SitePoint Sponsor |
|
User Tag List
Results 1 to 25 of 39
Thread: what login script do you use?
-
Sep 3, 2008, 23:10 #1
- Join Date
- Sep 2006
- Posts
- 398
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
what login script do you use?
ive been using this one for a while
http://www.roscripts.com/PHP_login_script-143.html
but it seems really simple, and im not too sure about its security. does anyone recommend a different one (thats free)
thanks
-
Sep 3, 2008, 23:13 #2
- Join Date
- Feb 2008
- Location
- Atlit, Israel
- Posts
- 470
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
What do you want to achieve? Just a simple way to password protect a certain page?
Learn about the new Retro Framework
Code PHP the way it was meant to be coded!
-
Sep 3, 2008, 23:15 #3
- Join Date
- Sep 2006
- Posts
- 398
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
thats what ive been using it for so far, but now i need to make a full on user system which im hoping will become pretty large
-
Sep 3, 2008, 23:56 #4
- Join Date
- Feb 2008
- Location
- Atlit, Israel
- Posts
- 470
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
And why not code one yourself?
Learn about the new Retro Framework
Code PHP the way it was meant to be coded!
-
Sep 4, 2008, 11:42 #5
- Join Date
- Sep 2006
- Posts
- 398
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
id rather use a premade script and not have to worry if its secure or not.... so, no suggestions
-
Sep 4, 2008, 12:18 #6
- Join Date
- May 2006
- Location
- Lancaster University, UK
- Posts
- 7,062
- Mentioned
- 2 Post(s)
- Tagged
- 0 Thread(s)
Originally Posted by franco
If you want to learn, learn how login systems work and write one yourself (and learn sessions inside out). If you don't know how secure it is - post your script and we'll be more than glad to assist you with it.
If you don't want to learn, I'd have to wonder why you're even on SitePoint.Jake Arkinstall
"Sometimes you don't need to reinvent the wheel;
Sometimes its enough to make that wheel more rounded"-Molona
-
Sep 4, 2008, 21:04 #7
- Join Date
- Sep 2006
- Posts
- 398
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
-
Sep 4, 2008, 21:30 #8
if you don't want to learn and even don't know about the security issues & suppose two people says it is secure & two says it is not! then to whom will you believe?
DoFollow Backlink Checker | Internet Marketing and SEO Forums
22,000+ List of Directories to submit your site. List of Blogs, Forums, Press Release, Social Media... (sort by PR & Alexa)
-
Sep 4, 2008, 22:15 #9
- Join Date
- Feb 2008
- Location
- Atlit, Israel
- Posts
- 470
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Come on, you've been on SitePoint long enough... Ain't it time you started learning some PHP?
Learn about the new Retro Framework
Code PHP the way it was meant to be coded!
-
Sep 5, 2008, 10:43 #10
- Join Date
- Sep 2006
- Posts
- 398
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
seriously you guys, i know more than enough php, and have coded plenty of sites. did i post this in the wrong forum category? or should i have posted it in the Scripts and Online Services category because thats all i want, someone to point me in the direction of a decent login script. when i want to learn sessions and all that, i will, and im sure its not even that difficult, but at the moment, i got to much crap in my head, so can someone please just help me out
if someone came here asking whats a good bloggin script, you wouldnt try to teach him how to code a blog would you?
-
Sep 5, 2008, 12:18 #11
- Join Date
- May 2006
- Location
- Lancaster University, UK
- Posts
- 7,062
- Mentioned
- 2 Post(s)
- Tagged
- 0 Thread(s)
seriously you guys
someone to point me in the direction of a decent login script
if someone came here asking whats a good bloggin script, you wouldnt try to teach him how to code a blog would you?
A login system... I made those when I was 13 (Ok yes I made a decently-featured blog when I was 14 but that's not the point here).
They are basic and involve no learning other than sessions and maybe MD5.
Simple stuff:
- Create a table for users, with a primary key, their username, their password (quite a few chars long because it's going to be MD5ed) and any other details you want
- Make a registration form which inserts stuff into the database
- Make a login form. This runs a simple query:
Code sql:SELECT id, someothercolumn, etc FROM TABLE WHERE username = '{$username}' AND password = md5('{$password}' LIMIT 1)
- Save the user ID in a session - being an experienced programmer, you've gotta know them right?
PHP Code:<?php
session_start(); //before ANYTHING is output, but after any class definitions
/*
* saving the session:
*/
$_SESSION['user_id'] = $userId;
$_SESSION['logged_in'] = true;
/*
* Getting the data:
*/
if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] === true){
$userId = $_SESSION['user_id'];
$getDetails = mysql_query("SELECT blah FROM table WHERE userID = {$userId}");
//....etc
}
Easy concept to grasp.Jake Arkinstall
"Sometimes you don't need to reinvent the wheel;
Sometimes its enough to make that wheel more rounded"-Molona
-
Sep 7, 2008, 20:18 #12
- Join Date
- Sep 2006
- Posts
- 398
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
what about password hashing, password recovery, account confirmation, remember me feature, etc... yeah, what to you described is simple, but all that other stuff starts getting pretty complicated
-
Sep 7, 2008, 22:02 #13
- Join Date
- Mar 2008
- Posts
- 1,149
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
It's not complicated. It's just a pain, I have to admit. You need, for a decent, non-annoying login system:
- Session support
- Registration
- Registration CAPTCHA prompt
- Registration flood detection
- Registration logs
- Email confirmation for registration
- Login page
- Logout page
- Remember me
- Username recovery
- Password recovery + password change form
- Email address change page
- Email confirmation for email change
- Password change page
- Cookie support check on login (if only cookies are used)
- Failed login log
- Brute force detection
- Captcha prompt once a brute force is detected (better than a complete block, in my opinion, because sometimes people are genuinely trying to guess their username/password because they lost access to their email)
- Blocking mechanism past a limit
- Temporary session IDs to validate actions that could be hijacked via CSRF (i.e. so logouts can't be triggered via a CSRF)
- Redirect-after-login support
- Redirect URL validation (i.e. no redirect to /logout.php)
And then... let's not forget: what about all the user administration pages you also need? Permissions support, etc.?
-
Sep 7, 2008, 22:19 #14
- Join Date
- Feb 2008
- Location
- Atlit, Israel
- Posts
- 470
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
All that can be + more customizations can be achieved within an hour on a good day.
On a normal day, with snacks and TV shows in between, and maybe even some online FPS action before taking out the trash, you can achieve this too.
It's a one day project. I don't see what the big deal is here. Do it on a Saturday instead of going out, if it means that much to you.
And sessions aren't that hard to understand. If you just want to know how to use them and not realize how they work (serialization, hashed ids, cookies, etc) - the idea is simple. - Session variables are variables that exist from the moment you created them to the moment you closed your browser.... or... deleted them yourself. You can manipulate, set, change and delete session variables after calling the function session_start() before you send your headers - or if you don't know much about headers - just call that function in the first line of your file.
You can access session variables in the global array, $_SESSION.
Hope this helped. All the rest - Google for it! If you can't understand something, post here and we'll be sure to help you out.
For the record, most of the people here don't use login scripts anyway since we make our own, so that's probably why no one here answered your question. We simply don't know, because we never got into it... So if you want help, there's plenty to go around... But going around the web looking for good scripts isn't what people in the PHP forum do. What we do is submitting our scripts so people like you can download and use them.
So again, if you need help with creating your own system - we'll be happy to assist. If that's not what you're looking for... You'll have to look somewhere else, then.Learn about the new Retro Framework
Code PHP the way it was meant to be coded!
-
Sep 8, 2008, 14:24 #15
- Join Date
- Mar 2008
- Posts
- 1,149
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
- Registration (3: form, success, email confirmation page)
- Login (3: form+captcha, login processor, post login for cookie support check)
- Username/password recovery (4: form, username recovery page, password recovery change form, password recovery page)
- Logout (1: success)
- Email address change (3: form, success, email confirmation page)
- Password change: (2: form, success)
That's 16 pages, and that's not including all the user management and user permission pages. Throw in 10 more for that. Not to mention, you'd have to write code that's not directly related to the page (permissions API, sessions API if you're using something non-standard, etc.).
Not everyone's day consists of just watching TV and playing FPS games.
-
Sep 8, 2008, 19:28 #16
- Join Date
- Sep 2006
- Posts
- 398
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
-
Sep 8, 2008, 20:35 #17
- Join Date
- Feb 2008
- Location
- Atlit, Israel
- Posts
- 470
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Understand what? The laziness? You'd be surprised how easy it is to find lazy people. If that's the kind of answer you want to get - look in another place.
Everything sk89q mentioned there is can actually be done with many less files, if you don't repeat your code and use logical techniques and conditions.
You know what, if you'd pay me, I'll prove you wrong by completing all of this in under 4 hours of non-intense work.
And I'm sorry I just can't allow myself to ignore the b-comment
Not everyone's day consists of just watching TV and playing FPS games.
For the record, I'm joining the army in 2 months, lots of interviews almost every day, I am still studying for MCPD tests (70-536 by Microsoft, download the test and tell me if you understand a word of the 230 questions I already memorized by heart), other than that I have to also study a 1,080 pages study book about threading, configuration, application domains, memory allocation, instrumentation, security, globalization and more (and that's just the second of 5 exams), and in between all of that - I write in-depth tutorials in my blog and work to save money to fly with my fiancee just 2 weeks before I leave for the army.
So no, I don't sit around and watch TV and play FPS games all day. I was trying to make a point with a friendly association.Learn about the new Retro Framework
Code PHP the way it was meant to be coded!
-
Sep 8, 2008, 20:50 #18
- Join Date
- Sep 2006
- Posts
- 398
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
wow dude, no ones attacking you here. its not laziness, i just have better things to do than code a login script which might or might not be good... why is it so hard to understand that id rather use something thats premade and that a lot of other people have used, so i can have peace of mind that its secure
-
Sep 8, 2008, 20:56 #19
- Join Date
- Feb 2008
- Location
- Atlit, Israel
- Posts
- 470
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I have a mental issue with this kind of comments.
Anyway, if you read what I said before - this is not the best place to ask where to get a pre-made script, since most people here don't know.
Not to mention, there is a very obvious sticky thread in this forum:
http://www.sitepoint.com/forums/showthread.php?t=463100Learn about the new Retro Framework
Code PHP the way it was meant to be coded!
-
Sep 9, 2008, 10:27 #20
- Join Date
- May 2006
- Location
- Lancaster University, UK
- Posts
- 7,062
- Mentioned
- 2 Post(s)
- Tagged
- 0 Thread(s)
i just have better things to do than code a login script which might or might not be good...
Franco, I can really see what you mean here. You don't really bother with making yourself better, your current skill is more than sufficient to get the basics done, and why learn anything else if you can grab easily available scripts off the internet?
If that really is your point of view... I think you need to reassess.Jake Arkinstall
"Sometimes you don't need to reinvent the wheel;
Sometimes its enough to make that wheel more rounded"-Molona
-
Sep 17, 2008, 01:24 #21
- Join Date
- Sep 2006
- Location
- Nottingham, UK
- Posts
- 3,133
- Mentioned
- 1 Post(s)
- Tagged
- 0 Thread(s)
Guys, all he is asking for is a simple login script. So he doesn't want to learn to write one himself at this moment, does it matter?
Do any of you use phpbb or do you code your own forum? What about other third party software?
Stop being so hostile and unhelpful towards the guy. He asked a perfectly reasonable question, if you aren't willing to help him with it then seriously, don't bother posting.
Sorry franco, I'm afraid I don't know of anything that might help, but looking on google might give you some results.
-
Sep 17, 2008, 10:44 #22
- Join Date
- May 2006
- Location
- Lancaster University, UK
- Posts
- 7,062
- Mentioned
- 2 Post(s)
- Tagged
- 0 Thread(s)
It's tough love, honest.
The best help you can give to a guy is teach him how to do it himself. You know, teach a man to fish...
It's a very simple task, and if he wrote it himself he could ready-make it for integration to his site.
The lazy way is the hardest way in the end.Jake Arkinstall
"Sometimes you don't need to reinvent the wheel;
Sometimes its enough to make that wheel more rounded"-Molona
-
Sep 17, 2008, 13:09 #23
-
Sep 17, 2008, 16:42 #24
Attention everyone:
Coming from the mind of a programmer, maybe it's wrong for the original poster to have a belief that a "canned solution" is the proper way through this hurdle, but on the flip side of the coin, maybe this person has a different set of priorities? Maybe he is no web developer? Maybe he has classes to worry about...? Maybe he has a girlfriend...? I mean, c'mon--we all know how much time they consume!
Not everyone has hacked into the Pentagon at age 3 or overthrown the Chinese government with the click of a button on a Saturday before cartoons start.
Just some food for thought guys... Not everyone is a programming God like some of you are around whom we all worship to no end.
-
Sep 17, 2008, 17:02 #25
- Join Date
- Feb 2008
- Location
- Atlit, Israel
- Posts
- 470
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Oh I just love it when people assume you have no life other than staring at matrix code if you know how to program.
Like I said, if all he wants is to get a click & install script - then this isn't the right place anyway. It says so in the rules, too.Learn about the new Retro Framework
Code PHP the way it was meant to be coded!
Bookmarks