Hi all, after thinking for sometimes, I thought it will be great opportunity to learn if I will start from scratch and build my own register/login system. Here is the thread that I will be posting the progress and I hope you guys will help me.
The code below is what I have so far. Just put two scripts in the same directory and that is! I hope you will help me
Thanks!
class.php -
<?php
-
//php login sytem
-
class LoginRegister{
-
function __construct(){
-
}
-
-
function displogin($status){
-
if ($status == "login"){
-
// post login page
-
$enc = base64_encode('login');
-
$html = <<<LOGIN
-
<form action = $_SERVER[PHP_SELF]?do=$enc, method = POST>
-
<p>Username: <input type=text name = username /></p>
-
<p>Password: <input type=password name = password /></p>
-
<input type=submit value=Login />
-
</form>
-
LOGIN;
-
echo $html;
-
}//end if
-
-
else if ($status == "register"){
-
//post register page
-
$enc = base64_encode('register');
-
$html = <<<LOGIN
-
<form action = $_SERVER[PHP_SELF]?do=$enc, method = POST>
-
<p>Username: <input type=text name = username /></p>
-
<p>Password: <input type=password name = password /></p>
-
<input type=submit value=Register />
-
</form>
-
LOGIN;
-
echo $html;
-
}// end elese if
-
-
-
}
-
-
function auth($username, $password){
-
$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password' ";
-
$res = mysql_query($sql) or die(mysql_error());
-
if (mysql_num_rows($res)==1){
-
echo "sucessful logged in as ". $username;
-
}//end if
-
else{
-
echo "<p style = 'color:red; font-weight:bold;'>Username or password not correct.
-
<br /> New? Register!</p>";
-
$this->displogin('register');
-
}// end else
-
}
-
-
-
function checkempty($username, $password, $mode){
-
if (empty($username) or empty($password)){
-
echo "<p style = 'color:red; font-weight:bold;'>Empty Values are not allowed</p>";
-
$this->displogin('login');
-
}//end if
-
else{
-
//do checking
-
switch($mode){
-
case 'login':
-
$this->auth($username, $password);
-
case 'register':
-
$this->adduser($username, $password);
-
default:
-
echo "<p style = 'color:red; font-weight:bold;'>Wrong Values are not allowed</p>";
-
$this->displogin('login');
-
}//end switch
-
}//end else
-
}
-
-
function login($uname, $passwd){
-
//username
-
$username = stripslashes($uname);
-
$username = mysql_real_escape_string($uname);
-
//passsword
-
$password = stripslashes($passwd);
-
$password = mysql_real_escape_string($passwd);
-
//check for empty variables
-
$this->checkempty($username, $password, 'login');
-
}
-
-
function register($uname, $passwd){
-
//username
-
$username = stripslashes($uname);
-
$username = mysql_real_escape_string($uname);
-
//passsword
-
$password = stripslashes($passwd);
-
$password = mysql_real_escape_string($passwd);
-
//check for empty variables
-
$this->checkempty($username, $password, 'register');
-
}
-
-
function adduser($username, $password){
-
$sql = "INSERT INTO users(username, password) VALUES('$username', '$password')";
-
//redirect to login page
-
echo "<p style = 'color:green; font-weight:bold;'>Thanks for registering. You can now login</p>";
-
$this->displogin('login');
-
mysql_query($sql) or die(mysql_error());
-
}
-
-
}//end class
-
?>
-
index.php -
<?php
-
require "class.php";
-
$obj = new LoginRegister();
-
$conn = mysql_connect("localhost", "root", "") or die(mysql_error());
-
mysql_select_db("admin", $conn)or die(mysql_error());
-
if ((isset($_GET['do']))){
-
if (($_GET['do'])==(base64_encode('login'))){
-
$obj->login($_POST['username'], $_POST['password']);
-
}//end middle first if
-
else if(($_GET['do'])== (base64_encode('register'))){
-
$obj->register($_POST['username'], $_POST['password']);
-
}
-
else{
-
echo "<p style = 'color:red; font-weight:bold;'>Please Login</p>";
-
$obj->displogin('login');
-
//debug
-
echo base64_encode('login').'<br />';
-
echo $_GET['do'];
-
}//end else middle
-
-
}//end last if
-
else{
-
echo "<p style = 'color:green; font-weight:bold;'>Please Login</p>";
-
$obj->displogin('login');
-
}//end else
-
?>
-
13 4171 TheServant 1,168
Recognized Expert Top Contributor
Sure. Let us know if you have a question. This section of Bytes is really for people who need some help with something specific. As much as we'd like to read through your code and impart some wisdom and knowledge in layout, syntax and method, proof reading code is not really in the job description. If you get an error, or something is not working as it should, post relavent code and all error messages and a full explanation, so we don't have to spend half our day looking through irrelevant code trying to find an unidentified problem.
If you're wanting to write a tutorial, write it in PHP insights.
this is newbie start writting the script. So IWhat I wanted is criticism and suggestion. I want to end up with full secure login system. That is my intention and I believe it is in Job descriptin ;)
Sorry for being vague and welcome for help :)
Dormilich 8,658
Recognized Expert Moderator Expert
knowledge has its price… either money (if you hire someone) or effort (to learn it yourself).
TheServant 1,168
Recognized Expert Top Contributor @Dormilich
True. Apostle, you need to try and improve you script and come to us when you're stuck on something. Type in PHP login script, or login tutorial in Google and you'll have plenty of places to get the basics. Always start with the basics.
dlite922 1,584
Recognized Expert Top Contributor @Apostle
You need some major help!
What you had is not even a class. Here's what real class looks like:
All your other functions should be in a different file that use this class. I'll leave that for you to learn.
* YOUR BIGGEST MISTAKE *
You did not validate the user input before inserting them in an SQL.
Imagine if I tried to login to your used any bogus user name this for a password: hack' OR 1 = 1 LIMIT 1;
Thus your SQL would look like this when executed: -
-
SELECT * FROM users WHERE username = 'hacker' AND password = 'hack' OR 1=1 LIMIT 1;' ";
-
-
Then your check, which says the number of results should be 1 return true because i'm sure you have at least one user name in your users table where the number 1 is always equal to 1. This is called SQL INJECTION
Google the **** out of it. You're software is always unsecured without it.
I've done more than enough. I hope you learn PHP before you write unsafe software like this. I really REALLY hope you go read up on tutorials and practice programming and proper software testing before deploying any code.
Good luck,
Dan
Thanks Dan for Postive criticism.
I completely rewrote the whole thing and will post it here. For now I it is Here
I will post it here.
The reason I want to write from the scratch is to learn new thing as I go, and I know there are many experts that can drill and expose my ignorance on something and definitely improve my skills.
So feel free to criticize me or advice me on anything (code, good coding habits et al)
Thanks for your time guys :)
TheServant 1,168
Recognized Expert Top Contributor
Writing from scratch is the best for learning, and that is what you should do. However, when you start spending time developing, you can't re-write everything (and have a life) so you will need to learn how to use and modify already tried and tested code.
Again, we're here to help when you get stuck, and generally we don't read through screens of code, but if you post snippets for specific problems, we'll mention any issues with the surrounding code no probs ;)
Any recommended code that I can build upon? As per say, I'm beginner in these things and security matters alot in web apps :)
Dormilich 8,658
Recognized Expert Moderator Expert
currently the best measure against SQL Injection is using Prepared Statements (implemented in PHP’s MySQLi & PDO classes)
Sign in to post your reply or Sign up for a free account.
Similar topics |
by: |
last post by:
Please help.
After a number of wrong turns and experiments I need advice on login
management system to secure our web pages without inconveniencing our
visitors or our internal staff.
What I need:
A system whereby the user only has to register ONCE and he will have
automatic entry to ANY page without havinto to RE-LOGIN even if he comes in
|
by: PaulThomas |
last post by:
Working with XP-Pro and VS.Net I have set my Start Page to "Home.aspx" but
the application always starts the "Login" page - - - How can I change the
start page to the Home.aspx???
On the login page that displays I have
private void LinkButton1_Click(object sender, System.EventArgs e)
{
bool MyVar = true;
Msg.Text = "ReDirecting to Home.aspx";
Response.Redirect("Home.aspx",MyVar);
}
|
by: Mike |
last post by:
Please help this is driving me nuts. I have 2 forms, 1 user class and I am
trying to implement a singleton class. Form 1 should create a user object
and populate some properties in user. Form2 should then have access to those
user properties. I am not getting the property value from user that was set
in form1.
Sorry for posting so much code but I need help bad. How do i make this work?
Thanks
Mike
|
by: Zelin Lu |
last post by:
Hello, All
I am building two user controls and dynamicly load one them into a
PlaceHolder.
But the button on the user control doesn't work fine. I need to click twice
to fire the event?
Anybody could help me?
Thank you very much
|
by: Denise |
last post by:
I have posted a similar message in 2 other forums but got no response. I
have spent more hours than I can count researching this. Can anyone provide
some insight...?
Our ASP.Net application needs to transparently log a user on to a separate
secure web site (PHP - not controlled by us). We want to save the user the
step of typing in his username and password and having to press submit.
I could accomplish this by using the <form...
| |
by: pv |
last post by:
Hi everyone,
I need help with following scenario, please:
Users are accessing same web server from intranet (users previously
authenticated in Active Dir) and from extranet (common public users). If
user is from intranet, web server should recognize it and application should
create additional options in controls regarding groups the user belongs to.
If user is from extranet it should be logged in as anonymous and a link to
login page...
|
by: AppleBag |
last post by:
I'm having the worst time trying to login to myspace through code. Can
someone tell me how to do this? Please try it yourself before replying,
only because I have asked this a couple of times in the past in other
places, and while the help was much appreciated, it seemed everyone
just wanted to 'theoretically' explain how to do it, but when I tried
to do it myself, I couldn't login.
I want to simply pass the email address and password to...
|
by: Porkie999 |
last post by:
-----------------------------------------------------------------------QUESTION
hi i am really stuck with this and its only a small problem.
i want to be able to type .........
dsfsjfjsjjfs in User Box
fjdjskfjds in password box
www.thescripts.com in website box
then i want to have a button which says "save" which then saves the 3 above pieces of text into a notepad file.
So like I said I want to be able to type a login, password and...
|
by: =?ISO-8859-1?Q?Lasse_V=E5gs=E6ther_Karlsen?= |
last post by:
I get the above error in some of the ASP.NET web applications on a
server, and I need some help figuring out how to deal with it.
This is a rather long post, and I hope I have enough details that
someone who bothers to read all of it have some pointers.
Note, I have posted the stack trace and the code exhibiting the problem
further down so if you want to start by reading that, search for +++
Also note that I am unable to reproduce...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |