•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 426,517 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,063 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our PHP advertiser: Lunarpages PHP Web Hosting
Views: 538 | Replies: 3
 |
•
•
Join Date: Jul 2008
Location: Fort Worth, TX
Posts: 3
Reputation: 
Rep Power: 0
Solved Threads: 0
Newbie Poster
Alright so after many people asking me to post the login script I use for my site at locatestyle.com, I made two functions. Now these functions do not include everything that is used for the login procedure on locatestyle.com due to the fact I don't want everyone to know how the complete script works on there. Figure if you know completely how it works, the easier it is to find security flaws. Now granted this could be more secure by using cookies in conjunction with a column in the database for the cookie value to be stored but here's the basis. Let me know what you think and if you run into any errors.
Now if your new to PHP and don't know what you need to change or how or even what columns you need in your table don't be afraid to ask.
function doLogin($username,$password) {
if($_SERVER['SERVER_NAME'] == URL) {
$find_user = mysql_query("SELECT * FROM ".USERS_TABLE." WHERE username = '$username' AND password = '$password' LIMIT 1");
if(mysql_num_rows($find_user) == 1) {
$user = mysql_fetch_array($find_user);
if($user['active'] == 1) {
$update_login = mysql_query("UPDATE ".USERS_TABLE." SET last_login = '".time()."',login_ip = '".$_SERVER['REMOTE_ADDR']."', WHERE id = '".$user['id']."'");
$_SESSION['id'] = $user['id'];
mysql_free_result($find_user);
} else {
$login_error = "Your account has not been activated yet.";
}
} else {
$login_error = "Wrong username/password.";
}
} else {
die("You do not have permission to login to this site.");
}
}
function checkLogin() {
if($_SESSION['id'] != '') {
$user = mysql_fetch_array(mysql_query("SELECT * FROM ".USERS_TABLE." WHERE id = '".$_SESSION['id']."' LIMIT 1"));
if($user['login_ip'] == $_SERVER['REMOTE_ADDR']) {
$expired = $user['last_login'] + 600;
if(time() >= $expired_time) {
session_destroy();
header('Location: index.php');
} else {
$update_login = mysql_query("UPDATE ".USERS_TABLE." SET last_login = '".time()."' WHERE id = '".$user['id']."'");
}
} else {
session_destroy();
header('Location: index.php');
}
}
} Now if your new to PHP and don't know what you need to change or how or even what columns you need in your table don't be afraid to ask.
Ben Marshall
locateSTYLE | Web Development Community
Free Website Templates, Stock Photography and more!
locateSTYLE | Web Development Community
Free Website Templates, Stock Photography and more!
•
•
Join Date: Jun 2008
Location: Phoenix, AZ
Posts: 771
Reputation:
Rep Power: 2
Solved Threads: 63
Master Poster
I hope you are validating that password.
$username = "blahblah";
$password = "blah' or '2' = '2"
if not, I could log in with just that.
$username = "blahblah";
$password = "blah' or '2' = '2"
if not, I could log in with just that.
Last edited by R0bb0b : Jul 24th, 2008 at 7:33 pm.
“Be who you are and say what you feel because those who mind don't matter and those who matter don't mind.” - Dr. Seuss
•
•
Join Date: Jul 2008
Location: Fort Worth, TX
Posts: 3
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
The password is validated by the function e.g. if password in the database is 'ghost' the only way a user will be able to login is with the password ghost
Ben Marshall
locateSTYLE | Web Development Community
Free Website Templates, Stock Photography and more!
locateSTYLE | Web Development Community
Free Website Templates, Stock Photography and more!
•
•
Join Date: Nov 2007
Location: Arkansas
Posts: 396
Reputation:
Rep Power: 2
Solved Threads: 78
Posting Whiz
•
•
•
•
Alright so after many people asking me to post the login script I use for my site at locatestyle.com, I made two functions.
Lost time is never found again.
- Benjamin Franklin
- Benjamin Franklin
|
•
•
•
•
•
•
•
•
DaniWeb PHP Marketplace
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Linear Mode
- PHP and MS SQL Secure Authentication system (PHP)
- Custom page to login to Yahoo, Gmail, MSN etc (JavaScript / DHTML / AJAX)
- How to Secure and Handling variables (PHP)
- .htaccess mod_rewrite to php login (PHP)
- Administrator's Page Security Settings With PHP (PHP)
- Setting up a form in PHP (PHP)
- How do I make bots in php? (PHP)
- Php With Sessions Aah (PHP)
Other Threads in the PHP Forum
- Previous Thread: execute behind the scene mysql update/insert query just on button click
- Next Thread: how to read from a database
