Help me Making new Sign up Form to my website

[nohsprox40]

Hi all m new here

I have my personal website. And I want to create

User Account Form to give permittion view my inside

content. Can you tell me about the codes for

Registration Form? Sample like hi5.com or yahoo.com

Whatever you think it's better and popular for

Registration Form.

PS: My website is for personal use only, non-

commercial. Just want to let friends create their

account to view my content only.

[infopage]

This is easy to do if you're using WordPress, so are you?

[nohsprox40]

This is easy to do if you're using WordPress, so are you?

no i am not using wordpress theme
so m asking here plz help me :|

[infopage]

Have you tried adding a user(with restrictions of course) through your cpanel provider?

[mpldev]

Hi.

To create user accounts, create first a database to store user data (login, password, and a field corresponding to the user permission to view your personal data which is set to 1 if the user is allowed or 0 if not).

After this, you create a form in which user has to enter his/her login and password.

Then, on the form sending to the database, you check if the field which specify the user permission to view your data is set to 1 or 0. If it is set to 1, you set a session variable to 1 and 0 otherwise.

Then, on the loading of the page, you check this variable and display a page according to it.

I hope this will help you.

Bye.

MPL Developper.

[essellar]

NEVER store passwords. If a website (or site administrator) can tell you what your password is, the site is insecure. All you should be storing in your "users" table is an auto-incremented primary key, the user name and/or user email address, a permissions value, a salted and hashed version of the password and the salt value, or "nonce", which should be different for every user*. Having the user register with an email address guarantees a unique value, and lets you confirm registration using a confirmation link in an email. (It also gives you a way to send a temporary password or "set a new password" link from your "forgot password" script.)

The "nonce" can be any unique value. The timestamp of the account creation is as good as any. You would then concatenate the nonce with the password and hash the value. Don't use MD5; its value space (the number of unique plaintext values that will generate unique hashes) is too small, and the function is too fast. Together, that means a brute-force attack is workable if anyone discovers the values you have stored in the database for even one user. Use at least SHA 256 (some advocate using the horribly inefficient bcrypt because of its inefficiency, but it might run you afoul of the maximum CPU burst usage on a free hosting site), and run the hash function at least a thousand times. (RSA's PBKDF2 will do wonderfully well.)

Code:

/** PBKDF2 Implementation (as described in RFC 2898);
*
*  @param string p password
*  @param string s salt
*  @param int c iteration count (use 1000 or higher)
*  @param int kl derived key length
*  @param string a hash algorithm
*
*  @return string derived key
*/
public function pbkdf2( $p, $s, $c, $kl, $a = 'sha256' ) {

$hl = strlen(hash($a, null, true)); # Hash length
$kb = ceil($kl / $hl);              # Key blocks to compute
$dk = '';                           # Derived key

# Create key
for ( $block = 1; $block <= $kb; $block ++ ) {

    # Initial hash for this block
    $ib = $b = hash_hmac($a, $s . pack('N', $block), $p, true);

    # Perform block iterations
    for ( $i = 1; $i < $c; $i ++ )

	# XOR each iterate
	$ib ^= ($b = hash_hmac($a, $b, $p, true));

    $dk .= $ib; # Append iterated block
}

# Return derived key of correct length
return substr($dk, 0, $kl);
}

Most of the login scripts (and tutorials) I've seen on the web are naive and dangerous. They may be okay for your model airplane club site, but if you really need to make sure that your users are your users, if your site contains any confidential information, or if you need to protect yourself from legal liability for cyberstalking or cyberbullying, then you need something a whole lot better. You can take what the tutorials have to say at face value, but please, please use a salted hash.

*If you are using email confirmations and password resets, you'll want to include a column for the "pending action" flag value as well.

[nohsprox40]

@ essellar

Thank u so much dude
can u share that codes of you r telling ,
with email verification link of the codes
plz give me
i thankful to you
Thanks

[mpldev]

Yes, never store the password but a crypted password using the php function : crypt.

And to decrypt the password, use the same function with a second argument corresponding to the password entered to be connected.

[essellar]

And to decrypt the password, use the same function with a second argument corresponding to the password entered to be connected.

You don't decrypt the password. Ever. And you don't store an encrypted password. Ever.

There should be no way of discovering what the password is apart form brute-force (guessing until you find a password that works). Password checking means taking the password the user tries to log in with, combining it with the same salt value (the nonce for that user), and hashing the result with the same function (and the same number of iterations) you used to create the value you stored in the database. If the new hash value is the same as the stored value, then the password must have been correct. Again, if you can tell the user their password, your site is insecure.

@nohsprox40: You can use any decent login script you can find by Googling (especially if you look at scripts that are open source projects at Sourceforge.net) -- just make sure that you store a nonce and the salted, hashed password instead of storing just a plaintext password or something that's been MD5 hashed. Come on -- at least try some of this yourself. If you run into problems, then ask again.

[nohsprox40]

i am Extremely Sorry For this
m wasting your Time
but i can't find form codes
plz can u give me download link of that
any simple form
plz m waiting