PHP Login
From KOP KB
As a note if you have full access to the hosting via FTP but still want to use the website builder this can work with that as it checks via javascript
Contents
PHP MyAdmin Create database
CREATE TABLE `members` (
`id` int(4) NOT NULL auto_increment,
`username` varchar(65) NOT NULL default '',
`password` varchar(65) NOT NULL default '',
PRIMARY KEY (`id`)
) TYPE=MyISAM AUTO_INCREMENT=2 ;
--
-- Dumping data for table `members`
--
-- use the md5 bracket to hash the passwords
-- create as many insert into commands as you need for how much
-- there could be other values as well depending on what is needed for login
INSERT INTO `members` VALUES (1, 'john', md5('1234'));
Setting up the First Page
I name the file myself to mlogin.php but its mostly html thats the function. I made it php so if I needed to do anything with it I can
<?
session_start();
$rand ="";
//gen the random number
for ($x=0; $x<32; $x++) {
$rand = $rand . mt_rand(0,9);
}
//kill the comparison cookie
setcookie("sesscompa", "$rand", time()-3600);
setcookie("sesscompb","$rand", time()-3600);
//starting and overwriting the first cookie
setcookie("sesscooka", "$rand", time()+3600);
setcookie("sesscookb","$rand", time()+3600);
?>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="clogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
Checking the Login
<?php
$host="mysqlv105"; // Host name
$username="sgphplogin"; // Mysql username
$password="Sgphplogin1"; // Mysql password
$db_name="sgphplogin"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$checkpassword= md5($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$checkpassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$rand ="";
for ($x=0; $x<32; $x++) {
$rand = $rand . mt_rand(0,9);
}
//setting the comparison cookie
setcookie("sesscompa","$rand", time()+3600);
setcookie("sesscompb","$rand", time()+3600);
header("location:loggedin.php");
}
else {
echo "Wrong Username or Password";
header("location:mlogin.php");
}
?>
Logged in Page
<html>
<header>
<script>
function listCookies() {
var theCookies = document.cookie.split(';');
var aString = '';
for (var i = 1 ; i <= theCookies.length; i++) {
aString += i + ' ' + theCookies[i-1] + "\n";
}
return aString;
}
function getCookie(cname) {
var name = cname + "=";
var ca = document.cookie.split(';');
for(var i=0; i<ca.length; i++) {
var c = ca[i];
while (c.charAt(0)==' ') c = c.substring(1);
if (c.indexOf(name) != -1) return c.substring(name.length, c.length);
}
return "";
}
var sesscooka =getCookie("sesscooka");
var sesscookb =getCookie("sesscookb");
var sesscompa =getCookie("sesscompa");
var sesscompb =getCookie("sesscompb");
var n = sesscooka.localeCompare(sesscookb);
var m = sesscompa.localeCompare(sesscompb);
if(sesscompa == ""){
window.location.assign("http://knightsofprocrastination.ca/phplogin/")
}else{
if (n == 0){
if(m == 0)
{
}
else{
window.location.assign("http://knightsofprocrastination.ca/phplogin/")
}
}else{
window.location.assign("http://knightsofprocrastination.ca/phplogin/")
}
}
</script>
</header>
<body>
Login Successful<br />
</body>
</html>
Another Method Sqlite
Top of Page
Do to other servers not having the same means to do what you need with sqlite this is another method you can use to create passwords and so.
The DB Construct
<?
//create start
class MyDB extends SQLite3
{
function __construct()
{
$this->open('test.db');
}
}
Dropping the Database
This is mostly a testing script to show the ability of being able to do a password and login script without a traditional database. This drops the table so it can be recreated without error.
$db = new MyDB();
if(!$db){
echo $db->lastErrorMsg();
} else {
echo "Opened database successfully<br />";
}
$sql =<<<EOF
DROP TABLE COMPANY;
EOF;
$ret = $db->exec($sql);
if(!$ret){
echo $db->lastErrorMsg();
} else {
echo "Kicked Tables successfully<br />";
}
$db->close();
Table Creation
Nothing to complicated just using basic SQL to create the table.
$db = new MyDB();
if(!$db){
echo $db->lastErrorMsg();
} else {
echo "Opened database successfully<br />";
}
$sql =<<<EOF
CREATE TABLE COMPANY
(ID INT PRIMARY KEY NOT NULL,
user TEXT NOT NULL,
pass TEXT NOT NULL);
EOF;
$ret = $db->exec($sql);
if(!$ret){
echo $db->lastErrorMsg();
echo "<br />";
} else {
echo "Table created successfully<br />";
}
$db->close();
//create finish
Inserting the Data
Top of Page
Here were showing inserting just clear text but when you apply it you should hash it with md5 or stronger in your application.
//insert start
$db = new MyDB();
if(!$db){
echo $db->lastErrorMsg();
} else {
echo "Opened database successfully<br />";
}
$sql =<<<EOF
INSERT INTO COMPANY (ID,user,pass)
VALUES (1, 'Paul', '32' );
INSERT INTO COMPANY (ID,user,pass)
VALUES (2, 'Allen', '25' );
INSERT INTO COMPANY (ID,user,pass)
VALUES (3, 'Teddy', '23' );
INSERT INTO COMPANY (ID,user,pass)
VALUES (4, 'Mark', '25' );
EOF;
$ret = $db->exec($sql);
if(!$ret){
echo $db->lastErrorMsg();
} else {
echo "Records created successfully<br />";
}
$db->close();
//insert finish
Showing The Data
As I said this is a testing script to verify you can go this way on a server without using traditional database server methods. Also to prove the information is going in correctly.
//select start
$db = new MyDB();
if(!$db){
echo $db->lastErrorMsg();
} else {
echo "Opened database successfully<br /><br />";
}
// You will be changing your query for a specific username and password. You would be reading the ones that were inputted through a form.
$sql =<<<EOF
SELECT * from COMPANY where user like '%p%';
EOF;
$rc = 0;
$ret = $db->query($sql);
while($row = $ret->fetchArray(SQLITE3_ASSOC) ){
echo "ID = ". $row['ID'] . "<br />";
echo "user = ". $row['user'] ."<br />";
echo "pass = ". $row['pass'] ."<br />";
echo "<br />";
// Counter for amount of records it makes it important to ensure the correct person logged in
$rc++;
}
echo "Operation done successfully<br /><br />";
//select finish
$db->close();
Displaying the counter
Top of Page
There reason you show the counter so you can make sure the method you have chosen is counting it correctly so when you finish the login script
echo $rc;
echo "<br /><br />";
?>
