SitePoint Sponsor

User Tag List

Results 1 to 9 of 9

Thread: Login script

  1. #1
    SitePoint Member XtraElusive's Avatar
    Join Date
    Jul 2003
    Location
    CA
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exclamation Login script

    I have a register form that puts the entries of the u/n, pass, etc in a DB. Now I'm trying to create a login system that does this:
    1)Checks to see if the username they put in a LOGIN form exists in the DB under the u/n section.
    2)If it does then check to see if the pass that is registered to that u/n is correct.
    3)Then set the cookie that they are logged in. (I could probably figure it out for the cookie, but I've never used them before.)
    -Thx
    [Xtra]

  2. #2
    La la la la la bronze trophy lieut_data's Avatar
    Join Date
    Jun 2003
    Location
    Waterloo, ON
    Posts
    1,517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by XtraElusive
    I have a register form that puts the entries of the u/n, pass, etc in a DB. Now I'm trying to create a login system that does this:
    1)Checks to see if the username they put in a LOGIN form exists in the DB under the u/n section.
    2)If it does then check to see if the pass that is registered to that u/n is correct.
    On your login check page, simply execute a query to check for matching usernames / passwords:

    PHP Code:
    $sql "SELECT * FROM login_table WHERE username=$username AND $password = $password
    $username & $password being assigned by the script (or grabbed from $_POST)

    Call mysql_num_rows($sql_result), and if it is greater than 0, there was at least one matching record, and you have validated the user.

    Quote Originally Posted by XtraElusive
    3)Then set the cookie that they are logged in. (I could probably figure it out for the cookie, but I've never used them before.)
    -Thx
    [Xtra]
    You may be better off using sessions to handle user logins, as they are more secure than simple cookies -- see session in the PHP manual

    Cheers!
    My name is Steve, and I'm a super-villian.

  3. #3
    SitePoint Member XtraElusive's Avatar
    Join Date
    Jul 2003
    Location
    CA
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Alright, thx, I guess I gotta go read Sessions then ^_^. *goes to reread and implement script*

  4. #4
    Non-Member
    Join Date
    Jan 2003
    Posts
    5,748
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Also either via PHP use MD5 or use via mySQL PASSWORD function to hide passwords... Slightly more scripting to do but honestly it's not that much more and what a difference it makes...


  5. #5
    SitePoint Member XtraElusive's Avatar
    Join Date
    Jul 2003
    Location
    CA
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question ?

    Quote Originally Posted by Dr Livingston
    Also either via PHP use MD5 or use via mySQL PASSWORD function to hide passwords...
    I am not familiar with 'MD5'... what is it?

  6. #6
    SitePoint Enthusiast
    Join Date
    Jul 2003
    Location
    Norway
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    MD5 is a method to create a checksum for strings, files or whatever. The checksum is stored instead of the actual password. Because the passwords aren't stored anywhere, it is impossible to steal them. Also, it is near impossible to find a string that results in the same checksum as the password does.

  7. #7
    SitePoint Member XtraElusive's Avatar
    Join Date
    Jul 2003
    Location
    CA
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    WEll, I haven't heard of this method... I'm new to PHP etc, maybe if you could give me a website or something to point me on how to do it...that would be great.

  8. #8
    La la la la la bronze trophy lieut_data's Avatar
    Join Date
    Jun 2003
    Location
    Waterloo, ON
    Posts
    1,517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    See

    md5

    MD5 can be executed as part of your PHP script:
    PHP Code:
    $password md5($old_password); 
    Or Password or Md5 as part of an SQL query:

    PHP Code:
    $sql "INSERT INTO ... VALUES(PASSWORD($password))...";
    $sql "INSERT INTO ... VALUES(MD5($password))..."
    My name is Steve, and I'm a super-villian.

  9. #9
    SitePoint Member XtraElusive's Avatar
    Join Date
    Jul 2003
    Location
    CA
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Alright thx, I'll take a whack at it. You're exceptionally helpful, if you could, take a look at my other post talking about the WHERE ID='$id'"; not working in an UPDATE thing...
    (http://www.sitepointforums.com/showt...846#post854846)
    Thx again.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •