...

View Full Version : Login Script



MPCODER
01-09-2004, 05:00 PM
Hello,
I made a search for a login script and didn't found it.
Can anyone give me a script that looks in a .DB file if the username and password match, and if they do take you to a secured page, is it possible that you can only enter that page using the login, with cookies/sessions? Is this all possible without MySQL, i think it is, because i can login to my FusionNews and my host doesn't allow MySQL. Please give me a script if it exist, and please also tell me what i should type in the .DB file and in the secured page.
Cheers MPCODER

Celtboy
01-09-2004, 05:55 PM
Unfortunately, there is no simple answer to a question like that. There are tons of scripts out there. Change your searches to something similar to "php user authentication script" or something like that.

Here are a few different links:
http://www.phpbuilder.com/lists/php-windows/2001012/0047.php

http://www.hotscripts.com/PHP/Scripts_and_Programs/User_Authentication/

http://www.codingforums.com/showthread.php?s=&threadid=31197

MPCODER
01-09-2004, 07:12 PM
Ok now i have this code:
[EDIT: DON'T MIND! I FIGURED IT OUT MYSELF!]

dniwebdesign
01-09-2004, 10:25 PM
Originally posted by Celtboy
Unfortunately, there is no simple answer to a question like that. There are tons of scripts out there. Change your searches to something similar to "php user authentication script" or something like that.

Here are a few different links:
http://www.phpbuilder.com/lists/php-windows/2001012/0047.php

http://www.hotscripts.com/PHP/Scripts_and_Programs/User_Authentication/

http://www.codingforums.com/showthread.php?s=&threadid=31197

Hey cool, my topic and code is referenced by someone... hehehe...

Celtboy
01-10-2004, 08:26 AM
Originally posted by dniwebdesign
Hey cool, my topic and code is referenced by someone... hehehe... Ya never know when you've said something useful. :thumbsup:

bored
01-11-2004, 03:26 AM
I wrote one:

http://unlagged.org/source.php?t=vs&id=57&cat=1

raf
01-11-2004, 04:07 AM
Originally posted by Celtboy about
http://www.codingforums.com/showthr...&threadid=31197
Ya never know when you've said something useful. :thumbsup:

It contains a few serious problems though.
Its not sql-injection proof because the username and password aren't check against sql-wildcards.
On top of that, there is no check to verify if there is only one record returned which should be done for obvious reasons --> the usrname should be unique.
So if i perform an sql-injection attack, the query will be ran, and i will be logged in with the useraccount that is processed first.

So it wount stand a chance against any serious hacking attempt.

On top of that, there is no errorhandling, no counter to see how many trials the user allready had (which sets the door wide open for brute force attacks), no minimum lengthcount, the pwd isn't hashed etc .

My most recent atempt to a secure loginscript contains about 1000 lines of php code and there are still a few extras i'd like to include.

I would take a look at hotscripts.com where you'll find plenty of tutorials and scripts.

If you need something without a db, then check out this.
It will be a lott more secure then the code from the above link since you at least need to know the pasword ...
http://www.codingforums.com/showthread.php?s=&threadid=10114&highlight=login

dniwebdesign
01-11-2004, 06:58 AM
They are unique. The usernames are my clients account numbers. It's an online client area system. Also they aren't hashed YET, I may implement this in the future but I wanted to make sure I had it working first.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum