nV News Forums

 
 

nV News Forums (http://www.nvnews.net/vbulletin/index.php)
-   Software Development (http://www.nvnews.net/vbulletin/forumdisplay.php?f=53)
-   -   Need a non-functional PHP login box (http://www.nvnews.net/vbulletin/showthread.php?t=89618)

ragejg 04-12-07 08:38 AM

Need a non-functional PHP login box
 
Hi guys. A site I'm building is using a Unix hosting package, and if I want a login box, it needs to be PHP.

I know nothing of PHP at this point, as I develop in MS Expression Web, which supports the ASP.NET flavors but not PHP.

I'm willing to learn some PHP, but in the meantime, I need to place a non-functional login box (this is for looks only, until around july or so) on www.financeforce.com

So could someone help me with a code snippet?

Thanks.

superklye 04-13-07 09:30 AM

Re: Need a non-functional PHP login box
 
Check out www.pixel2life.com

I can guarantee you that you'll find at least one tutorial walking you through how to do it. :)

Q 04-13-07 09:37 PM

Re: Need a non-functional PHP login box
 
Quote:

Originally Posted by superklye
Check out www.pixel2life.com

I can guarantee you that you'll find at least one tutorial walking you through how to do it. :)

One hell of a site you posted there.

superklye 04-14-07 02:04 PM

Re: Need a non-functional PHP login box
 
It's one of my favorites :D

t3hl33td4rg0n 04-16-07 03:10 AM

Re: Need a non-functional PHP login box
 
Hmm, I ripped some code from some Dreamweaver scripts I have somewhere, its not too complicated....

Damn, I forgot my server is offline while I'm out of town.

If you're using PHP, im assuming you have a database to connect to? If so, what kind? I will write it assuming you're using MySQL.

I'm a little rusty, I could use a primer... I will post something soon, But I can only use a local debugger, so if it has problems

t3hl33td4rg0n 04-16-07 03:42 AM

Re: Need a non-functional PHP login box
 
Well, I dont know if this will work since I dont have my server, but here you go :)

This will assume you have MySQL table for users and passwords are stored with MD5 checksums.

Code:

<?php
// This goes in the login (main) page. Tailor the variables as needed

$dbserv        = 'localhost';
$dbuser        = 'dbuser';
$dbpass        = '***********';
$utbl        = 'users';

$LoginSuccess        = './admin.php';
$LoginFail                = './index.php';

// Assume Table of type:  UID  |  USER  |  PASS [MD5]  |  LASTLOGIN

session_start();

mysql_connect($dbserv, $dbuser, $dbpass) or die(E_USER_ERROR);

if($_POST['username']) {
        $s = 'SELECT * FROM `'.$utbl.'` WHERE `user` = `'.$_POST['username'].'` AND `pass` = `'.md5($_POST['password']).'`';
        $q = mysql_query($s) or die(mysql_error());
        if (mysql_num_rows($q) > 0) {
                $Auth = true;
                session_register($Auth);
                header("Location: ./admin.php");
        } else {
                $Auth = false;
                header("Location: ./index.php");
        }
}
?>

<html>
<!-- THIS IS THE LOGIN PAGE -->
<head>
       
</head>
<body>
        <?php if($Auth = false) { echo '<b>Username or password did not match, please try again...</b>'; } ?>
        This is the login page, place a form with POST method using a text field and password field named "Username" and "Password" respectively.       
</body>
</html>


-----------------------------------------------------------------------------------------------


<?php
// This goes in any page that is restricted to only logged in users

session_start();

if ($_SESSION['Auth'] = true) { ?>
<html>
<head>

</head>
<body>

</body>
</html>
<? } else {
        echo "This page is restricted. Please login properly.";
}
?>


evilghost 05-03-07 01:51 PM

Re: Need a non-functional PHP login box
 
I know this is an older thread but I wanted to comment on the t3hl33td4rg0n's excellent example. All is fine, however, it is is strongly recommended that you use the mysql_escape_string(); function to properly sanitize user-input to avoid SQL injection.

In his example, the below code:

Code:

$s = 'SELECT * FROM `'.$utbl.'` WHERE `user` = `'.$_POST['username'].'` AND `pass` = `'.md5($_POST['password']).'`';
Should become:
Code:

$s = 'SELECT * FROM `'.$utbl.'` WHERE `user` = `'.mysql_escape_string($_POST['username']).'` AND `pass` = `'.md5($_POST['password']).'`';
This will prevent SQL injection, else, SQL injection could occur.

superklye 05-03-07 09:23 PM

Re: Need a non-functional PHP login box
 
showoff.

t3hl33td4rg0n 05-17-07 04:27 PM

Re: Need a non-functional PHP login box
 
What about $_POST['password']

Honestly, I've never used mysql_escape_string(), perhaps i should.

But its funny, thats the first script ive written in over a year and havent written a single line since.

evilghost 05-17-07 04:32 PM

Re: Need a non-functional PHP login box
 
Quote:

Originally Posted by t3hl33td4rg0n
What about $_POST['password']

Honestly, I've never used mysql_escape_string(), perhaps i should.

But its funny, thats the first script ive written in over a year and havent written a single line since.

No need to escape it because it's being md5'd:

Code:

md5($_POST['password'])
If it were not first being MD5'd then I would mysql_escape_string() it.

t3hl33td4rg0n 05-18-07 02:48 AM

Re: Need a non-functional PHP login box
 
Kuul, thanks!

atriq 05-23-07 12:27 PM

Re: Need a non-functional PHP login box
 
Quote:

Originally Posted by evilghost
I know this is an older thread but I wanted to comment on the t3hl33td4rg0n's excellent example. All is fine, however, it is is strongly recommended that you use the mysql_escape_string(); function to properly sanitize user-input to avoid SQL injection.

Beat me to it; I actually got a bit of a nervous feeling in my stomach seeing an unsanitized, anonymously set variable going directly to a database.

*shudders*


All times are GMT -5. The time now is 03:21 AM.

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.