Need a non-functional PHP login box

ragejg · 04-12-07, 08:38 AM

Hi guys. A site I'm building is using a Unix hosting package, and if I want a login box, it needs to be PHP.

I know nothing of PHP at this point, as I develop in MS Expression Web, which supports the ASP.NET flavors but not PHP.

I'm willing to learn some PHP, but in the meantime, I need to place a non-functional login box (this is for looks only, until around july or so) on www.financeforce.com

So could someone help me with a code snippet?

Thanks.

superklye · 04-13-07, 09:30 AM

Check out www.pixel2life.com

I can guarantee you that you'll find at least one tutorial walking you through how to do it.

Q · 04-13-07, 09:37 PM

Quote:

Originally Posted by superklye

Check out www.pixel2life.com

I can guarantee you that you'll find at least one tutorial walking you through how to do it.

One hell of a site you posted there.

superklye · 04-14-07, 02:04 PM

It's one of my favorites

t3hl33td4rg0n · 04-16-07, 03:10 AM

Hmm, I ripped some code from some Dreamweaver scripts I have somewhere, its not too complicated....

Damn, I forgot my server is offline while I'm out of town.

If you're using PHP, im assuming you have a database to connect to? If so, what kind? I will write it assuming you're using MySQL.

I'm a little rusty, I could use a primer... I will post something soon, But I can only use a local debugger, so if it has problems

t3hl33td4rg0n · 04-16-07, 03:42 AM

Well, I dont know if this will work since I dont have my server, but here you go

This will assume you have MySQL table for users and passwords are stored with MD5 checksums.

Code:

<?php
// This goes in the login (main) page. Tailor the variables as needed

$dbserv	= 'localhost';
$dbuser	= 'dbuser';
$dbpass	= '***********';
$utbl	= 'users';

$LoginSuccess 	= './admin.php';
$LoginFail 		= './index.php';

// Assume Table of type:   UID  |  USER  |  PASS [MD5]  |  LASTLOGIN

session_start();

mysql_connect($dbserv, $dbuser, $dbpass) or die(E_USER_ERROR);

if($_POST['username']) {
	$s = 'SELECT * FROM `'.$utbl.'` WHERE `user` = `'.$_POST['username'].'` AND `pass` = `'.md5($_POST['password']).'`';
	$q = mysql_query($s) or die(mysql_error());
	if (mysql_num_rows($q) > 0) {
		$Auth = true;
		session_register($Auth);
		header("Location: ./admin.php");
	} else {
		$Auth = false;
		header("Location: ./index.php");
	}
}
?>

<html>
<!-- THIS IS THE LOGIN PAGE -->
<head>
	
</head>
<body>
	<?php if($Auth = false) { echo '<b>Username or password did not match, please try again...</b>'; } ?>
	This is the login page, place a form with POST method using a text field and password field named "Username" and "Password" respectively.	
</body>
</html>


-----------------------------------------------------------------------------------------------


<?php
// This goes in any page that is restricted to only logged in users

session_start();

if ($_SESSION['Auth'] = true) { ?>
<html>
<head>

</head>
<body>

</body>
</html>
<? } else { 
	echo "This page is restricted. Please login properly.";
}
?>

evilghost · 05-03-07, 01:51 PM

I know this is an older thread but I wanted to comment on the t3hl33td4rg0n's excellent example. All is fine, however, it is is strongly recommended that you use the mysql_escape_string(); function to properly sanitize user-input to avoid SQL injection.

In his example, the below code:

Code:

$s = 'SELECT * FROM `'.$utbl.'` WHERE `user` = `'.$_POST['username'].'` AND `pass` = `'.md5($_POST['password']).'`';

Should become:

Code:

$s = 'SELECT * FROM `'.$utbl.'` WHERE `user` = `'.mysql_escape_string($_POST['username']).'` AND `pass` = `'.md5($_POST['password']).'`';

This will prevent SQL injection, else, SQL injection could occur.

superklye · 05-03-07, 09:23 PM

showoff.

t3hl33td4rg0n · 05-17-07, 04:27 PM

What about $_POST['password']

Honestly, I've never used mysql_escape_string(), perhaps i should.

But its funny, thats the first script ive written in over a year and havent written a single line since.

evilghost · 05-17-07, 04:32 PM

Quote:

Originally Posted by t3hl33td4rg0n

What about $_POST['password']

Honestly, I've never used mysql_escape_string(), perhaps i should.

But its funny, thats the first script ive written in over a year and havent written a single line since.

No need to escape it because it's being md5'd:

Code:

md5($_POST['password'])

If it were not first being MD5'd then I would mysql_escape_string() it.

t3hl33td4rg0n · 05-18-07, 02:48 AM

Kuul, thanks!

atriq · 05-23-07, 12:27 PM

Quote:

Originally Posted by evilghost

I know this is an older thread but I wanted to comment on the t3hl33td4rg0n's excellent example. All is fine, however, it is is strongly recommended that you use the mysql_escape_string(); function to properly sanitize user-input to avoid SQL injection.

Beat me to it; I actually got a bit of a nervous feeling in my stomach seeing an unsanitized, anonymously set variable going directly to a database.

*shudders*

04-12-07, 08:38 AM	#1
ragejg nV News Alumni Join Date: Sep 2002 Location: Finger Lakes of Hell, NY Posts: 5,399	Need a non-functional PHP login box Hi guys. A site I'm building is using a Unix hosting package, and if I want a login box, it needs to be PHP. I know nothing of PHP at this point, as I develop in MS Expression Web, which supports the ASP.NET flavors but not PHP. I'm willing to learn some PHP, but in the meantime, I need to place a non-functional login box (this is for looks only, until around july or so) on www.financeforce.com So could someone help me with a code snippet? Thanks. __________________ 2010-2011 Reviews: GTX 570 \| GTX 580 \| GTS 450 \| GTX 460 \| GTX 465 Pre-2010 Reviews: 6600 GT \| XMS 4400 DDR \| SilenX Cooler \| 6800 \| 5900 XT \| Personal Cinema \| 5900 NU ______________________________________________ Phenom II x6 1090t @ 4.0 ghz \| Asus M498TD-EVO Am3 SLI nForce 980a \| 2x EVGA GTX 560 SLI \| 2x4gb DDR3-1333 \| Antec EarthWatts EA650 PSU \| 60gb Mushkin Calisto Enhanced Sandforce SSD \| 2x WD2500KS RAID 0 \| Sunbeam Tuniq 3 case \| 24" Asus 19x10 LED LCD \| 26" Panasonic 720p TV \| Sidewinder X5 mouse \| Logitech MX5500 & Revolution mouse \| Altec Lansing 5.1 THX-Certified audio \| Win 7 Ultimate \| desk \| couch "Stars must die so that I may live. I... stepped out of a Supernova."

04-13-07, 09:30 AM	#2
superklye Join Date: Jul 2004 Location: MKE Posts: 13,629	Re: Need a non-functional PHP login box Check out www.pixel2life.com I can guarantee you that you'll find at least one tutorial walking you through how to do it.

04-14-07, 02:04 PM	#4
superklye Join Date: Jul 2004 Location: MKE Posts: 13,629	Re: Need a non-functional PHP login box It's one of my favorites

05-03-07, 01:51 PM	#7
evilghost Registered User Join Date: Jul 2005 Posts: 3,606	Re: Need a non-functional PHP login box I know this is an older thread but I wanted to comment on the t3hl33td4rg0n's excellent example. All is fine, however, it is is strongly recommended that you use the mysql_escape_string(); function to properly sanitize user-input to avoid SQL injection. In his example, the below code: Code: $s = 'SELECT * FROM `'.$utbl.'` WHERE `user` = `'.$_POST['username'].'` AND `pass` = `'.md5($_POST['password']).'`'; Should become: Code: $s = 'SELECT * FROM `'.$utbl.'` WHERE `user` = `'.mysql_escape_string($_POST['username']).'` AND `pass` = `'.md5($_POST['password']).'`'; This will prevent SQL injection, else, SQL injection could occur.

05-03-07, 09:23 PM	#8
superklye Join Date: Jul 2004 Location: MKE Posts: 13,629	Re: Need a non-functional PHP login box showoff.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
how to totally get rid of nvidia-settings configurations on login	gfxdrone	NVIDIA Linux	10	06-27-12 01:29 PM
Vizio's Co-Star: $99 Google TV box with OnLive gaming support	News	Latest Tech And Game Headlines	0	06-26-12 11:40 AM
Ars Technica system guide: Bargain Box April 2012	News	Latest Tech And Game Headlines	0	05-10-12 10:30 PM
PC Games, CeleronII 566, CeleronA 300, BIOS Savior, Heatsinks, NES & Sega Items +pics	TekViper	For Sale/Trade	5	08-07-02 10:48 PM