943,867 Members | Top Members by Rank

Web Development > PHP > Simple Login System: Need Advice.
Ad:
  • PHP Discussion Thread
  • Marked Solved
  • Views: 1049
  • PHP RSS
Permalink
Jun 1st, 2008
0

Simple Login System: Need Advice.

Expand Post »
Hey everyone, I'm making a login system (in an attempt to advance my PHP knowledge). I've successfully made a system which registers the user (and uses md5 on their password), and also a login page which queries the database on the login info they supply (with the supplied password also being run through md5 so it matches the database).

My problem is this: What if someone forgets their password? md5 is (from what I've read) irreversible so my only option would be to reset the password right? If so then is this a logical step by step process?

1) Generate a random code and store it to that users record (meaning I'll need another field called deletion_code or something right?)
2) Email them the code
3) They'll go to a deletion confirmation page where they paste the code and their new password, and submit.
4) The password will be md5'd and updated. The deletion_code field of that users record will be blanked.

Any feedback would be much appreciated. I also have one other problem. Currently the unique ID of the members table is ID but should I change that to email? It seems more relevant, or can I have two primary keys?

Also if someone attempts to register an email already in the database, what is the error that comes back and how can I catch it? (for example in file uploads if the file size is too big, the 'error' attribute comes back with a value of 2).

Thanks for any help at all guys,


Anthony
Similar Threads
Reputation Points: 14
Solved Threads: 8
Junior Poster
antwan1986 is offline Offline
110 posts
since May 2008
Permalink
Jun 1st, 2008
0

Re: Simple Login System: Need Advice.

Sounds like you got it right. I had ran into the same problem. I had created the random password and inserted that into the db as their password. Sent them a link including and identifier (reset.php?indent=12345). When the user clicks on this link they will go to the reset page. Here they need to enter their new password that was in the email, enter new password and confirm. This replaced the random password with the password of their choice.
I use and id as the primarykey auto incremented. This way its always unique. I think its easier to reference other tables as well.
Looks like your on the right track...
Reputation Points: 31
Solved Threads: 29
Posting Whiz in Training
ProfessorPC is offline Offline
270 posts
since Dec 2007
Permalink
Jun 1st, 2008
0

Re: Simple Login System: Need Advice.

Missed your email question. I have used this in the past.

php Syntax (Toggle Plain Text)
  1. $emailcheck = $_POST['email'];
  2. $check = mysql_query("SELECT email FROM users WHERE email = '$emailcheck'")
  3. or die(mysql_error());
  4. $check2 = mysql_num_rows($check);
  5.  
  6. //if the email exists it gives an error
  7. if ($check2 != 0) {
  8. die('Sorry, the email '.$_POST['email'].' is already in use.');
  9. }

Hope this helps.
Last edited by ProfessorPC; Jun 1st, 2008 at 3:38 pm.
Reputation Points: 31
Solved Threads: 29
Posting Whiz in Training
ProfessorPC is offline Offline
270 posts
since Dec 2007
Permalink
Jun 1st, 2008
0

Re: Simple Login System: Need Advice.

Here is another way to create your table...
php Syntax (Toggle Plain Text)
  1. CREATE TABLE `users` (
  2.   `ID` int(11) NOT NULL auto_increment,
  3.   `Username` varchar(255) NOT NULL default '',
  4.   `Password` varchar(255) NOT NULL default '',
  5.   `date_registered` int(11) NOT NULL default '0',
  6.   `Temp_pass` varchar(55) default NULL,
  7.   `Temp_pass_active` tinyint(1) NOT NULL default '0',
  8.   `Email` varchar(255) NOT NULL default '',
  9.   `Active` int(11) NOT NULL default '0',
  10.   `Level_access` int(11) NOT NULL default '2',
  11.   `Random_key` varchar(32) default NULL,
  12.   PRIMARY KEY  (`ID`),
  13.   UNIQUE KEY `Username` (`Username`),
  14.   UNIQUE KEY `Email` (`Email`)
  15. ) ENGINE=MyISAM ;
Vai
Reputation Points: 12
Solved Threads: 5
Junior Poster in Training
Vai is offline Offline
74 posts
since Jan 2008
Permalink
Jun 4th, 2008
0

Re: Simple Login System: Need Advice.

Hey to the both of you and sorry for my late reply but I am just back for a short holiday.

ProfessorPC: I tried your suggestion about the unique email error handler and it works fine, thanks a lot for that one. Also, thanks for the insight into your own resetting password journey!

Vai: Thank you for your suggestion on how I could create my table. I have used the date_registered idea so that I can judge how long a user has been registered but inactive. Is there any way I could write a script that checks to see the date, and if it's more then seven days, it will automatically purge that registration from the database?
Reputation Points: 14
Solved Threads: 8
Junior Poster
antwan1986 is offline Offline
110 posts
since May 2008

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in PHP Forum Timeline: Help need to improve my php
Next Thread in PHP Forum Timeline: Comparison





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC