PHP Login Script Ready To Install and Configure??

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
french2080
Forum Newbie
Posts: 6
Joined: Wed Apr 16, 2008 12:34 pm

PHP Login Script Ready To Install and Configure??

Post by french2080 »

Hello,

Does anyone know of an already built and script for user login accounts for download????? Similar to wordpress, except without the blog, just the database creations and local host info. That would be great for me study while I duplicate one on my website.

-Chad-
samb0057
Forum Commoner
Posts: 27
Joined: Wed Mar 26, 2008 9:51 am

Re: PHP Login Script Ready To Install and Configure??

Post by samb0057 »

Check out my blog at http://www.sambarrow.com.

There is an advanced login script on there that includes brute-force protection (user is allowed X login attempts before they are locked out for N minutes).
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: PHP Login Script Ready To Install and Configure??

Post by Mordred »

samb0057 wrote:There is an advanced login script on there that includes brute-force protection (user is allowed X login attempts before they are locked out for N minutes).
It has several security problems:
1. Denial of service by locking out arbitrary accounts
2. User enumeration by specific error messages
3. Unsalted passwords (looks like it at least)

(4. Bad API design, esp. on the escaping mechanisms, but that's more of a subjective sin)

I wouldn't call it "advanced" until there are precautions against the entire (or at least much larger parts of the) attack tree against logins.
french2080
Forum Newbie
Posts: 6
Joined: Wed Apr 16, 2008 12:34 pm

Re: PHP Login Script Ready To Install and Configure??

Post by french2080 »

Cool,

I will look at these things and try see if I can figure out the code. It is just ever since I started learning html, and css styling I had an application to work off of, and I was able to pick up the language rather quickly. I am finding it to be a challenge right now using php and understanding all the functions. But again thanks for the link I will try it out and hopefully have a response.

-Chad- :wink:
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Re: PHP Login Script Ready To Install and Configure??

Post by matthijs »

Picking up PHP is a bit more difficult then html and css. And more importantly, the consequences of doing something wrong are much much bigger (I'm thinking about security).

A login system is something quite difficult to do well. Many ways to do it wrong (and insecure). I'd be careful in just putting up something on your server and trusting that. I don't know what you're planning to do with it, but it's just a suggestion.
Post Reply