LOGIN & REGISTRATION Script Tutorial

Tutorials on PHP, databases and other aspects of web development. Before posting a question, check in here to see whether there's a tutorial that covers your problem.

Moderator: General Moderators

User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: LOGIN & REGISTRATION Script Tutorial

Post by califdon »

Always glad to help a student who wants to learn! Let me offer a general comment that may be useful in many situations: Try not to get so buried in coding details that you lose sight of the actual objectives--for security matters, always ask yourself exactly what you are trying to protect against before you even begin to determine what kind of code you will use. For example, are you trying to protect against someone making a deliberate attempt to gain access to a particular user's account? Or maybe an attack that might allow a hacker to gain access to your database, thereby capturing ALL of the user passwords and other user data? Or gaining access to the server's control system, or even destroying data on the server, etc. etc. You might think, "Sure, ALL of those!", but you need to consider all those possibilities, and then evaluate your preliminary choices for methods to see whether they would be effective against the specific threats that you are trying to protect against. "Security" isn't just one big basket, it's a careful consideration of each and every potential threat, and most of those require different strategies to protect against. Passwords are only one part of security and do not protect against Denial of Service attacks, for example. Just some thoughts for you to consider.
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: LOGIN & REGISTRATION Script Tutorial

Post by social_experiment »

@Celauran interesting idea; i was struggling with the idea of how to get a password (a new one) to the user but this seems like it could work in a system where there isn't an option to email. Something i would add to this is time limited option where a user would have x amount of time to change their password before the temporary password expires
fcjr4869
Forum Newbie
Posts: 3
Joined: Tue Jan 07, 2014 9:11 am

Re: LOGIN & REGISTRATION Script Tutorial

Post by fcjr4869 »

what if the account holder wants to change his password?
i am echoing the password taken from the database to a password input field. it's still hashed so the text field contains a lot of dots.

how do i unhash the password so it matches the number of characters echoed in the textfield? or is there any other way?
User avatar
Celauran
Moderator
Posts: 6425
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: LOGIN & REGISTRATION Script Tutorial

Post by Celauran »

You can't unhash. That's the whole point of hashes. If you want to allow the user to change their password, have three fields: existing, new, new repeated. When the form is submitted, hash the existing password and compare it against what's in the database, then compare the new and new repeated fields. If both tests pass, update the password with the hash of the new password.
nili
Forum Newbie
Posts: 1
Joined: Sun Jun 29, 2014 4:26 pm

Re: LOGIN & REGISTRATION Script Tutorial

Post by nili »

Great tutorial, thank you although I am having a slight problem:

Managed to register a user. I can see the user in the database and the hashed passcode but I am not able to log in. The only changes I have made are the db connection details. I havent touched the PasswordHash.php file.
When I try to login I get the "login failed" message.

Any idea what I might be doing wrong?

many thanks again.
User avatar
Celauran
Moderator
Posts: 6425
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: LOGIN & REGISTRATION Script Tutorial

Post by Celauran »

Could be that a user wasn't returned, could be that CheckPassword failed. You'd need to step through the code to see which is the case.
mariajohns
Forum Newbie
Posts: 4
Joined: Fri Aug 22, 2014 4:52 am
Location: Austin, Texas USA

Re: LOGIN & REGISTRATION Script Tutorial

Post by mariajohns »

Thank for the informative tutorial.
CodeNinja
Forum Newbie
Posts: 1
Joined: Thu Jun 11, 2015 8:44 pm

Re: LOGIN & REGISTRATION Script Tutorial

Post by CodeNinja »

Very nice tutorial. Very informative
ercolacola
Forum Newbie
Posts: 1
Joined: Mon Oct 24, 2016 5:28 pm

Re: LOGIN & REGISTRATION Script Tutorial

Post by ercolacola »

I can't download the zip file. It seems to be removed.
Can you suggest me where I could find some complete secure login & logout system?


Thanks in advance, it's a long time I am looking for this.
Best regards,
Ercola :banghead:
earl92
Forum Newbie
Posts: 7
Joined: Sun Feb 05, 2017 9:38 am

Re: LOGIN & REGISTRATION Script Tutorial

Post by earl92 »

kindly share the tutorials of members page where they can check and update their profile and orders payment etc
Post Reply