1,000 points! Help me get a login system working

[Chris Z]

OK So here's my problem. I'm working on my KleenAS CMS and I can't seem to get the login system to work. I'd like to use cookies or sessions, whichever is easier, but it needs to work with the current PHP version (5.2.0) and I've already got the MySQL table set up for users with password encryption.

So here's what I need:

Login Script: Simple enough for me to configure and understand
Security: Using sessions or cookies, checking entered md5ed password with md5ed password in the DB
Communication: We will communicate through AIM or MSN (preferred)
Other Info: If you'd like to help me with this, I need you to stay through with me for this until the end when it is working and I am acceptant of your work. So once all of this is completed, and I decide that your work is proficient enough for reward, you will then receive your 1,000 points.

Post here if you have any questions.

[swirly]

I've found a script that I am using that I could give you a link to....Bryon showed it to me so i know its good. lol

[Chris Z]

Well i won't give you 1,000 points if you didn't make it yourself, but if you show it to me and I use it, I'll probably at least give you 100

[Brandon]

current PHP version (5.2.0)

IN actuality's terms, the 'current' PHP version is '5.2.1'. '5.2.0' is outdated with over 60 major security flaws fixed from '5.2.0' to '5.2.1', not including the minor ones, which could be in the thousands.

PHP Code:

<?php
/*
 _____   _____   _____   _____    _   _____   _____   _   __   _   _____  
|  _  \ /  ___/ /  ___| |  _  \  | | |  _  \ |_   _| | | |  \ | | /  ___| 
| |_| | | |___  | |     | |_| |  | | | |_| |   | |   | | |   \| | | |     
|  _  { \___  \ | |     |  _  /  | | |  ___/   | |   | | | |\   | | |  _  
| |_| |  ___| | | |___  | | \ \  | | | |       | |   | | | | \  | | |_| | 
|_____/ /_____/ \_____| |_|  \_\ |_| |_|       |_|   |_| |_|  \_| \_____/ 

(c)2007 BScripting Inc. All RIghts Reserved.

No data from this script may be used in other scripts without permisson from the create, Brandon Long

Created by Brandon Long <brandon@blnetworks.net>, President and Lead Developer of BScripting
*/

// Start the session
session_start();

// Include your config file
include '';

if (isset($_POST['submit'])) {

    if ($_POST['username'] != '') {

        if ($_POST['password'] != '') {

            $username = $_POST['username'];
            $password = md5($_POST['password']);

            $getdata = mysql_query("SELECT * from `users` WHERE `username`='$username' LIMIT 0,1");
            $QueryDB3 = mysql_fetch_array($getdata);

                if ($QueryDB3['password'] == $password) {

                    // The user has loggedin:-)

                    $_SESSION['username'] = $username;
                    $_SESSION['password'] = $password;

                    header("Location: "); // Enter red URL here

                }else{ header("Location: login.php?error=1"); } // Wrong Password

        }else{ header("Location: login.php?error=2"); } // Never entered password

    }else{ header("Location: login.php?error=3"); } // Never entered username

}else{  // Never subbmitted the form

// LOGIN SCRIPT HERE.

/*
Please put the login script here. Include the following snipplet at the bottom
*/

/*

if (isset($_GET['error'])) {

    if ($_GET['error'] == 1) { echo '<font color="red">Incorrect Password</font>'; }
    elseif ($_GET['error'] == 2) { echo '<font color="red">Please enter a password</font>'; }
    elseif ($_GET['error'] == 3) { echo '<font color="red">Please enter a username</font>'; }

}

*/


/* FORM VARB's

username 'name' attribute should be 'username'
password 'name' attribute should be 'password'
Login button 'name' attribute should be 'submit'
*/

} // end else


/*
END OF FILE
*/
?>

[dharmil]

um here is the best one i have ever seen that you can download

http://evolt.org/node/60384

[Chris Z]

OK, so if i use the session_start() function, is it gonna give me an error in PHP, cuz every time I use that locally, it gives me this error: "Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0"

[Brandon]

OK, so if i use the session_start() function, is it gonna give me an error in PHP, cuz every time I use that locally, it gives me this error: "Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0"

ok so wait, how many session_starts do you have, it is like your HTML you will have like 70;)

[swirly]

dharmil gave you the one i was gonna give you lol ehh...its pretty good, its what im using now that i got it set up...if you have any problems ill be glad to help.

[Chris Z]

I didn't really like that one cuz it looked too confusing. But I tried Brandon's code and it hasn't worked yet. So I may end up trying this one today, after school.

[Zenax]

well I managed to get the one dharmil mentioned working on my PC. The only thing that don't work is the Password reset thingy because I dont have my comp set as a mail server. but other than that it all works and the code is fully commented to so you can figure anything out!

--
Zenax