Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 13 of 13
  1. #1
    New to the CF scene
    Join Date
    Dec 2005
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    How to make a secure login

    I was wondering if any of you could help me out with a secure log in system? I already have A mysql. I just need to know how to make a secure log in, thanks.

  • #2
    New Coder
    Join Date
    Dec 2005
    Location
    Shanghai China
    Posts
    27
    Thanks
    0
    Thanked 0 Times in 0 Posts
    get the passwd and use MD5 or SHA1 or SHA256 and etc, to hash the passwd, if the hash result is same to what stored in the database, the user is vaild
    programmers all over the world can make friends with each other here:

    http://enbbs.firstdev.net

  • #3
    New to the CF scene
    Join Date
    Dec 2005
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Ok, let me also state this. Me = n00bie.

  • #4
    New Coder
    Join Date
    Dec 2005
    Posts
    24
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Kione
    I was wondering if any of you could help me out with a secure log in system? I already have A mysql. I just need to know how to make a secure log in, thanks.
    Kione, here are some search results from this forum. I haven't looked through them, so I don't know how many actually have the code. http://www.codingforums.com/search.php?searchid=474297
    Web hosting...webmaster support http://www.eofficeprofessionals.com/forums
    Offer solutions-not criticism.

  • #5
    New to the CF scene
    Join Date
    Dec 2005
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Could someone please write me a script? All I want, is a log in system.

    A simple log in system is fine, all I need to do to edit it, is to be able to add usernames and passwords. Or let others register.

  • #6
    Regular Coder
    Join Date
    Jul 2005
    Location
    LA, California
    Posts
    202
    Thanks
    0
    Thanked 0 Times in 0 Posts
    here is a basic membersystem which has a secure login
    -=-=-=-=-=-=-=-=-=-=-=-
    create table
    PHP Code:
    CREATE TABLE `users` (
      `
    idbigint(20NOT NULL auto_increment,
      `
    uservarchar(30NOT NULL default '',
      `
    passvarchar(30NOT NULL default '',
      `
    emailvarchar(50NOT NULL default '',
      
    PRIMARY KEY  (`id`),
      
    UNIQUE KEY `user` (`user`)
    TYPE=MyISAM AUTO_INCREMENT=
    and conn.php
    PHP Code:
    <?php
    session_start
    ();
    $user_nam "";
    $pass_name "";
    $db_nam "";
    $conn mysql_pconnect("localhost""$user_nam""$pass_nam") or die(mysql_error());
    $db mysql_select_db("$db_nam"$conn) or die(mysql_error());
    ?>
    then register.php
    PHP Code:
    <?php require("conn.php"); ?>
    <div align="center">
    <?php
    if ($_GET['submit']) {
    $pass trim($_POST['pass']);
    $pass2 trim($_POST['pass2']);
    $user trim($_POST['user']);
    $email trim($_POST['email']);
    $email2 trim($_POST['email2']);
    if (
    $pass != $pass2) {
    print 
    "Please confirm your password. <br> <a href=\"javascript:history.back(-1)\">Go Back</a>";
    exit;
    }
    elseif (
    $email != $email2) {
    print 
    "Please confirm your email. <br> <a href=\"javascript:history.back(-1)\">Go Back</a>";
    exit;
    }
    $pass md5($pass);
    $user_taken mysql_num_rows(mysql_query("SELECT * FROM users WHERE user = '$user'"));
    if (
    $user_taken 0) {
    print 
    "Sorry, that username has already been taken. <br> <a href=\"javascript:history.back(-1)\">Go Back</a>";
    } elseif(
    mysql_query("INSERT INTO users VALUES('', '$user', '$pass', 'email')")) {
    print 
    "You have successfully registered. <br>Thank you for registering<br>";
    } else {
    print 
    "An unknown error occured. <br> <a href=\"javascript:history.back(-1)\">Go Back</a>";
    }
    }
    if (!
    $_GET['submit']) {
    ?>
    <br>
    <table width="375" border="0" cellspacing="1" bgcolor="#666666">
      <tr>
        <td align="center" bgcolor="#EAEAEA">Sign Up!</td>
      </tr>
      <tr>
        <td align="center" bgcolor="#EAEAEA"><form name="form1" method="post" action="?submit=true">
          Choose Username: 
          <input name="user" type="text" id="user">
          <br>
          Choose Password: 
          <input name="pass" type="text" id="pass">
          <br>
          Confirm Password:
          <input name="pass2" type="text" id="pass2">
          <br>
          Valid Email
          <input name="email" type="text" id="email">
          <br>
          Confirm Email:
          <input name="email2" type="text" id="email2">
          <br>
          <input type="submit" name="Submit" value="Loign>
          <br>
        </form></td>
      </tr>
    </table><? ?>
    <br>
    and login.php
    PHP Code:
    <? require("conn.php"); ?>
    <div align="center">
    <?php
    if ($_GET['login']) {
    $user $_POST['user'];
    $pass md5($_POST['pass']);
    $sql mysql_query("SELECT * FROM users WHERE user = '$user' AND pass = '$pass'"$conn) or die(mysql_error());
    if (
    mysql_num_rows($sql) == 1) {
    $error false;
    $_SESSION['user'] = $user;
    print 
    "<br> You are now logged in.<br>";
    } else {
    $error "Incorrect username or password!";
    }
    }
    ?>
    <div align="center">
    <?php
    if ($error) {
    print 
    $error;
    }
    ?>
    <?php 
    if (!$_SESSION['user'] AND !$_GET['login']) { ?>
    <table width="324" border="0" cellspacing="1" bgcolor="#666666">
        <tr>
          <td width="341" align="center" valign="top"> Login </td>
        </tr>
        <tr>
          <td align="center" valign="top" bgcolor="#EAEAEA"><form name="form1" method="post" action="?login=true">
            UserName: 
                <input name="user" type="text" id="user">
              <br>
            PassWord: 
            <input name="pass" type="password" id="pass">
            <br>
            <input type="submit" name="Submit" value="- Login -">
            <br>
            </form></td>
        </tr>
        <tr>
          <td align="center" valign="top"> </td>
        </tr>
      </table>
      <?php } elseif(!$_GET['login'] AND $_SESSION['user']) { print "<br>You are already logged in!<br>"; } ?>
      </div>
    then just include
    PHP Code:
    <?php if( !$_SESSION['user'] ){ ?>
    content here
    <?php ?>
    where you want the user to be logged in to be able to view content
    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    There are 3 kinds of ppl those who can count and those who cant
    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    Script-Megafest.com Coming Oh so very soon

  • #7
    Regular Coder
    Join Date
    Dec 2005
    Posts
    346
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Al_90
    here is a basic membersystem which has a secure login
    -=-=-=-=-=-=-=-=-=-=-=-
    create table
    PHP Code:
    CREATE TABLE `users` (
      `
    idbigint(20NOT NULL auto_increment,
      `
    uservarchar(30NOT NULL default '',
      `
    passvarchar(30NOT NULL default '',
      `
    emailvarchar(50NOT NULL default '',
      
    PRIMARY KEY  (`id`),
      
    UNIQUE KEY `user` (`user`)
    TYPE=MyISAM AUTO_INCREMENT=
    and conn.php
    PHP Code:
    <?php
    session_start
    ();
    $user_nam "";
    $pass_name "";
    $db_nam "";
    $conn mysql_pconnect("localhost""$user_nam""$pass_nam") or die(mysql_error());
    $db mysql_select_db("$db_nam"$conn) or die(mysql_error());
    ?>
    then register.php
    PHP Code:
    <?php require("conn.php"); ?>
    <div align="center">
    <?php
    if ($_GET['submit']) {
    $pass trim($_POST['pass']);
    $pass2 trim($_POST['pass2']);
    $user trim($_POST['user']);
    $email trim($_POST['email']);
    $email2 trim($_POST['email2']);
    if (
    $pass != $pass2) {
    print 
    "Please confirm your password. <br> <a href=\"javascript:history.back(-1)\">Go Back</a>";
    exit;
    }
    elseif (
    $email != $email2) {
    print 
    "Please confirm your email. <br> <a href=\"javascript:history.back(-1)\">Go Back</a>";
    exit;
    }
    $pass md5($pass);
    $user_taken mysql_num_rows(mysql_query("SELECT * FROM users WHERE user = '$user'"));
    if (
    $user_taken 0) {
    print 
    "Sorry, that username has already been taken. <br> <a href=\"javascript:history.back(-1)\">Go Back</a>";
    } elseif(
    mysql_query("INSERT INTO users VALUES('', '$user', '$pass', 'email')")) {
    print 
    "You have successfully registered. <br>Thank you for registering<br>";
    } else {
    print 
    "An unknown error occured. <br> <a href=\"javascript:history.back(-1)\">Go Back</a>";
    }
    }
    if (!
    $_GET['submit']) {
    ?>
    <br>
    <table width="375" border="0" cellspacing="1" bgcolor="#666666">
      <tr>
        <td align="center" bgcolor="#EAEAEA">Sign Up!</td>
      </tr>
      <tr>
        <td align="center" bgcolor="#EAEAEA"><form name="form1" method="post" action="?submit=true">
          Choose Username: 
          <input name="user" type="text" id="user">
          <br>
          Choose Password: 
          <input name="pass" type="text" id="pass">
          <br>
          Confirm Password:
          <input name="pass2" type="text" id="pass2">
          <br>
          Valid Email
          <input name="email" type="text" id="email">
          <br>
          Confirm Email:
          <input name="email2" type="text" id="email2">
          <br>
          <input type="submit" name="Submit" value="Loign>
          <br>
        </form></td>
      </tr>
    </table><? ?>
    <br>
    and login.php
    PHP Code:
    <? require("conn.php"); ?>
    <div align="center">
    <?php
    if ($_GET['login']) {
    $user $_POST['user'];
    $pass md5($_POST['pass']);
    $sql mysql_query("SELECT * FROM users WHERE user = '$user' AND pass = '$pass'"$conn) or die(mysql_error());
    if (
    mysql_num_rows($sql) == 1) {
    $error false;
    $_SESSION['user'] = $user;
    print 
    "<br> You are now logged in.<br>";
    } else {
    $error "Incorrect username or password!";
    }
    }
    ?>
    <div align="center">
    <?php
    if ($error) {
    print 
    $error;
    }
    ?>
    <?php 
    if (!$_SESSION['user'] AND !$_GET['login']) { ?>
    <table width="324" border="0" cellspacing="1" bgcolor="#666666">
        <tr>
          <td width="341" align="center" valign="top"> Login </td>
        </tr>
        <tr>
          <td align="center" valign="top" bgcolor="#EAEAEA"><form name="form1" method="post" action="?login=true">
            UserName: 
                <input name="user" type="text" id="user">
              <br>
            PassWord: 
            <input name="pass" type="password" id="pass">
            <br>
            <input type="submit" name="Submit" value="- Login -">
            <br>
            </form></td>
        </tr>
        <tr>
          <td align="center" valign="top"> </td>
        </tr>
      </table>
      <?php } elseif(!$_GET['login'] AND $_SESSION['user']) { print "<br>You are already logged in!<br>"; } ?>
      </div>
    then just include
    PHP Code:
    <?php if( !$_SESSION['user'] ){ ?>
    content here
    <?php ?>
    where you want the user to be logged in to be able to view content
    I got the sample script you provided in & working partly. I just can't login. I keep getting the bad un/pw message: Incorrect username or password! I double checked the files. They are exactly like you posted, just with my DB informatoin.

  • #8
    New Coder
    Join Date
    Dec 2005
    Location
    Dallas, TX
    Posts
    45
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Delete your old login row from the MySQL database and instead run this query:

    Code:
    INSERT INTO users (user, pass, email) VALUES ('your_user_name', MD5('your_password'), 'your_email');

    That should get it working.
    Owner - Osiris Incorporated

    PHP and MySQL pro, and always willing to help.

  • #9
    Regular Coder
    Join Date
    Dec 2005
    Posts
    346
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Osiris
    Delete your old login row from the MySQL database and instead run this query:

    Code:
    INSERT INTO users (user, pass, email) VALUES ('your_user_name', MD5('your_password'), 'your_email');

    That should get it working.
    The register.php page works. I can register & then view the information in the db. It just wont let me login when I use the login.php. It say the username & password are incorrect.

  • #10
    Senior Coder
    Join Date
    Apr 2005
    Location
    Colorado, United States
    Posts
    1,208
    Thanks
    0
    Thanked 0 Times in 0 Posts
    In order to further secure it, I'd use a sha1 hashing and append a salt to the end of the password, so that even if someone were to get your user table, and someone used the password 'password', a SHA1 bruteforce attack wouldn't decode it. It would need the salt in order to proceed. The basic theory is to use a long, random string, SHA1 it, then when you put the password into the db, or checked the password, you'd append it to the password. For example:

    User logs in (user: foo, password: bar) -> password becomes bar8c76020bbc646f4f7cd29ad36a5a1a236b68a282 -> sha1 password -> check db.

    User registers (user: foo2, password: bar2) -> password becomes bar28c76020bbc646f4f7cd29ad36a5a1a236b68a282 -> sha1 password -> insert row.

    The "salt" appended to the password stays the same no matter what...it's just a security feature to prevent anyone from easily bruteforcing the passwords should they manage to get a copy of the users table. This does not prevent it from your application.
    "$question = ( to() ) ? be() : ~be();"

  • #11
    Regular Coder
    Join Date
    Feb 2005
    Posts
    102
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Ok so if i was to make a tipping comp with the database could i just like put in the results and then like it would calculate everyones results through the database and tips they put in automatically?

  • #12
    New Coder
    Join Date
    Dec 2005
    Posts
    38
    Thanks
    0
    Thanked 0 Times in 0 Posts
    So with that code all i have to edit is put in the name of the MSQL database and user and pass?

  • #13
    Regular Coder
    Join Date
    Dec 2005
    Posts
    346
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by MarvinHalliwell
    So with that code all i have to edit is put in the name of the MSQL database and user and pass?
    I tried that. I can't get it to work for me.

    I have been testing different things. I think I have narrowed it down to a MD5 problem. I tested this & it works. I inserted a user & pass into MySQL DB via phpMyAdmin. The pass isn't in the MD5 format. It is regular plain text. I then removed the MD5 string from the Register & Login. I can register & login just fine now. I added the MD5 string back to the Register & Login pages. I keep getting this error displayed when I test the login with the MD5 in the Login page...

    Connected successfully to Database!

    Incorrect username or password!
    I added that Connected successfully to Database so that I could tell if I was getting connected & that was my problem. I am connecting just fine.

    PHP Code:
    <? require("conn.php"); ?>
    <div align="center">
    <?php

    if ($_GET['login']) {
    $user $_POST['user'];
    $pass $_POST['pass'];
    $sql mysql_query("SELECT * FROM users WHERE user = '$user' AND pass = '$pass'"$conn) or die(mysql_error());
    if (
    mysql_num_rows($sql) == 1) {
    $error false;
    $_SESSION['user'] = $user;
    print 
    "<br> You are now logged in.<br>";
    } else {
    $error "Incorrect username or password!";
    }
    }
    ?>
    <div align="center">
    <?php
    if ($error) {
    print 
    $error;
    }
    ?>
    <?php 
    if (!$_SESSION['user'] AND !$_GET['login']) { ?>
    <table width="324" border="0" cellspacing="1" bgcolor="#666666">
        <tr>
          <td width="341" align="center" valign="top"> Login </td>
        </tr>
        <tr>
          <td align="center" valign="top" bgcolor="#EAEAEA"><form name="form1" method="post" action="?login=true">
            UserName: 
                <input name="user" type="text" id="user">
              <br>
            PassWord: 
            <input name="pass" type="password" id="pass">
            <br>
            <input type="submit" name="Submit" value="- Login -">
            <br>
            </form></td>
        </tr>
        <tr>
          <td align="center" valign="top"> </td>
        </tr>
      </table>
      <?php } elseif(!$_GET['login'] AND $_SESSION['user']) { print "<br>You are already logged in!<br>"; } ?>
      </div>


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •