PHP Login Script

[old.Lukus]

Im doing an admin page for a site im working on but i cant seem to make a good login script. Can ne1 give me a good link to a tutorial or script or something that wud help me pls (preferrebly using sessions).

Chrz

 

[ShockingAlberto]

dunno exactly what you want, but a while ago i was bored so i started wrking on a php basic shell, uincase i ever felt the need to make a website.

here's the function that decides wether someone is logged in, which is what you want i assume?

function AuthCheck($TheirName,$TheirPass){
 if(eregi("[a-z0-9A-Z_]{2,}","$TheirName")){ 
  $TheirName=crypt($TheirName);
  $TheirPass=crypt($TheirPass);
  if($TheirName){ //determine if their username is valid
   $filename="usernames.txt";
   $file=fopen($filename, "r");
   $names=file($filename);
   //fclose($file);
   $n=0;
   while($n<=count($names)){ //loop to check their username against ones from a text file
    if($names[$n]==$TheirName){
     $RightName="yes";
     $n=count($names)+5;
    }else{
     $RightName="no";
     $n=$n+1;
    }
   }
  }
  if($RightName==yes){ //determine if their password matches their username
   $filename="passwords/"."$TheirName".".txt"; //look in their file to see if their password is right
   $file=fopen($filename, "r");
   $password=file($filename);
   fclose($file);
   if($TheirPass==$password[0]){
    $LoggedIn=yes;
   }else{
    $badpass=yes;
   }
  }
  if($badpass){
   $CantLoggin="badpass";
   return $CantLoggin;
  }elseif($badname){
   $CantLoggin="badname";
   return $CantLoggin;
  }elseif($LoggedIn==yes){
   $LoggedIn="successful";
   return $LoggedIn;
  }
 }
} //end of function

you have the username cookie, which you pass to the function as 'TheirNames', and the passwordcookie which you pass to the function as 'TheirPass'.
the password and name are crypted then checked against a text file.
the names in the text file, the name of the password file, and the password in the text file all have to be stored crypted, so making a funtion to make new members must be thoughtout clearly.
also, the name, and the password must b either entered non crypted, or stored as a cookie non crypted.

you would use this little function like so:

if (AuthCheck($UserName,$password)==LoggedIn){
the page/info/links or whatever ou want protecting
}else{
either stuff for non mebers, or an error message

you'll notice it does output differant messages if you want to use this unmodified ater they enter their details via form.
if you dont understand php, or this, then dont bother, you're better off finding a web resource site.

if you feel happy in PHP, you'll be able tounderstand this. it isn't complicated, it's fairly logical, and fairly useful. you could adapt and use decrypt() and encrypt().

edit: fixxed the mess the 'php code' formatting did. it's a good idea, but with the green bacground it was almost illegable, and it mussed the text.

 

[ShockingAlberto]

ok, i'm bored so i'll write the rest of it:
the form for the loggon:

 <form action="login.php" method="post">
UserName: <input name="username" type="text" size="20" maxlength="20">

Password: <input name="Password" type="text" size="20" maxlength="20">
<input type="hidden" name="Login" value="Yes">
</form>

now stick that anywhere, and it's a plain html form.

then you need 'login.php' something like this.

<?php
//nothing must go before this
require("functions.php");
if($Login==Yes){
  if(AuthCheck($username,$Password)==successful){
    $Loggin=good
    setcookie("UserName", "username");
    setcookie("PassWord", "Password");
  }else{
    $Loggin=no
  }
}else{
  $Loggin=bad
}
?>
any html here
<?php
if($Loggin==bad){
  if(AuthCheck(username,Password)==badpass){
    print("your password doesn't match the username");
  }elseif(AuthCheck(username,Password)==badname){
    print("we couldn't find any member with that username");
  }
}elseif($Loggin==no){
print("please loggin
");
print("<form action=\"login.php\" method=\"post\">UserName:");
print("<input name=\"username\" type="text" size="20" maxlength="20">");
print("
Password: <input name=\"Password\" type=\"text\" size=\"20\" maxlength=\"20\">");
print("<input type=\"hidden\" name=\"Login\" value=\"Yes\"></form>");
}else{
  print("thank you for logging in :D ");
}
?>

taken em 20 mins or so, and typed into form = bad, but i hope it helps. there will be parse errors, but this should make it pretty clear how to sort out a member's area if you know any php.

edit: woops, forgot you want to make 'functions.php' and stick the 'AuthCheck' function in it, along with any other global functions. then include it on any php pages.

 

[old.Trav]

why not use a mySQL db? signup for one at http://www.freesql.org

i made a script for this that is easy to use but it is not quite finished.

 

[ShockingAlberto]

FreeSQL is fairly slow, while it easily suffices for smething like a news script, there is no need to use it.

File based scripts arent as secure(obviously), but intelligant use of the 'crypt' and 'encrypt'/'decrypt' functions brings them up to the security level required for most sites that people here will be running.

 

[Tempy_Incursion]

Yes, that is why i orginally worked without MySQL producing scripts, but these often came too awkward when editing and saving items back to a file, a DB is much easier but for the end user it makes no difference except that file-based storage is quicker.

What is this 'encrypt/decrypt' function you mentioned? I have only ever used 'crypt'. :S

 

[old.Atrax]

How about .htaccess?

 

[ShockingAlberto]

Apache passworded dirs suck. Using script based login is alot more versatile.

 

[Jasio]

Hey Shocking, I can see you know alot about Dev. Can you 'elp me out? I need to get phpBB working on my site. I have the MySQL trial activated but I dunno where to go from there. I can run the installer but i cant get past the area where you select database name and stuff. If you want to give me your e-mail address and I can E-Mail you the login and pw for my BW site account so you can snoop around and see if i didnt mess anything up. Write to me at sitemaster34@hotmail.com or reply or something

Heh, Cya Around Shocking.