Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8

Thread: Login Script

  1. #1
    New Coder
    Join Date
    Jan 2004
    Location
    The Netherlands
    Posts
    75
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Login Script

    Hello,
    I made a search for a login script and didn't found it.
    Can anyone give me a script that looks in a .DB file if the username and password match, and if they do take you to a secured page, is it possible that you can only enter that page using the login, with cookies/sessions? Is this all possible without MySQL, i think it is, because i can login to my FusionNews and my host doesn't allow MySQL. Please give me a script if it exist, and please also tell me what i should type in the .DB file and in the secured page.
    Cheers MPCODER

  • #2
    Regular Coder
    Join Date
    May 2002
    Location
    Virginia, USA
    Posts
    621
    Thanks
    0
    Thanked 6 Times in 6 Posts
    Unfortunately, there is no simple answer to a question like that. There are tons of scripts out there. Change your searches to something similar to "php user authentication script" or something like that.

    Here are a few different links:
    http://www.phpbuilder.com/lists/php-...01012/0047.php

    http://www.hotscripts.com/PHP/Script...uthentication/

    http://www.codingforums.com/showthre...threadid=31197

  • #3
    New Coder
    Join Date
    Jan 2004
    Location
    The Netherlands
    Posts
    75
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Ok

    Ok now i have this code:
    [EDIT: DON'T MIND! I FIGURED IT OUT MYSELF!]
    Last edited by MPCODER; 01-09-2004 at 07:21 PM.

  • #4
    Regular Coder dniwebdesign's Avatar
    Join Date
    Dec 2003
    Location
    Carrot River, Saskatchewan
    Posts
    846
    Thanks
    15
    Thanked 10 Times in 10 Posts
    Originally posted by Celtboy
    Unfortunately, there is no simple answer to a question like that. There are tons of scripts out there. Change your searches to something similar to "php user authentication script" or something like that.

    Here are a few different links:
    http://www.phpbuilder.com/lists/php-...01012/0047.php

    http://www.hotscripts.com/PHP/Script...uthentication/

    http://www.codingforums.com/showthre...threadid=31197
    Hey cool, my topic and code is referenced by someone... hehehe...
    Dawson Irvine
    CEO - DNI Web Design
    http://www.dniwebdesign.com

  • #5
    Regular Coder
    Join Date
    May 2002
    Location
    Virginia, USA
    Posts
    621
    Thanks
    0
    Thanked 6 Times in 6 Posts
    Originally posted by dniwebdesign
    Hey cool, my topic and code is referenced by someone... hehehe...
    Ya never know when you've said something useful.

  • #6
    New Coder
    Join Date
    Jan 2003
    Location
    Tulsa, OK
    Posts
    69
    Thanks
    0
    Thanked 0 Times in 0 Posts

  • #7
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Originally posted by Celtboy about
    http://www.codingforums.com/showthr...&threadid=31197
    Ya never know when you've said something useful.
    It contains a few serious problems though.
    Its not sql-injection proof because the username and password aren't check against sql-wildcards.
    On top of that, there is no check to verify if there is only one record returned which should be done for obvious reasons --> the usrname should be unique.
    So if i perform an sql-injection attack, the query will be ran, and i will be logged in with the useraccount that is processed first.

    So it wount stand a chance against any serious hacking attempt.

    On top of that, there is no errorhandling, no counter to see how many trials the user allready had (which sets the door wide open for brute force attacks), no minimum lengthcount, the pwd isn't hashed etc .

    My most recent atempt to a secure loginscript contains about 1000 lines of php code and there are still a few extras i'd like to include.

    I would take a look at hotscripts.com where you'll find plenty of tutorials and scripts.

    If you need something without a db, then check out this.
    It will be a lott more secure then the code from the above link since you at least need to know the pasword ...
    http://www.codingforums.com/showthre...ighlight=login

  • #8
    Regular Coder dniwebdesign's Avatar
    Join Date
    Dec 2003
    Location
    Carrot River, Saskatchewan
    Posts
    846
    Thanks
    15
    Thanked 10 Times in 10 Posts
    They are unique. The usernames are my clients account numbers. It's an online client area system. Also they aren't hashed YET, I may implement this in the future but I wanted to make sure I had it working first.
    Dawson Irvine
    CEO - DNI Web Design
    http://www.dniwebdesign.com


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •