youlilsheshe
11-24-2003, 05:44 PM
Hey, How do You make a login script? Im a nooby here and im not used to making this stuff. Can i have some help??? Thanks.:confused:
Click to See Complete Forum and Search --> : Im a nooby, I need lots of help on making a login script
Sux0rZh@jc0rz
11-24-2003, 05:57 PM
ok - here goes: (thanks pyro for your help. I'll try and pass it on=P)
to make a login script you need:
1) The page on which you enter the name and password. this we will call index.php
2) The php code to check if the username and password are correct. this we will call Login.php
3) The php code to put on your pages that you want protected. (a link to the php page below.)
4) The php code to protect your pages, to check to see if the person logged in before going to that page. this we will call protect.php
5) The md5 encoder. go here. (http://www.aspfreeserver.com/xaxei/makepass.html) (you'll need it to encode your passwords.. the ones you put inside your login.php page.)
OK: Here is the index.php page:<html>
<head>
<title>Login</title>
</head>
<body>
<div>
<h2>Members Only</h2>
<form method="post" action="login.php">
<table>
<tr><td><b class=rng>Username:</b></td><td> </td><td><input type="text" name="username"></td></tr>
<tr><td><b class=rng>Password:</b></td><td> </td><td><input type="password" name="password"></td></tr>
<tr><td colspan="3" align="center"><input type="submit" value=" Submit "></td></tr>
</table>
</form>
</div>
</body>
</html>
Here is the login.php page:<?PHP
# Change the below lines to the results that makepass.php gave you
#
$user = 'b29708f00d2396a4c0d0de6cdbc09806';
$pass = '179ad45c6ce2cb97cf1029e212046e81';
#
# Change the above lines to the results that makepass.php gave you
if(md5($_POST['username']) == $user && md5($_POST['password']) == $pass) {
session_start(); #starts the session
$_SESSION['logged'] = true; #creates a session variable($_SESSION) and names the variable verified (['logged'] = true)#
header ("Location:http://www.blah.com"); #reloads the page and sends it to the page specified.#
}
else
{
echo ("Incorrect Password"); #what they see if they don't put in the right password#
}
?>
The code to put at the top of every page you want protected:<? include_once("protect.php"); ?>
The protect.php page:<?PHP
# Protect page from being called directly from web browser, beginning of what they see if they dont login before going to the webpage:
$back = "<form><input type='button' value='< Back' onclick='history.back()'></form>";
$acc_denied = "<h3>Access Denied</h3>".$back; # you could add a link to where users can login here... the end of what they see should they fail to login before going to the page.
session_start(); #start the session that was made earlier when they logged in.
if (!isset($_SESSION["logged"])) { die($acc_denied); } #check if they have logged in. if they have, then it lets them in.
?>
There ya go. open notepad and save all those pages and then upload them to your server.
This code: compliments of pyro... with a tiny bit of tweaking...(sessions instead of cookies.. but he helped me with sessions anyhow so it's his script.)
to make a login script you need:
1) The page on which you enter the name and password. this we will call index.php
2) The php code to check if the username and password are correct. this we will call Login.php
3) The php code to put on your pages that you want protected. (a link to the php page below.)
4) The php code to protect your pages, to check to see if the person logged in before going to that page. this we will call protect.php
5) The md5 encoder. go here. (http://www.aspfreeserver.com/xaxei/makepass.html) (you'll need it to encode your passwords.. the ones you put inside your login.php page.)
OK: Here is the index.php page:<html>
<head>
<title>Login</title>
</head>
<body>
<div>
<h2>Members Only</h2>
<form method="post" action="login.php">
<table>
<tr><td><b class=rng>Username:</b></td><td> </td><td><input type="text" name="username"></td></tr>
<tr><td><b class=rng>Password:</b></td><td> </td><td><input type="password" name="password"></td></tr>
<tr><td colspan="3" align="center"><input type="submit" value=" Submit "></td></tr>
</table>
</form>
</div>
</body>
</html>
Here is the login.php page:<?PHP
# Change the below lines to the results that makepass.php gave you
#
$user = 'b29708f00d2396a4c0d0de6cdbc09806';
$pass = '179ad45c6ce2cb97cf1029e212046e81';
#
# Change the above lines to the results that makepass.php gave you
if(md5($_POST['username']) == $user && md5($_POST['password']) == $pass) {
session_start(); #starts the session
$_SESSION['logged'] = true; #creates a session variable($_SESSION) and names the variable verified (['logged'] = true)#
header ("Location:http://www.blah.com"); #reloads the page and sends it to the page specified.#
}
else
{
echo ("Incorrect Password"); #what they see if they don't put in the right password#
}
?>
The code to put at the top of every page you want protected:<? include_once("protect.php"); ?>
The protect.php page:<?PHP
# Protect page from being called directly from web browser, beginning of what they see if they dont login before going to the webpage:
$back = "<form><input type='button' value='< Back' onclick='history.back()'></form>";
$acc_denied = "<h3>Access Denied</h3>".$back; # you could add a link to where users can login here... the end of what they see should they fail to login before going to the page.
session_start(); #start the session that was made earlier when they logged in.
if (!isset($_SESSION["logged"])) { die($acc_denied); } #check if they have logged in. if they have, then it lets them in.
?>
There ya go. open notepad and save all those pages and then upload them to your server.
This code: compliments of pyro... with a tiny bit of tweaking...(sessions instead of cookies.. but he helped me with sessions anyhow so it's his script.)
youlilsheshe
11-24-2003, 06:01 PM
yeah, but wont everyone be able to see that????? ( i mean the sn and the password if they view the source?
Sux0rZh@jc0rz
11-24-2003, 06:06 PM
no. they won't be able to see the php. it's all serverside.
pyro
11-24-2003, 08:22 PM
Also, even if they could see it (which they can't, as PHP is run server-side, and none of the server-side code is outputted to the browser) the passwords are in one-way hashes (MD5 - 128 bit security). The only way to break it would be brute forcing it, so if you chose a password of any significant length, and not something that will be found in a word list, the odds of them being able to break it even if they could get the code would be highly improbable.
webdeveloper.com
Copyright Internet.com Inc., All Rights Reserved.
Copyright Internet.com Inc., All Rights Reserved.