login script

chazze06 · #1 (**permalink**) 12-23-08, 07:00 AM

uhm.. this is my first time to make a php script.. how can i make a login script that goes this way:

if login is successful goto loggedinpage
if not then it stays in the same page and shows a message that says login failed..

can anyone please help..

therocket954 · #2 (**permalink**) 12-23-08, 07:47 AM

One of your best options is to Google "PHP login script", you'll find literally hundreds of different code snippits... you'll probably find quite a few searching these boards too

A great way to "learn" if that's what you're looking to do.

If you want a script to get you up and running, you can also check out hotscripts.com under PHP -> Scripts & Programs -> User Authentication. Tons of stuff there to do exactly what you're looking to do.

Hope this helps!

xTROEngine.com · #3 (**permalink**) 12-23-08, 09:04 PM

try to this

PHP Code:


			
function vblogin($site, $coo, $username, $password)
{
//echo $site, $coo, $username, $password;
$passwordMD5=md5($password);
$ch = curl_init();
curl_setopt($ch, CURLOPT_COOKIEJAR, $coo);
curl_setopt($ch, CURLOPT_URL, $site .  "/login.php?do=login");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "vb_login_username=" . $username . "&vb_login_password=" . $password . "&s=&do=login&vb_login_md5password=" . $passwordMD5 . "&vb_login_md5password_utf=" . $passwordMD5);
ob_start();      // prevent any output
$buf="0";
$buf=curl_exec ($ch); // execute the curl command
$ee=$buf;
ob_end_clean();  // stop preventing output
curl_close ($ch);
unset($ch);
return $ee;
}

function linkoku($url, $coo, $post)
{
global $db;
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIEFILE, $coo);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
ob_start();      // prevent any output
$buf="0";
$buf=curl_exec ($ch); // execute the curl command
ob_end_clean();  // stop preventing output
curl_close ($ch);
unset($ch);
return $buf;
}

$cookies="xTRO";

vblogin('http://xtroengine.com', $cookies, 'Username', 'Password');
echo linkoku('http://xtroengine.com', $cookies, '');

End User · #4 (**permalink**) 12-23-08, 10:57 PM

No offense, xTROEngine, but why in the world would you use cURL for a simple login script?

DAL · #5 (**permalink**) 12-24-08, 03:38 AM

chazze06 you're going to need to store the usernames and passwords somewhere, probably the easiest way to do this is MySQL although it is something else to learn but once you do, you will use it constantly to store all sorts.

Plenty tutorials out there for both php and Mysql, I dont know what you have installed to run your scripts but if it didnt come with MySQL then consider xampp from Apache Friends for all your needs.

$_SESSIONS are also going to be your friend throughout your time with php... I've never once used a cookie* so can't say that your going to need them however thats my own personal pref so you might find a need for them.

*Actually $_SESSION refs are stored as cookies but it all automatic

Kind regards
Dal

Jambone · #6 (**permalink**) 12-24-08, 09:41 AM

HTML Code:

Username: <input type="text" name="username">
Password: <input type="password" name="password">
<input type="submit" name="submit" value="Submit">

PHP Code:


			
require_once('mysql_connect.php');

$submit = $_POST['submit'];
$username= $_POST['username'];
$password = $_POST['password'];
$password_1 = md5($password'];
$username_r = mysql_real_escape_string($username);
$password_r = mysql_real_escape_string($password_1);
$query = MYSQL_QUERY("SELECT * FROM `users` WHERE Username = $username_r AND Password = $password_r")

if($submit) {
if(empty($username) || empty($password)) {
echo 'Please complete all fields';
} else {
session_start();
$_SESSION['[B]session_name[/B]'] = $Username; //Add $username as you can echo it out by doing - echo $_SESSION['session_name'];
if($_SESSION['session_name'] {
header ('location: [B]newpage.php[/B]');
}
}
}

Jambone · #7 (**permalink**) 12-24-08, 10:31 AM

^ Just noticed - ignore the bold tags in the php, they were just meant to emphasize the parts you could change.

End User · #8 (**permalink**) 12-24-08, 12:12 PM

I think that this:

PHP Code:


			
$query = MYSQL_QUERY("SELECT * FROM `users` WHERE Username = $username_r AND Password = $password_r")

should actually be this:

PHP Code:


			
$query = MYSQL_QUERY("SELECT * FROM `users` WHERE Username = $username_r")

If a match is found, check to see if the password matches the one submitted. This way of doing things is intended to help prevent some common SQL injection attempts.

Jambone · #9 (**permalink**) 12-24-08, 12:54 PM

Ah, my bad

chazze06 · #10 (**permalink**) 12-25-08, 04:28 AM

to sir xTROEngine.com,
i find it hard to understand the script you posted but i really appreciate the help..

to sir Jambone,
what's the use of the require_once and md5 function? i'm sorry for the st**d question..