Page 1 of 1

Login Page help?

Posted: Tue Apr 01, 2008 9:04 am
by dave_55
Hi I have already created this simple login page that works. Can anyone help me, i would like the user to be able to register themselfs a USERNAME AND PASSWORD so that the admin wont have to input their details into a database????

How is this done and can anyone show me please??

My code already is:

checklogin.php

<?php
$host = "localhost"; //login to the server
$username = "Dave"; //username login
$password = "*****"; //password login
$db_name = "logintest"; //database name change to lincoln
$tbl_name = "members"; //members tabel

$db = mysql_pconnect($host, $username, $password) or trigger_error(mysql_error(),E_USER_ERROR);
// Check user inputs against database.

$myusername = $_POST['myusername'];
$mypassword = $_POST['mypassword'];
session_start();

mysql_select_db($db_name, $db);
$query_check = sprintf("SELECT * FROM $tbl_name WHERE username = '$myusername'");
$check = mysql_query($query_check) or die(mysql_error());
$row_check = mysql_fetch_assoc($check);
$totalRows_check = mysql_num_rows($check);

// If the passwords match.
if($mypassword == $row_check['password'])

{
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}

else {
echo "Wrong Username or Password";
}
?>

login_success.php
<?
session_start();
if (!session_is_registered(myusername)) {
header ("location:login.php");
}
?>

<html>
<head><title>welcome</title>
</head>
<body>
<h1>Login Successsful</h1>

<p>
<a href="logout.php">Log Out!</a></p>

</body>
</html>

logout.php
<?
session_start();
session_destroy();
?>

<html>
<head><title>Thanks</title>
</head>
<body>
<h1>You've Logged Out</h1>


</body>
</html>

login.php
<head>

<title>login page</title>

<style type = "text/css">
#loginform {
border 2px solid #600;
background-colour: #FFC;
width: 280px
}

forms {
margins: 5px;
}

label {
display: block;
width: 90px;
float: left;
clear: both;
}

label, input {
margin-bottom: 4px;
}

</style>
</head>
<body>

<div id ="loginform">
<form method="post" action="checklogin.php" name="form1">
<label for = "username">Username:</label>
<input type="text" name="myusername" id="username" />
<label for = "password">Password:</label>
<input type="text" name="mypassword" id="password" />
<input type="submit" name="submit" value="Login" />



</div>


</body>
</html>

Re: Login Page help?

Posted: Tue Apr 01, 2008 9:18 am
by aceconcepts
Without using a database you will never actually store their details.

If this is the case then you could use encoded SESSIONS.

Re: Login Page help?

Posted: Tue Apr 01, 2008 9:25 am
by dave_55
Hey again,

No I dont mind using a database as i already have one for the login, i just didnt want a administrator to have to input the info by hand.

So next to the login button there would be a registration page instead. Is there any tutorials i can look at for this???

Re: Login Page help?

Posted: Tue Apr 01, 2008 9:37 am
by aceconcepts
This is a good site for beginners and reference: http://www.tizag.com/

Have you ever created html forms before?

Re: Login Page help?

Posted: Tue Apr 01, 2008 9:44 am
by thaynejo
I recently set up a registration page for a site I worked on. I recommend using code similar to the following when storing the data in the database:

Code: Select all

 
$salt = "f34Afag4fAASDF";  \\ Random character string (put into a config.php file that is included on every page)
$query = "INSERT INTO table (username, password) VALUES (" . $_POST['username'] . ", " . md5($salt . $_POST['password']) . ")";
mysql_query($sql);
 
Then you just need to create a form that will collect the information you need from the user and POST it to a page with the above code. Then when verifying the login, you need to make the following change as well:

Code: Select all

// If the passwords match.
if(md5($salt . $mypassword) == $row_check['password'])
And do that every time you verify the password.

I also recommend that the variables for the database connection be stored in the config.php file mentioned earlier. That way if they change for whatever reason, you do not have to search through every page to make the change.

Re: Login Page help?

Posted: Tue Apr 01, 2008 9:59 am
by aceconcepts
Do remember that you cannot decode MD5 - it is a one-way encryption method!

Re: Login Page help?

Posted: Tue Apr 01, 2008 10:53 am
by AMCH
On a side-note to encryption, I tend to use the password variable as the salt as well which means it's different for everyone (assuming their passwords are different). It basically takes what they enter as their password and encrypts it using itself as the salt.

Example:

Code: Select all

$encrypted_password = crypt($password, $password);