how to create login file...

[cathyf]

How to create login file in this free web hosting site?

[netcalle64]

How to create login file in this free web hosting site?

If you mean that some of your pages ask user login, check from google javascript password,
php password .htaccess password. As you see there is many ways to do it,
you can do it also using mysql .Create users field in your database, fname, pwd, MD5, SHA, connect to database and read data from there using php. Compare if they are same as written in your inputbox and give url to go
<form id="form1" name="form1" method="GET" action="../pages/check.php">
Nimi : <input name="name" type="text" id="name" />
<br />
Tunnus : <input name="md5" type="password" id="md5" /><br>
<input type="submit" name="Submit" value="Check" /><input type="reset" value="RESET" />

</form>



include("connection.php");
$target_fname = $_GET['name'];
$target_md = $_GET['md5'];
$seekname="SELECT * FROM `user` WHERE `user_id` = '1' LIMIT 0 , 6";
$str1 = $target_fname;
$str2 = $target_md;

$seekresutl = mysql_query($seekname);

while($uusi_taulu = mysql_fetch_array($tulos))
{
$target_k_id = $new_table['k_id'];// read all data from table
$target_MD5 = $new_table['MD5'];
if(($target_fname==$str1)&&($target_MD5==$str2))

{

print"<td width='100'>$target_fname</td><td>correct!</td>;
print "<form action='targetindexpage.php/?d=0' method='post'><input type='submit' value='Jatka ilmoitus lomakkeelle' /></td></tr></form>";

}
else
print"<td width='100' valign='mid'></td><td>PWD IS WRONG</td><td>GO to </td></tr>";
}
this doesn't work directly but gives good idea how to
;) EsaS

[misson]

@netcalle64: note that you can delineate code with [CODE], [HTML] or [PHP] tags, as appropriate.

this doesn't work directly but gives good idea how to

That code gives a bad idea how to.

• The database should handle data operations (such as selecting data with given properties from a dataset) and programs the rest. As it is, the code wastes resources by fetching too many rows and columns from the database. A simple WHERE clause would improve it dramatically.
• There are also security problems. MD5 is broken, and some of the passwords can be cracked with rainbow tables.
• Nondescriptive variable names make the code less readable.
• Then there are the more advanced issues, such as the coupling between authentication and display.

[uplinked]

I can share some code I have available... It is made of three parts:
1. login form
2. verification form for login
3. verification on the page you view after login.

You can get an idea and than adapt it to your needs...

Any improvement ideas are welcome!



--------------------Login HTML FORM--------------------------

HTML Code:

 <form method="post" action="verifylogin.php">
<table width="300" border="0" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="100"><p id="blue">User Name: </p></td>
<td><input name="txtUser" type="text" id="txtUser"></td>
</tr>
<tr>
<td width="100"><p id="blue">Password: </p></td>
<td><input name="txtPass" type="password" id="txtPass"></td>
</tr>
<tr>
<td width="100"> </td>
<td><input type="submit" method = "post" name="btnLogin" value="Login"><br></td>
</tr>
<tr><td>&nbsp;</td></tr>
</table>
</form>

------------file verifylogin.php-------

PHP Code:

<?php
// username and password sent from form
$user=$_POST['txtUser'];
//$pass=sha1($_POST['txtPass']);

// To protect MySQL injection (more detail about MySQL injection)
$user = stripslashes($txtUser);
$pass = stripslashes($txtPass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);

include 'databaseconfiguration.php';
function db_connectme() {
    global $dbhost;
    global $dbuser;
    global $dbpass;
    global $dbname;

    $connection = mysql_connect($dbhost,$dbuser,$dbpass);
    if (!(mysql_select_db($dbname,$connection))) {
        echo "Could not connect to the database";
    }
    return $connection;
}

db_connectme();

$query1="SELECT pepper_value FROM users_table WHERE user_name = '$user'";
$result1=mysql_query($query1);

while($row = mysql_fetch_array($result1))
{
$pepper_pass = $row['pepper_value'];
}

$pass = sha1($pepper_pass . $_POST['txtPass']);

$query="SELECT user_name, user_pass FROM users_table WHERE user_name = '$user' and user_pass = '$pass'";
$result=mysql_query($query);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $user and $pass, table row must be 1 row

if($count==1){
// Register $user, $pass and redirect to file "logged_in.php"
session_start();
session_register("user");
session_register("pass");
$_SESSION['db_is_logged_in'] = true;
header("location: index.php");
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
mysql_connect("localhost", $user , $pass);
mysql_select_db("databasename");

$query = "SELECT user_name FROM users_table WHERE user_name='$user' AND user_pass='$pass'";
$result = mysql_query($query);

if ($result != ' ')
{
//
}
else {
echo "Wrong Username or Password. Please verify and log in again!";
}
?>

-------------------------------logged_in.php----this is the page you view after successful login

PHP Code:

<?php
if(isset($_SESSION['user']))
{
$user = $_SESSION['user'];

$query1 = "SELECT * FROM users_table WHERE user_name = '$user'";
$result1 = mysql_query($query1) or die(mysql_error());

while($r = mysql_fetch_array($result1)){
$rights = $r[11];
$_REQUEST['defi'] = $r['user_id'];
}

$_SESSION['uid'] = $sid;
}

if (!isset($_SESSION['uid'])|| $_SESSION['db_is_logged_in'] !== true) {
   // not logged in, move to login page
   echo 'you are not logged in';
   exit;
} else
{
echo "Welcome ".$_SESSION['user'];
}

//more code here...
?>

[rajat44]

try this: http://phpeasystep.com/phptu/24.html

it includes - login and register..

[mygirlkate150684]

Thanks for the reply...This will help me a lot in doing my project.God Bless!

[misson]

Any improvement ideas are welcome!

The two biggest would be two switch to PDO (so you can use prepared statements) and to separate authorization, user accounts, database access, and all the various concerns.

[uplinked]

As always, thank you! I will check out the documentation...