Simple Login System: Need Advice.

Thread Solved

Join Date: May 2008
Posts: 110
Reputation: antwan1986 is an unknown quantity at this point 
Solved Threads: 8
antwan1986's Avatar
antwan1986 antwan1986 is offline Offline
Junior Poster

Simple Login System: Need Advice.

 
0
  #1
Jun 1st, 2008
Hey everyone, I'm making a login system (in an attempt to advance my PHP knowledge). I've successfully made a system which registers the user (and uses md5 on their password), and also a login page which queries the database on the login info they supply (with the supplied password also being run through md5 so it matches the database).

My problem is this: What if someone forgets their password? md5 is (from what I've read) irreversible so my only option would be to reset the password right? If so then is this a logical step by step process?

1) Generate a random code and store it to that users record (meaning I'll need another field called deletion_code or something right?)
2) Email them the code
3) They'll go to a deletion confirmation page where they paste the code and their new password, and submit.
4) The password will be md5'd and updated. The deletion_code field of that users record will be blanked.

Any feedback would be much appreciated. I also have one other problem. Currently the unique ID of the members table is ID but should I change that to email? It seems more relevant, or can I have two primary keys?

Also if someone attempts to register an email already in the database, what is the error that comes back and how can I catch it? (for example in file uploads if the file size is too big, the 'error' attribute comes back with a value of 2).

Thanks for any help at all guys,


Anthony
"Beneath this mask there is more than flesh. Beneath this mask there is an idea, Mr. Creedy, and ideas are bulletproof." - V
Reply With Quote Quick reply to this message  
Join Date: Dec 2007
Posts: 252
Reputation: ProfessorPC is an unknown quantity at this point 
Solved Threads: 27
ProfessorPC ProfessorPC is offline Offline
Posting Whiz in Training

Re: Simple Login System: Need Advice.

 
0
  #2
Jun 1st, 2008
Sounds like you got it right. I had ran into the same problem. I had created the random password and inserted that into the db as their password. Sent them a link including and identifier (reset.php?indent=12345). When the user clicks on this link they will go to the reset page. Here they need to enter their new password that was in the email, enter new password and confirm. This replaced the random password with the password of their choice.
I use and id as the primarykey auto incremented. This way its always unique. I think its easier to reference other tables as well.
Looks like your on the right track...
Reply With Quote Quick reply to this message  
Join Date: Dec 2007
Posts: 252
Reputation: ProfessorPC is an unknown quantity at this point 
Solved Threads: 27
ProfessorPC ProfessorPC is offline Offline
Posting Whiz in Training

Re: Simple Login System: Need Advice.

 
0
  #3
Jun 1st, 2008
Missed your email question. I have used this in the past.

php Syntax (Toggle Plain Text) 
  1. $emailcheck = $_POST['email'];
  2. $check = mysql_query("SELECT email FROM users WHERE email = '$emailcheck'")
  3. or die(mysql_error());
  4. $check2 = mysql_num_rows($check);
  5.  
  6. //if the email exists it gives an error
  7. if ($check2 != 0) {
  8. die('Sorry, the email '.$_POST['email'].' is already in use.');
  9. }

Hope this helps.
Last edited by ProfessorPC; Jun 1st, 2008 at 3:38 pm.
Reply With Quote Quick reply to this message  
Join Date: Jan 2008
Posts: 74
Reputation: Vai is an unknown quantity at this point 
Solved Threads: 5
Vai Vai is offline Offline
Junior Poster in Training

Re: Simple Login System: Need Advice.

 
0
  #4
Jun 1st, 2008
Here is another way to create your table...
php Syntax (Toggle Plain Text) 
  1. CREATE TABLE `users` (
  2.   `ID` int(11) NOT NULL auto_increment,
  3.   `Username` varchar(255) NOT NULL default '',
  4.   `Password` varchar(255) NOT NULL default '',
  5.   `date_registered` int(11) NOT NULL default '0',
  6.   `Temp_pass` varchar(55) default NULL,
  7.   `Temp_pass_active` tinyint(1) NOT NULL default '0',
  8.   `Email` varchar(255) NOT NULL default '',
  9.   `Active` int(11) NOT NULL default '0',
  10.   `Level_access` int(11) NOT NULL default '2',
  11.   `Random_key` varchar(32) default NULL,
  12.   PRIMARY KEY  (`ID`),
  13.   UNIQUE KEY `Username` (`Username`),
  14.   UNIQUE KEY `Email` (`Email`)
  15. ) ENGINE=MyISAM ;
Reply With Quote Quick reply to this message  
Join Date: May 2008
Posts: 110
Reputation: antwan1986 is an unknown quantity at this point 
Solved Threads: 8
antwan1986's Avatar
antwan1986 antwan1986 is offline Offline
Junior Poster

Re: Simple Login System: Need Advice.

 
0
  #5
Jun 4th, 2008
Hey to the both of you and sorry for my late reply but I am just back for a short holiday.

ProfessorPC: I tried your suggestion about the unique email error handler and it works fine, thanks a lot for that one. Also, thanks for the insight into your own resetting password journey!

Vai: Thank you for your suggestion on how I could create my table. I have used the date_registered idea so that I can judge how long a user has been registered but inactive. Is there any way I could write a script that checks to see the date, and if it's more then seven days, it will automatically purge that registration from the database?
"Beneath this mask there is more than flesh. Beneath this mask there is an idea, Mr. Creedy, and ideas are bulletproof." - V
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread has been marked solved.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the PHP Forum


Views: 794 | Replies: 4
Thread Tools Search this Thread



Tag cloud for PHP
.htaccess access ajax apache api array beginner binary broken cakephp checkbox class cms code cookies cron curl database date directory display download dynamic ebooks echo email error file files folder form forms function functions google href htaccess html image include insert integration ip java javascript joomla js limit link login loop mail mediawiki menu methods mlm mod_rewrite multiple mysql oop parse paypal pdf php problem query radio random recursion regex remote script search select server sessions sms soap source space speed sql stored structure subdomain syntax system table tutorial update updates upload url validation validator variable video web xml youtube
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC