidate them into one database so that people only have to log in once to use all the services.  Any help would be greatly appreciated. 

-question by Oscar

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.