PHP Login

From KOP KB
Revision as of 18:32, 15 September 2014 by ReMaster (talk | contribs) (Starting off with starting up the db)
Jump to: navigation, search

As a note if you have full access to the hosting via FTP but still want to use the website builder this can work with that as it checks via javascript

PHP MyAdmin Create database

CREATE TABLE `members` (
`id` int(4) NOT NULL auto_increment,
`username` varchar(65) NOT NULL default '',
`password` varchar(65) NOT NULL default '',
PRIMARY KEY (`id`)
) TYPE=MyISAM AUTO_INCREMENT=2 ;

-- 
-- Dumping data for table `members`
-- 

-- use the md5 bracket to hash the passwords
-- create as many insert into commands as you need for how much
-- there could be other values as well depending on what is needed for login
INSERT INTO `members` VALUES (1, 'john', md5('1234'));

Setting up the First Page

I name the file myself to mlogin.php but its mostly html thats the function. I made it php so if I needed to do anything with it I can 

<?
session_start();
$rand ="";
//gen the random number
for ($x=0; $x<32; $x++) {
  $rand = $rand . mt_rand(0,9);
}
//kill the comparison cookie
setcookie("sesscompa", "$rand", time()-3600);
setcookie("sesscompb","$rand", time()-3600);

//starting and overwriting the first cookie
setcookie("sesscooka", "$rand", time()+3600);
setcookie("sesscookb","$rand", time()+3600);
?>

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="clogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>

Checking the Login

<?php
$host="mysqlv105"; // Host name
$username="sgphplogin"; // Mysql username
$password="Sgphplogin1"; // Mysql password
$db_name="sgphplogin"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];


// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$checkpassword= md5($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$checkpassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
$rand ="";
for ($x=0; $x<32; $x++) {
  $rand = $rand . mt_rand(0,9);
} 

//setting the comparison cookie
setcookie("sesscompa","$rand", time()+3600);
setcookie("sesscompb","$rand", time()+3600);

header("location:loggedin.php");
}
else {
echo "Wrong Username or Password";
header("location:mlogin.php");
}
?>

Logged in Page

<html>
<header>
<script>
function listCookies() {
    var theCookies = document.cookie.split(';');
    var aString = '';
    for (var i = 1 ; i <= theCookies.length; i++) {
        aString += i + ' ' + theCookies[i-1] + "\n";
    }
    return aString;
}
function getCookie(cname) {
    var name = cname + "=";
    var ca = document.cookie.split(';');
    for(var i=0; i<ca.length; i++) {
        var c = ca[i];
        while (c.charAt(0)==' ') c = c.substring(1);
        if (c.indexOf(name) != -1) return c.substring(name.length, c.length);
    }
    return "";
}
var sesscooka =getCookie("sesscooka");
var sesscookb =getCookie("sesscookb");
var sesscompa =getCookie("sesscompa"); 
var sesscompb =getCookie("sesscompb");

var n = sesscooka.localeCompare(sesscookb);
var m = sesscompa.localeCompare(sesscompb);

if(sesscompa == ""){
window.location.assign("http://knightsofprocrastination.ca/phplogin/")

}else{
if (n == 0){
    if(m == 0)
	{
	
	}
	else{
	window.location.assign("http://knightsofprocrastination.ca/phplogin/")
	}
}else{
window.location.assign("http://knightsofprocrastination.ca/phplogin/")
}
}
</script>
</header>
<body>
Login Successful<br />
</body>
</html>

Another Method Sqlite

Do to other servers not having the same means to do what you need with sqlite this is another method you can use to create passwords and so.

The DB Construct

<?

//create start
 class MyDB extends SQLite3
   {
      function __construct()
      {
         $this->open('test.db');
      }
   }

Booting the Database

   $db = new MyDB();
   if(!$db){
      echo $db->lastErrorMsg();
   } else {
      echo "Opened database successfully<br />";
   }

  $sql =<<<EOF
     DROP TABLE COMPANY;

EOF; 

  $ret = $db->exec($sql);
  if(!$ret){
     echo $db->lastErrorMsg();
  } else {
     echo "Kicked Tables successfully
";
  }
  $db->close();
  
  $db = new MyDB();
  if(!$db){
     echo $db->lastErrorMsg();
  } else {
     echo "Opened database successfully
";
  }

  $sql =<<<EOF
     CREATE TABLE COMPANY
     (ID INT PRIMARY KEY     NOT NULL,
     user           TEXT    NOT NULL,
     pass            TEXT     NOT NULL);

EOF; 

  $ret = $db->exec($sql);
  if(!$ret){
     echo $db->lastErrorMsg();

echo "
"; 

  } else {
     echo "Table created successfully
";
  }
  $db->close();
  //create finish
  
  //insert start
  
  
  $db = new MyDB();
  if(!$db){
     echo $db->lastErrorMsg();
  } else {
     echo "Opened database successfully
";
  }

  $sql =<<<EOF
     INSERT INTO COMPANY (ID,user,pass)
     VALUES (1, 'Paul', '32' );

     INSERT INTO COMPANY (ID,user,pass)
     VALUES (2, 'Allen', '25' );

     INSERT INTO COMPANY (ID,user,pass)
     VALUES (3, 'Teddy', '23' );

     INSERT INTO COMPANY (ID,user,pass)
     VALUES (4, 'Mark', '25' );

EOF; 

  $ret = $db->exec($sql);
  if(!$ret){
     echo $db->lastErrorMsg();
  } else {
     echo "Records created successfully
";
  }
  $db->close();
  //insert finish



  //select start
   $db = new MyDB();
  if(!$db){
     echo $db->lastErrorMsg();
  } else {
     echo "Opened database successfully

";
  }

  $sql =<<<EOF
     SELECT * from COMPANY where user like '%p%';

EOF; $rc = 0; 

  $ret = $db->query($sql);
  while($row = $ret->fetchArray(SQLITE3_ASSOC) ){
     echo "ID = ". $row['ID'] . "
";
     echo "user = ". $row['user'] ."
";
     echo "pass = ". $row['pass'] ."
";
     echo  "
";

$rc++; 

  }
  echo "Operation done successfully

";
  
  //select finish

echo $rc; echo "

";

$db->close(); ?> </syntaxhighlight>

Retrieved from "https://knightsofprocrastination.ca/KOPKB/index.php?title=PHP_Login&oldid=146"