- Joined
- Jun 8, 2007
- Messages
- 1,985
- Reaction score
- 490
Basicly you only need 3 things for a secure user database.
Start with the register form. (register.php)
Put this code in the head of the PHP page.
Put this code in the body of the PHP page.
That's a registration form.
Put your mysql database information where you see "host", etc..
Before that will work, you need a database to put everything.
EDIT: Click here to see the alternative.
Finally you need the login page (login.php)
Put this at the very start of your page:
I'm not using an md5 encrypt directly, but the crypt() function works too.
- You need the register form.
- You need the login form.
- You need the database.
Start with the register form. (register.php)
Put this code in the head of the PHP page.
PHP:
<?php
//If user submitted the form and entered greater than $max and less than $min characters.
$max = 12; //Max is set to 12.
$min = 3; //Min is set to 3.
if( strlen($_POST['user']) >= ($min) && strlen($_POST['user']) <= ($max) ) {
$user=$_POST['user'];
$pass=$_POST['pass'];
$pass2=$_POST['pass2'];
//If passwords don't match, record error and display message.
if($pass != $pass2) {
echo ('<p>passwords do not match.<br> <a href="'.$_SERVER['HTTP_REFERER'].'">Try Again</a> </p>');
if(strlen($bad)<1) {
$bad=1;
} else {
$bad+=1;
}
}
if(strlen($bad)<1) {
include('connect.php');
// Perform the encryption (leaving first 2 letters of pass the same)
$salt = substr($_POST['pass'], 0, 2);
$pass = crypt($_POST['pass'], $salt);
$insert='INSERT INTO `users` (`user`,`pass`) VALUES("'.$user.'", "'.$pass.'")';
$sql=mysql_query($insert) or die(mysql_error());
echo ('User: '.$user.'<br>Pass: '.$pass.'<br> Created!');
echo('<meta http-equiv="refresh" content="5;URL=login.php" />');
echo('<p><a href="login.php">Refreshing in 5 seconds..</a></p>');
}
}
?>
Put this code in the body of the PHP page.
Code:
<form name="regi" id="regi" action="register.php" method="post" />
<p>
<strong>Username: </strong>
<input type="text" name="user" id="user" value="<?=$user?>" />
<br>
<strong>Password: </strong>
<input type="password" name="pass" id="pass" value="<?=$pass?>" />
<br>
<strong>Repeat Pass:</strong>
<input type="password" name="pass2" id="pass2" value="<?=$pass2?>" />
<br>
<input type="submit" name="submit" id="submit" value="Submit" />
</form>
</p>
That's a registration form.
- We found out if the user submitted the form.
- When they do, check to see if passwords match.
- If there are no errors, encrypt the pass, and add data to database.
PHP:
<?php
// --------------------------- Edit SQL Connect Info --------------------------- //
$sql_host = "host";
$sql_user = "user";
$sql_pass = "pass";
$sql_database = "database";
// ------------------------- DO NOT EDIT BELOW THIS LINE ---------------------------- //
$db = mysql_connect($sql_host, $sql_user, $sql_pass) or die("Could not connect.");
if(!$db)
die("no db");
if(!mysql_select_db($sql_database,$db))
die("No database selected.");
?>
Before that will work, you need a database to put everything.
EDIT: Click here to see the alternative.
- Open PhpMyAdmin. Create a table called users with 3 fields(columns,rows)
- first field name: ID type: BIGINT extra: auto-increment Set to: Primary Key.
- second field name: user type: VARCHAR length: 45 Set to: Unique.
- third field name: pass type: text
- Save.
Finally you need the login page (login.php)
Put this at the very start of your page:
PHP:
<?php
session_start();
//You can log users out with a link to this: login.php?logout=AnyTextHere
if(strlen($_REQUEST['logout'])>0) {
session_destroy();
echo('<meta http-equiv="refresh" content="1;URL=login.php" />');
echo('<p>Logged out.<br><a href="login.php">Refreshing in 1 second..</a></p>');
}
?>
- This needs to be above the <html> tag, and everything else.
- The purpose of the session_start() is to let the page know that it needs to look for session varriables.
- The purpose of the conditional statement there, is to log users out after they click a logout link or button.
PHP:
<?php
if(!isset($_SESSION['user'])) {
if(isset($_POST['submit'])) {
include("connect.php");
// Perform the encryption (leaving first 2 letters of pass the same)
$salt = substr($_POST['pass'], 0, 2);
$pass = crypt($_POST['pass'], $salt);
//Load user details from SQL Database
$userSelect = 'SELECT * FROM `users` WHERE `user` = "'.$_POST['user'].'" AND `pass` = "'.$pass.'" LIMIT 1';
$userQuery = mysql_query($userSelect) or die("Can not find ".$_POST['user']."<br><a href='".$_SERVER['HTTP_REFERER']."'>Try Again</a>");
while($userRow=mysql_fetch_array($userQuery)) {
//Define Session Variables
$_SESSION['user'] = $userRow['user'];
$_SESSION['pass'] = $userRow['pass'];
$_SESSION['ID'] = $userRow['ID'];
}
}
}
?>
- The above part gets the data for the logged in user. It gets them from the database, puts them in a session, and they will later be displayed on the page in the body.
- If the form is not submitted, it does nothing.
PHP:
<?php
if(isset($_SESSION['user'])) {
print '<h1>Hello, <strong>'.$_SESSION['user'].'</strong></h1>';
print '<p>You are now logged in.';
print '<br>Your ID is: <strong>'.$_SESSION['ID'].'</strong>';
print '<br>Your databased password is <strong>'.$_SESSION['pass'].'</strong></p>';
print '<p><a href="'.$_SERVER['PHP_SELF'].'?logout=Log-Me-Out">Click here to logout</a>.</p>';
}
?>
<form name="login" id="login" action="login.php" method="post" />
<strong>Username: </strong>
<input type="text" name="user" id="user" value="<?=$_SESSION['user']?>" /><br />
<strong>Password: </strong>
<input type="password" name="pass" id="pass" value="<?=$_SESSION['pass']?>" /><br />
<input type="submit" name="submit" id="submit" value="Submit" />
</form>
- Basicly, This just gets the data from the session, and displays it on the page. The form will display the session varriables too.
I'm not using an md5 encrypt directly, but the crypt() function works too.
Last edited: