www.webdeveloper.com
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 36

Thread: Creating a membership login

  1. #16
    Join Date
    Dec 2011
    Posts
    163
    According to his page source...
    Failed to run query: SQLSTATE[42S02]: Base table or view not found: 1146 Table 'elitekenpo12_m.users' doesn't exist
    No.

  2. #17
    Join Date
    Feb 2010
    Posts
    30
    Yes I do. And I have the common file created

  3. #18
    Join Date
    Aug 2012
    Location
    TX
    Posts
    293
    do this. export the database and zip it in a file with your website folder and email it to me and ill set it up for you. nichodiaz@nichodiaz.com

  4. #19
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,498
    Should avoid using $_POST type variables directly, clean first and use a whitelist of accepted inputs that ignores anything other than what is acceptable and use a variable that you know like create a $_POST_CLEAN variable that contains your $_POST data that has been cleaned.

    That is the basics of web server security.
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

  5. #20
    Join Date
    Aug 2012
    Location
    TX
    Posts
    293
    i think focusing on making the login work is more important right now then security... 1 step at a time.

  6. #21
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,498
    Well working from the perspective that you start with security and your assured that any coding will then use the safe variable and not use the POST variable.

    If this script is in the web domain at present then I certainly would advise that the client considers securing the script first.

  7. #22
    Join Date
    Dec 2011
    Posts
    163
    I'm with Nicholas on this one. Yes, security is very important, however, if you don't have a login that works in the first place, how is security gonna help it? First create the code, then worry about improving it.

  8. #23
    Join Date
    Aug 2012
    Location
    TX
    Posts
    293
    yes that was my point exactly. you have to crawl before you walk. Ill have the login done tonight by the way sorry i have been busy as heck since you sent it to me. Im gonna send you the files back tonight.

  9. #24
    Join Date
    Aug 2012
    Location
    TX
    Posts
    293
    I emailed you back the site. Updated a lot of stuff for you. Log in works fine and directs you to the page private.php once you are logged in.

    There is a lot of work that needs to be done to this site for it to be up to par but its a good start for you and a good project for you to learn on.

    This goes for everyone on this thread whos been helping... When you get this file and you create the database elite_kenpo make sure you import the file members to it and then open the connect.php file and change the host username and password to correspond correctly with your environment.

    I want everyone to be aware of that in case he has any problems making it work once he has it back on his machine. That is the only configuring you have to do to make it work. Aside from building on to what you have.

    I agree security is a issue and there are a lot of things your going to need to add to make this more user friendly. using php will allow you to do these things very easily. things like making a login logout link change dynamically if there is a session. or allowing people to edit their account information. the way it is set up now is going to cause you a lot of pain in the long wrong and make you write a lot more code than is necessary.

    Feel free to ask any more questions you may have and I hope I was able to help. read over the code I added and google search things if you dont understand what they do.

  10. #25
    Join Date
    Dec 2011
    Posts
    163
    Is it possible you can post some of the code on this thread so maybe those whom were watching this thread for an answer will actually get one

  11. #26
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,498
    @Dragonfire, basics here on security, youre login does not have to work to break the script with a hack. Then when broken the server can be compromised by allowing a subversive script to then access and take over the domain.

    Golden rule, clean your inputs in to a clean variable, simple as that.

  12. #27
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,498
    If you have a look around the internet, on the PHP site in particular, you find an example of a class written to deal with $_GET and $_POST variables.
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

  13. #28
    Join Date
    Aug 2012
    Location
    TX
    Posts
    293
    here is the code for simple login that on submit directs you to a page that is only accessible by logging in. It is not secure at all but It is a great foundation for someone who does not know how to build a login.

    pg1. login.php which is the holder of the html form
    Code:
    <?php $page = 'login'; ?> 
    <!DOCTYPE HTML>
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    <title>Elite Kenpo - Log In</title>
    <link rel="stylesheet" href="css/layout.css" type="text/css" media="all">
    </head>
    
    <body>
    
    
    
    <div class="container">
    <div class="center">
    <h1>Login</h1>
    <form action="authenticate.php" method="POST">
        <h3>Username:<br />
        <input type="text" name="username" value="<?php echo $submitted_username; ?>" />
        </h3>
        <h3>Password:<br />
        <input type="password" name="password" value="" />
        </h3>
        <input type="submit" value="Login" />
    </form>
    </div>
    </div>
        <div class="navigate">
       <?php include 'nav.php' ?>
        </div>
    </body>
    </html>
    pg2. authenticate.php which is the action of the form on submit
    Code:
     <?php session_start(); error_reporting(0);
    $username = ($_POST['username']); 
    $password = ($_POST['password']); 
    
    if ($username&&$password)
    {
    include ("connect.php") ;
    
    $query = mysql_query("SELECT * FROM members WHERE username='$username'");
    
    $numrows = mysql_num_rows($query);
    
    if($numrows !=0)
    
    	{
    	while ($row = mysql_fetch_assoc($query))
    	{
    	$dbusername = $row['username'];
    	$dbpassword = $row['password'];	
    	}
    	if ($username==$dbusername&&$password==$dbpassword)
    	{
    		header("Location:private.php");
    		$_SESSION['username']=$dbusername;
    	
    	}
    	else
    		echo "Login Failed Please try again";
    		
    		}
    		else
    		die ("Login Failed Please try again");
    	}
    	else
    		die ("Please Enter A Usename And Password");	
    
    ?>

    pg.3 private.php which the page that you are directed to when you login.
    Code:
      <?php session_start() ?>
    <?php $page = 'private'; ?> 
    <!DOCTYPE HTML>
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    <title>Elite Kenpo - Log In</title>
    <link rel="stylesheet" href="css/layout.css" type="text/css" media="all">
    </head>
    
    <body>
    
    <div class="container">
    
    Hello <?php echo htmlentities($_SESSION['user']['username'], ENT_QUOTES, 'UTF-8'); ?>, secret content!<br />
    <a href="edit_account.php">Edit Account</a><br />
    <a href="logout.php">Logout</a>
    </div>
        <div class="navigate">
       <?php include 'nav.php' ?>
        </div>
    </body>
    </html>
    pg.4 connect.php this page handles connecting to the data base. this pg needs to be edited to work in your environment depending on your database settings.

    Code:
     <?php
    
      $connection = mysql_connect("localhost","root","") or die ("Could not connect to database."); 
        mysql_select_db("elite_kenpo") or die ("Could not find database."); 
    
    ?>
    to create a table in a database for this basic login to work you need to

    1. make a database.
    2. make a table called members.
    3. on tables it gets 3 rows id, username, and password.

    id needs to be set to int auto increment

    username set to varchar and 30 characters

    password var char 30 characters


    Please remember this would not be professional but for learning purposes its a good place to start.

    I think the most confusing part about learning php is there is a lot of ways to accomplish one task and
    finding information that makes sense and goes together is hard on the internet.

  14. #29
    Join Date
    Aug 2012
    Location
    TX
    Posts
    293
    hey and physicaldevice0 we agree with u on what ur saying. but all I am saying is if u dont understand the core fundamentals of php to make a login how can u expect someone to make a secure login?

    I think looking at the basics and adding on to it is better.

    Im learning java right now i built a game in 2d with slick... dont you think jumping straight to a 3d game would be a little much for a first time around?

  15. #30
    Join Date
    Mar 2007
    Location
    localhost
    Posts
    2,498
    Yes, I know I'm about as subtle as being hit by a bus..(\\.\ Aug08)
    Yep... I say it like I see it, even if it is like a baseball bat in the nutz... (\\.\ Aug08)
    I want to leave this world the same way I came into it, Screaming, Incontinent & No memory!
    I laughed that hard I burst my colostomy bag... (\\.\ May03)
    Life for some is like a car accident... Mine is like a motorway pile up...

    Problems with Vista? :: Getting Cryptic wid it. :: The 'C' word! :: Whois?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles