SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 39
  1. #1
    SitePoint Addict
    Join Date
    Sep 2006
    Posts
    398
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    what login script do you use?

    ive been using this one for a while

    http://www.roscripts.com/PHP_login_script-143.html

    but it seems really simple, and im not too sure about its security. does anyone recommend a different one (thats free)

    thanks

  2. #2
    Coding and Breathing CoderMaya's Avatar
    Join Date
    Feb 2008
    Location
    Atlit, Israel
    Posts
    470
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What do you want to achieve? Just a simple way to password protect a certain page?
    Learn about the new Retro Framework
    Code PHP the way it was meant to be coded!

  3. #3
    SitePoint Addict
    Join Date
    Sep 2006
    Posts
    398
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thats what ive been using it for so far, but now i need to make a full on user system which im hoping will become pretty large

  4. #4
    Coding and Breathing CoderMaya's Avatar
    Join Date
    Feb 2008
    Location
    Atlit, Israel
    Posts
    470
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    And why not code one yourself?
    Learn about the new Retro Framework
    Code PHP the way it was meant to be coded!

  5. #5
    SitePoint Addict
    Join Date
    Sep 2006
    Posts
    398
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    id rather use a premade script and not have to worry if its secure or not.... so, no suggestions

  6. #6
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by franco
    id rather use a premade script
    Programming Learning Mistake #1 there.

    If you want to learn, learn how login systems work and write one yourself (and learn sessions inside out). If you don't know how secure it is - post your script and we'll be more than glad to assist you with it.

    If you don't want to learn, I'd have to wonder why you're even on SitePoint.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  7. #7
    SitePoint Addict
    Join Date
    Sep 2006
    Posts
    398
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by arkinstall View Post
    Programming Learning Mistake #1 there.

    If you want to learn, learn how login systems work and write one yourself (and learn sessions inside out).
    yeah, but you see, i dont want to learn how it works, i just want one that does work... could you a have a look at the one i linked in my first post and tell me if that one is secure

    thanks

  8. #8
    SitePoint Zealot topgrade's Avatar
    Join Date
    Jun 2007
    Posts
    171
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    if you don't want to learn and even don't know about the security issues & suppose two people says it is secure & two says it is not! then to whom will you believe?
    DoFollow Backlink Checker | Internet Marketing and SEO Forums

    22,000+ List of Directories to submit your site. List of Blogs, Forums, Press Release, Social Media... (sort by PR & Alexa)

  9. #9
    Coding and Breathing CoderMaya's Avatar
    Join Date
    Feb 2008
    Location
    Atlit, Israel
    Posts
    470
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Come on, you've been on SitePoint long enough... Ain't it time you started learning some PHP?
    Learn about the new Retro Framework
    Code PHP the way it was meant to be coded!

  10. #10
    SitePoint Addict
    Join Date
    Sep 2006
    Posts
    398
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    seriously you guys, i know more than enough php, and have coded plenty of sites. did i post this in the wrong forum category? or should i have posted it in the Scripts and Online Services category because thats all i want, someone to point me in the direction of a decent login script. when i want to learn sessions and all that, i will, and im sure its not even that difficult, but at the moment, i got to much crap in my head, so can someone please just help me out

    if someone came here asking whats a good bloggin script, you wouldnt try to teach him how to code a blog would you?

  11. #11
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    seriously you guys
    We are being serious. It seems you aren't.

    someone to point me in the direction of a decent login script
    Open notepad, start typing. Voila!

    if someone came here asking whats a good bloggin script, you wouldnt try to teach him how to code a blog would you?
    No because a blog is a big project.

    A login system... I made those when I was 13 (Ok yes I made a decently-featured blog when I was 14 but that's not the point here).

    They are basic and involve no learning other than sessions and maybe MD5.

    Simple stuff:
    1. Create a table for users, with a primary key, their username, their password (quite a few chars long because it's going to be MD5ed) and any other details you want
    2. Make a registration form which inserts stuff into the database
    3. Make a login form. This runs a simple query:
      Code sql:
      SELECT id, someothercolumn, etc FROM TABLE WHERE username = '{$username}' AND password = md5('{$password}' LIMIT 1)
      Then count the rows - if none, then they gave the wrong details. If there is one, grab the info into an array or object
    4. Save the user ID in a session - being an experienced programmer, you've gotta know them right?
      PHP Code:
      <?php
      session_start
      (); //before ANYTHING is output, but after any class definitions
      /*
       * saving the session:
       */
      $_SESSION['user_id'] = $userId;
      $_SESSION['logged_in'] = true;
      /*
       * Getting the data:
       */
      if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] === true){
          
      $userId $_SESSION['user_id'];
          
      $getDetails mysql_query("SELECT blah FROM table WHERE userID = {$userId}");
          
      //....etc
      }

    Easy concept to grasp.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  12. #12
    SitePoint Addict
    Join Date
    Sep 2006
    Posts
    398
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    what about password hashing, password recovery, account confirmation, remember me feature, etc... yeah, what to you described is simple, but all that other stuff starts getting pretty complicated

  13. #13
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's not complicated. It's just a pain, I have to admit. You need, for a decent, non-annoying login system:
    1. Session support
    2. Registration
    3. Registration CAPTCHA prompt
    4. Registration flood detection
    5. Registration logs
    6. Email confirmation for registration
    7. Login page
    8. Logout page
    9. Remember me
    10. Username recovery
    11. Password recovery + password change form
    12. Email address change page
    13. Email confirmation for email change
    14. Password change page
    15. Cookie support check on login (if only cookies are used)
    16. Failed login log
    17. Brute force detection
    18. Captcha prompt once a brute force is detected (better than a complete block, in my opinion, because sometimes people are genuinely trying to guess their username/password because they lost access to their email)
    19. Blocking mechanism past a limit
    20. Temporary session IDs to validate actions that could be hijacked via CSRF (i.e. so logouts can't be triggered via a CSRF)
    21. Redirect-after-login support
    22. Redirect URL validation (i.e. no redirect to /logout.php)

    And then... let's not forget: what about all the user administration pages you also need? Permissions support, etc.?

  14. #14
    Coding and Breathing CoderMaya's Avatar
    Join Date
    Feb 2008
    Location
    Atlit, Israel
    Posts
    470
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by sk89q View Post
    It's not complicated. It's just a pain, I have to admit. You need, for a decent, non-annoying login system:
    1. Session support
    2. Registration
    3. Registration CAPTCHA prompt
    4. Registration flood detection
    5. Registration logs
    6. Email confirmation for registration
    7. Login page
    8. Logout page
    9. Remember me
    10. Username recovery
    11. Password recovery + password change form
    12. Email address change page
    13. Email confirmation for email change
    14. Password change page
    15. Cookie support check on login (if only cookies are used)
    16. Failed login log
    17. Brute force detection
    18. Captcha prompt once a brute force is detected (better than a complete block, in my opinion, because sometimes people are genuinely trying to guess their username/password because they lost access to their email)
    19. Blocking mechanism past a limit
    20. Temporary session IDs to validate actions that could be hijacked via CSRF (i.e. so logouts can't be triggered via a CSRF)
    21. Redirect-after-login support
    22. Redirect URL validation (i.e. no redirect to /logout.php)

    And then... let's not forget: what about all the user administration pages you also need? Permissions support, etc.?
    All that can be + more customizations can be achieved within an hour on a good day.

    On a normal day, with snacks and TV shows in between, and maybe even some online FPS action before taking out the trash, you can achieve this too.

    It's a one day project. I don't see what the big deal is here. Do it on a Saturday instead of going out, if it means that much to you.

    And sessions aren't that hard to understand. If you just want to know how to use them and not realize how they work (serialization, hashed ids, cookies, etc) - the idea is simple. - Session variables are variables that exist from the moment you created them to the moment you closed your browser.... or... deleted them yourself. You can manipulate, set, change and delete session variables after calling the function session_start() before you send your headers - or if you don't know much about headers - just call that function in the first line of your file.

    You can access session variables in the global array, $_SESSION.

    Hope this helped. All the rest - Google for it! If you can't understand something, post here and we'll be sure to help you out.

    For the record, most of the people here don't use login scripts anyway since we make our own, so that's probably why no one here answered your question. We simply don't know, because we never got into it... So if you want help, there's plenty to go around... But going around the web looking for good scripts isn't what people in the PHP forum do. What we do is submitting our scripts so people like you can download and use them.

    So again, if you need help with creating your own system - we'll be happy to assist. If that's not what you're looking for... You'll have to look somewhere else, then.
    Learn about the new Retro Framework
    Code PHP the way it was meant to be coded!

  15. #15
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    • Registration (3: form, success, email confirmation page)
    • Login (3: form+captcha, login processor, post login for cookie support check)
    • Username/password recovery (4: form, username recovery page, password recovery change form, password recovery page)
    • Logout (1: success)
    • Email address change (3: form, success, email confirmation page)
    • Password change: (2: form, success)


    That's 16 pages, and that's not including all the user management and user permission pages. Throw in 10 more for that. Not to mention, you'd have to write code that's not directly related to the page (permissions API, sessions API if you're using something non-standard, etc.).

    Not everyone's day consists of just watching TV and playing FPS games.

  16. #16
    SitePoint Addict
    Join Date
    Sep 2006
    Posts
    398
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by sk89q View Post
    • Registration (3: form, success, email confirmation page)
    • Login (3: form+captcha, login processor, post login for cookie support check)
    • Username/password recovery (4: form, username recovery page, password recovery change form, password recovery page)
    • Logout (1: success)
    • Email address change (3: form, success, email confirmation page)
    • Password change: (2: form, success)


    That's 16 pages, and that's not including all the user management and user permission pages. Throw in 10 more for that. Not to mention, you'd have to write code that's not directly related to the page (permissions API, sessions API if you're using something non-standard, etc.).

    Not everyone's day consists of just watching TV and playing FPS games.
    thank you... finaly someone who understands

  17. #17
    Coding and Breathing CoderMaya's Avatar
    Join Date
    Feb 2008
    Location
    Atlit, Israel
    Posts
    470
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by franco714 View Post
    thank you... finaly someone who understands
    Understand what? The laziness? You'd be surprised how easy it is to find lazy people. If that's the kind of answer you want to get - look in another place.

    Everything sk89q mentioned there is can actually be done with many less files, if you don't repeat your code and use logical techniques and conditions.


    You know what, if you'd pay me, I'll prove you wrong by completing all of this in under 4 hours of non-intense work.

    And I'm sorry I just can't allow myself to ignore the b-comment
    Not everyone's day consists of just watching TV and playing FPS games.
    Actually, as you could have seen, I was talking about a Saturday you'd do it while obviously giving up on other stuff, if it means so much.

    For the record, I'm joining the army in 2 months, lots of interviews almost every day, I am still studying for MCPD tests (70-536 by Microsoft, download the test and tell me if you understand a word of the 230 questions I already memorized by heart), other than that I have to also study a 1,080 pages study book about threading, configuration, application domains, memory allocation, instrumentation, security, globalization and more (and that's just the second of 5 exams), and in between all of that - I write in-depth tutorials in my blog and work to save money to fly with my fiancee just 2 weeks before I leave for the army.

    So no, I don't sit around and watch TV and play FPS games all day. I was trying to make a point with a friendly association.
    Learn about the new Retro Framework
    Code PHP the way it was meant to be coded!

  18. #18
    SitePoint Addict
    Join Date
    Sep 2006
    Posts
    398
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    wow dude, no ones attacking you here. its not laziness, i just have better things to do than code a login script which might or might not be good... why is it so hard to understand that id rather use something thats premade and that a lot of other people have used, so i can have peace of mind that its secure

  19. #19
    Coding and Breathing CoderMaya's Avatar
    Join Date
    Feb 2008
    Location
    Atlit, Israel
    Posts
    470
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have a mental issue with this kind of comments.

    Anyway, if you read what I said before - this is not the best place to ask where to get a pre-made script, since most people here don't know.

    Not to mention, there is a very obvious sticky thread in this forum:
    http://www.sitepoint.com/forums/showthread.php?t=463100
    Learn about the new Retro Framework
    Code PHP the way it was meant to be coded!

  20. #20
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    i just have better things to do than code a login script which might or might not be good...
    The great geniuses had to learn to read and write.

    Franco, I can really see what you mean here. You don't really bother with making yourself better, your current skill is more than sufficient to get the basics done, and why learn anything else if you can grab easily available scripts off the internet?

    If that really is your point of view... I think you need to reassess.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  21. #21
    SitePoint Wizard silver trophybronze trophy Stormrider's Avatar
    Join Date
    Sep 2006
    Location
    Nottingham, UK
    Posts
    3,133
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Guys, all he is asking for is a simple login script. So he doesn't want to learn to write one himself at this moment, does it matter?

    Do any of you use phpbb or do you code your own forum? What about other third party software?

    Stop being so hostile and unhelpful towards the guy. He asked a perfectly reasonable question, if you aren't willing to help him with it then seriously, don't bother posting.

    Sorry franco, I'm afraid I don't know of anything that might help, but looking on google might give you some results.

  22. #22
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    It's tough love, honest.

    The best help you can give to a guy is teach him how to do it himself. You know, teach a man to fish...

    It's a very simple task, and if he wrote it himself he could ready-make it for integration to his site.

    The lazy way is the hardest way in the end.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  23. #23
    SitePoint Wizard silver trophybronze trophy Stormrider's Avatar
    Join Date
    Sep 2006
    Location
    Nottingham, UK
    Posts
    3,133
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I understand that, but you don't know his situation, why he is looking for a script instead of doing it himself.

    He clearly isn't interested in coding it himself, so posting again and again telling him you think that's what he should do isn't helping anything.

  24. #24
    SitePoint Wizard Wolf_22's Avatar
    Join Date
    Jul 2005
    Posts
    1,700
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Attention everyone:

    Coming from the mind of a programmer, maybe it's wrong for the original poster to have a belief that a "canned solution" is the proper way through this hurdle, but on the flip side of the coin, maybe this person has a different set of priorities? Maybe he is no web developer? Maybe he has classes to worry about...? Maybe he has a girlfriend...? I mean, c'mon--we all know how much time they consume!

    Not everyone has hacked into the Pentagon at age 3 or overthrown the Chinese government with the click of a button on a Saturday before cartoons start.

    Just some food for thought guys... Not everyone is a programming God like some of you are around whom we all worship to no end.

  25. #25
    Coding and Breathing CoderMaya's Avatar
    Join Date
    Feb 2008
    Location
    Atlit, Israel
    Posts
    470
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Oh I just love it when people assume you have no life other than staring at matrix code if you know how to program.

    Like I said, if all he wants is to get a click & install script - then this isn't the right place anyway. It says so in the rules, too.
    Learn about the new Retro Framework
    Code PHP the way it was meant to be coded!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •