Results 1 to 7 of 7
  1. #1
    valkosoft
    valkosoft is offline
    Guest
    Join Date
    2012 Jul
    Posts
    1
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    1
    Thanked in
    1 Post
    Rep Power
    0

    Simple Register,login,logoff system

    First make a database and upload those tables into your database:

    users.sql

    Code:
    CREATE TABLE `users` (
    
    `id` INT( 50 ) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
    
    `username` VARCHAR( 15 ) NOT NULL ,
    
    `password` VARCHAR( 15 ) NOT NULL ,
    
    `email` VARCHAR( 50 ) NOT NULL
    
    )
    index.php

    Code:
    <?php
    
    
    //This will start a session
    
    session_start();
    
    
    $username = $_SESSION['username'];
    
    $password = $_SESSION['password'];
    
    
    //Check do we have username and password
    
    if(!$username && !$password){
    
    echo "Welcome Guest! <br> <a href=login.php>Login</a> | <a href=register.php>Register</a>";
    
    }else{
    
    echo "Welcome ".$username." (<a href=logout.php>Logout</a>)";
    
    }
    
    
    
    ?>
    Now let's make a register.php file

    Code:
    <?php
    
    
    //This function will display the registration form
    
    function register_form(){
    
    
    $date = date('D, M, Y');
    
    echo "<form action='?act=register' method='post'>"
    
    ."Username: <input type='text' name='username' size='30'><br>"
    
    ."Password: <input type='password' name='password' size='30'><br>"
    
    ."Confirm your password: <input type='password' name='password_conf' size='30'><br>"
    
    ."Email: <input type='text' name='email' size='30'><br>"
    
    ."<input type='hidden' name='date' value='$date'>"
    
    ."<input type='submit' value='Register'>"
    
    ."</form>";
    
    
    }
    
    
    //This function will register users data
    
    function register(){
    
    
    //Connecting to database
    
    $connect = mysql_connect("host", "username", "password");
    
    if(!$connect){
    
    die(mysql_error());
    
    }
    
    
    //Selecting database
    
    $select_db = mysql_select_db("database", $connect);
    
    if(!$select_db){
    
    die(mysql_error());
    
    }
    
    
    //Collecting info
    
    $username = $_REQUEST['username'];
    
    $password = $_REQUEST['password'];
    
    $pass_conf = $_REQUEST['password_conf'];
    
    $email = $_REQUEST['email'];
    
    $date = $_REQUEST['date'];
    
    
    //Here we will check do we have all inputs filled
    
    
    if(empty($username)){
    
    die("Please enter your username!<br>");
    
    }
    
    
    if(empty($password)){
    
    die("Please enter your password!<br>");
    
    }
    
    
    if(empty($pass_conf)){
    
    die("Please confirm your password!<br>");
    
    }
    
    
    if(empty($email)){
    
    die("Please enter your email!");
    
    }
    
    
    //Let's check if this username is already in use
    
    
    $user_check = mysql_query("SELECT username FROM users WHERE username='$username'");
    
    $do_user_check = mysql_num_rows($user_check);
    
    
    //Now if email is already in use
    
    
    $email_check = mysql_query("SELECT email FROM users WHERE email='$email'");
    
    $do_email_check = mysql_num_rows($email_check);
    
    
    //Now display errors
    
    
    if($do_user_check > 0){
    
    die("Username is already in use!<br>");
    
    }
    
    
    if($do_email_check > 0){
    
    die("Email is already in use!");
    
    }
    
    
    //Now let's check does passwords match
    
    
    if($password != $pass_conf){
    
    die("Passwords don't match!");
    
    }
    
    
    
    //If everything is okay let's register this user
    
    
    $insert = mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')");
    
    if(!$insert){
    
    die("There's little problem: ".mysql_error());
    
    }
    
    
    echo $username.", you are now registered. Thank you!<br><a href=login.php>Login</a> | <a href=index.php>Index</a>";
    
    
    }
    
    
    switch($act){
    
    
    default;
    
    register_form();
    
    break;
    
    
    case "register";
    
    register();
    
    break;
    
    
    }
    
    
    ?>
    Now let's make a login page, login.php:

    Code:
    <?php
    
    session_start();
    
    
    //This displays your login form
    
    function index(){
    
    
    echo "<form action='?act=login' method='post'>" 
    
    ."Username: <input type='text' name='username' size='30'><br>"
    
    ."Password: <input type='password' name='password' size='30'><br>"
    
    ."<input type='submit' value='Login'>"
    
    ."</form>"; 
    
    
    }
    
    
    //This function will find and checks if your data is correct
    
    function login(){
    
    
    //Collect your info from login form
    
    $username = $_REQUEST['username'];
    
    $password = $_REQUEST['password'];
    
    
    
    //Connecting to database
    
    $connect = mysql_connect("host", "username", "password");
    
    if(!$connect){
    
    die(mysql_error());
    
    }
    
    
    //Selecting database
    
    $select_db = mysql_select_db("database", $connect);
    
    if(!$select_db){
    
    die(mysql_error());
    
    }
    
    
    //Find if entered data is correct
    
    
    $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
    
    $row = mysql_fetch_array($result);
    
    $id = $row['id'];
    
    
    $select_user = mysql_query("SELECT * FROM users WHERE id='$id'");
    
    $row2 = mysql_fetch_array($select_user);
    
    $user = $row2['username'];
    
    
    if($username != $user){
    
    die("Username is wrong!");
    
    }
    
    
    
    $pass_check = mysql_query("SELECT * FROM users WHERE username='$username' AND id='$id'");
    
    $row3 = mysql_fetch_array($pass_check);
    
    $email = $row3['email'];
    
    $select_pass = mysql_query("SELECT * FROM users WHERE username='$username' AND id='$id' AND email='$email'");
    
    $row4 = mysql_fetch_array($select_pass);
    
    $real_password = $row4['password'];
    
    
    if($password != $real_password){
    
    die("Your password is wrong!");
    
    }
    
    
    
    
    //Now if everything is correct let's finish his/her/its login
    
    
    session_register("username", $username);
    
    session_register("password", $password);
    
    
    echo "Welcome, ".$username." please continue on our <a href=index.php>Index</a>";
    
    
    
    
    
    }
    
    
    switch($act){
    
    
    default;
    
    index();
    
    break;
    
    
    case "login";
    
    login();
    
    break;
    
    
    }
    
    ?>
    And now.. logout.php

    Code:
    <?php
    
    session_start();
    
    
    //This function will destroy your session
    
    session_destroy();
    
    echo "You are now logged out! <a href=index.php>Index</a> or <a href=login.php>Login</a>";
    
    
    ?>
    I hope it helped.. have fun!

  2. The Following User Says Thank You to valkosoft For This Useful Post:


  3. #2
    Smackie
    Smackie is offline
    Guest
    Join Date
    2012 Dec
    Posts
    2
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    nice little tutorial I know when I first started learning php I had tough time finding tutorials.


    Smackie

  4. #3
    GodLesZ
    GodLesZ is offline
    New member GodLesZ's Avatar
    Join Date
    2012 Dec
    Location
    Germany, NRW
    Posts
    4
    Thanks Thanks Given 
    1
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    Quote Originally Posted by Smackie View Post
    nice little tutorial I know when I first started learning php I had tough time finding tutorials.
    NO ONE needs tutorials like this!
    He even forgot to use mysql_real_escape_string() to escape the strings before passing them to the mysql server.
    Just enter as password " ' OR '1 " (without the double quotes) and your are logged in, regardless of the username you choosed.

    Or Enter " '; DROP TABLE users; # " (without the double quotes) and you will kill the mysql user table.
    People like him should maybe post a tutorial for "how should i NOT copy & paste code" or even "how to code insecure".

    Learn before posting something like this!

  5. #4
    lightoflife
    lightoflife is offline
    New member
    Join Date
    2013 Jan
    Posts
    20
    Thanks Thanks Given 
    2
    Thanks Thanks Received 
    3
    Thanked in
    2 Posts
    Rep Power
    0
    The other problem is that with this code, the password is in clear in the database so, if like the majority of people, the password entered for this application is the same as the password used for the email/facebook login and so on, the admin can know it.
    it's a general warning, take care of where u log in and never use different password for forum/critical applications

    and for your login code, add at least a md5 crypt to save in database and in the login script, compare the password crypted with the on in the database.

  6. #5
    P5yl0
    P5yl0 is offline
    New member P5yl0's Avatar
    Join Date
    2012 Jul
    Location
    DE
    Posts
    21
    Thanks Thanks Given 
    9
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    nice.. but would be better with an encryption for pass
    Kin 164 - Im a Yello Seed^^

  7. #6
    witawat
    witawat is offline
    New member
    Join Date
    2012 Sep
    Posts
    7
    Thanks Thanks Given 
    3
    Thanks Thanks Received 
    3
    Thanked in
    3 Posts
    Rep Power
    0
    can protect sql inject for code ?

  8. #7
    xMatrix
    xMatrix is offline
    New member xMatrix's Avatar
    Join Date
    2013 Mar
    Posts
    6
    Thanks Thanks Given 
    1
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    This is not safe. "if (! $ username &&! ​​$ password) {" check only "username" and "password" is non-NULL, and can be any value.

    To protect against SQL Injection use mysql_real_escape_string

    "SELECT * FROM users WHERE username = '". Mysql_real_escape_string ($ username). "' AND password = '". Mysql_real_escape_string ($ password). "'"

Similar Threads

  1. Prevent automatic logoff ingame
    By frigate in forum TERA Online
    Replies: 2
    Last Post: 2012-06-30, 07:00 AM
  2. [Request] Re-register CPF
    By mukamos in forum Aika Guides, Tutorials
    Replies: 1
    Last Post: 2012-06-28, 11:29 PM
  3. [Info] Auction System and Mail System
    By Gasmask in forum Aika Guides, Tutorials
    Replies: 0
    Last Post: 2012-06-03, 08:34 PM
  4. [Request] Clientless login
    By wappywappy in forum Aika Online
    Replies: 2
    Last Post: 2012-01-01, 02:37 AM
  5. [Info] Login data autofill
    By ADACH in forum Requiem Bots, Hacks, Cheats
    Replies: 5
    Last Post: 2011-05-16, 06:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •