The easiest way to do this is using PHP. I will describe here all steps creating one. You can copy and paste the code and save it as the name of the file
given above the code. Save everything in the same directory.
NOTE: However the code can be copied its still no basic php anymore. If you have questions you can ask them but a little knowledge of php
is useful.
First of all we need to make a login form. This can be an htmlpage. We are going to ask the user for his username and his password.
File is named: "login.html"
CODE
<html>
<head><title>My website</title></head>
<body>
<form action="login.php" method="post">
<!-- action will be the url where the form is posted to, it can be a page (http://yourdomain/login.php) or a page with variables
(http://yourdomain/?page=login) for examle.
The method is the way the form is submitted. Using GET the form will be submitted using the addressbar and all values will be visible. Since we're sending a
password this is defenetly not what we want. That's why we're going to use POST. Post sends the form in an "invisible" way. This means the input can not be
viewed by the user. This way of sending can still be hacked but in your case it is probably not important enough to do so. -->
<h1>Login</h1>
Username: <input type="textbox" name="username"><br>
Password: <input type="password" name="password"><br>
<input type="submit" value="Login!" name="submit"><br>
No an account yet? <a href="register.html">Register</a>
</form>
</body>
</html>
<head><title>My website</title></head>
<body>
<form action="login.php" method="post">
<!-- action will be the url where the form is posted to, it can be a page (http://yourdomain/login.php) or a page with variables
(http://yourdomain/?page=login) for examle.
The method is the way the form is submitted. Using GET the form will be submitted using the addressbar and all values will be visible. Since we're sending a
password this is defenetly not what we want. That's why we're going to use POST. Post sends the form in an "invisible" way. This means the input can not be
viewed by the user. This way of sending can still be hacked but in your case it is probably not important enough to do so. -->
<h1>Login</h1>
Username: <input type="textbox" name="username"><br>
Password: <input type="password" name="password"><br>
<input type="submit" value="Login!" name="submit"><br>
No an account yet? <a href="register.html">Register</a>
</form>
</body>
</html>
That was pretty easy. Now I'm expecting you have your database set up (I use MySQL with these scripts). If not do this now.
You will need a table named "tblusers" with fields:
* ID, Integer, Null, auto_increment, primary key
* Username, Text
* Password, Text
In the example I will use the following script included in every script so I will have to declare only once my database login settings. Change the settings
below to yours.
Page is named: "DatabaseConfig.php"
CODE
<?php // every var gets a prefix "db_" do declare its about the database connection later
$db_username="username"; //database username
$db_password="password"; //database password
$db_host="localhost"; //host of your database
$db_database="dbmylogin"; //database name
$db_table="tblusers"; // tablename
$db_conn = mysql_connect($db_host,$db_username,$db_password) or die (mysql_error());
$db_conn = @mysql_select_db($db_database,$db_conn) or die (mysql_error()); // using the "@" gives a secure connection
?>
$db_username="username"; //database username
$db_password="password"; //database password
$db_host="localhost"; //host of your database
$db_database="dbmylogin"; //database name
$db_table="tblusers"; // tablename
$db_conn = mysql_connect($db_host,$db_username,$db_password) or die (mysql_error());
$db_conn = @mysql_select_db($db_database,$db_conn) or die (mysql_error()); // using the "@" gives a secure connection
?>
Thats it for the database. You see this makes things a lot easier.
People want to register on your site before they can login. Here's the registration form:
Page is named: "register.html"
CODE
<html>
<head><title>My website - Registration</title></head>
<body>
<form action="registration.php" method="post">
<h1>Registration</h1>
Desired username: <input type="textbox" name="username"><br>
Desired password: <input type="password" name="password"><br>
<input type="submit" value="Register!" name="submit">
<input type="button" value="Login" onClick="javascript:window.location='login.html'">
</form>
</body>
</html>
<head><title>My website - Registration</title></head>
<body>
<form action="registration.php" method="post">
<h1>Registration</h1>
Desired username: <input type="textbox" name="username"><br>
Desired password: <input type="password" name="password"><br>
<input type="submit" value="Register!" name="submit">
<input type="button" value="Login" onClick="javascript:window.location='login.html'">
</form>
</body>
</html>
That's the registration form.
Now we have the registration script wich is going to validate username if it exists and if not, register it.
Page is named: "registration.php"
CODE
<?php
session_start();
if (!isset($_POST["submit"])) // checks wheter the page is called using the registration form
{
// it is not called using the registration form
header("Location:register.html"); // the script sends the user to the registration page
} else {
// it is called using the registration form
if ($_POST["username"] == NULL || $_POST["password"] == NULL) // check wheter both username and password are filled
{
// one of the two is not filled
echo "<font color=\"red\">Not all fields were filled. Please go <a href=\"javascript:history.back(1)\">back</a> and fill them</font>";
} else {
// they are both filled, check wheter the username exists in the database
// remember we made "DatabaseConfig.php"? Here it will be included so connection is made with the database.
include("DatabaseConfig.php"); // now its simple, otherwise we had to make connection everytime with much more code.
$usernameexists = mysql_query("SELECT ID FROM tblusers WHERE username='".$_POST["username"]."'") or die (mysql_error());
if (mysql_num_rows($usernameexists) != 0)
{
// user exists
echo "<font color=\"red\">User exists. Please go <a href=\"javascript:history.back(1)\">back</a> and chose another username.</font>";
} else {
// user doesn't exists
$add_user = mysql_query("INSERT INTO tblusers (username,password) VALUES ('".$_POST["username"]."','".$_POST["password"]."')");
if ($add_user)
{
// user is succesfully added
echo "<font color=\"red\">You are succesfully registered. You can now <a
href=\"login.html\">login</a></font>";
} else {
// error occurd
echo "<font color=\"red\">An error occurd. Please go <a href=\"javascript:history.back(1)\">back</a> and try again.</font>";
}
}
// don't forget to close the database connection when you don't need it anymore
mysql_close();
}
}
?>
session_start();
if (!isset($_POST["submit"])) // checks wheter the page is called using the registration form
{
// it is not called using the registration form
header("Location:register.html"); // the script sends the user to the registration page
} else {
// it is called using the registration form
if ($_POST["username"] == NULL || $_POST["password"] == NULL) // check wheter both username and password are filled
{
// one of the two is not filled
echo "<font color=\"red\">Not all fields were filled. Please go <a href=\"javascript:history.back(1)\">back</a> and fill them</font>";
} else {
// they are both filled, check wheter the username exists in the database
// remember we made "DatabaseConfig.php"? Here it will be included so connection is made with the database.
include("DatabaseConfig.php"); // now its simple, otherwise we had to make connection everytime with much more code.
$usernameexists = mysql_query("SELECT ID FROM tblusers WHERE username='".$_POST["username"]."'") or die (mysql_error());
if (mysql_num_rows($usernameexists) != 0)
{
// user exists
echo "<font color=\"red\">User exists. Please go <a href=\"javascript:history.back(1)\">back</a> and chose another username.</font>";
} else {
// user doesn't exists
$add_user = mysql_query("INSERT INTO tblusers (username,password) VALUES ('".$_POST["username"]."','".$_POST["password"]."')");
if ($add_user)
{
// user is succesfully added
echo "<font color=\"red\">You are succesfully registered. You can now <a
href=\"login.html\">login</a></font>";
} else {
// error occurd
echo "<font color=\"red\">An error occurd. Please go <a href=\"javascript:history.back(1)\">back</a> and try again.</font>";
}
}
// don't forget to close the database connection when you don't need it anymore
mysql_close();
}
}
?>
End of registrationscript
Loginscript
Page is named: "login.php"
CODE
<?php
session_start();
if (!isset($_POST["submit"])) // checks wheter the page is called using the login form
{
// it is not called using the registration form
header("Location:login.html"); // the script sends the user to the registration page
} else {
// login form is used, continue with login
if ($_POST["username"] == NULL || $_POST["password"] == NULL) // check wheter both username and password are filled
{
// one of the two is not filled
echo "<font color=\"red\">Not all fields were filled. Please go <a href=\"login.html\">back</a> and fill them</font>";
} else {
// they are both filled, check wheter the username and password exists in the database, password must be for the same user
// remember we made "DatabaseConfig.php"? Here it will be included so connection is made with the database.
include("DatabaseConfig.php"); // now its simple, otherwise we had to make connection everytime with much more code.
$usernameexists = mysql_query("SELECT ID FROM tblusers WHERE username='".$_POST["username"]."' && password='".$_POST["password"]."'") or die
(mysql_error());
if (mysql_num_rows($usernameexists) != 0)
{
// user exists
$_SESSION["mywebsite_userid"] = mysql_result($usernameexists,'',"ID");
?>
<font color="red">You are successfully logged in.</font><br>
Go to the secret page: <a href="secret.php">Secret page</a>
<?php
} else {
// user doesn't exists
echo "<font color=\"red\">Wrong combination username/password. <a href=\"login.html\">Try login again</a> or <a
href=\"register.html\">register</a></font>";
}
// don't forget to close the database connection when you don't need it anymore
mysql_close();
}
}
?>
session_start();
if (!isset($_POST["submit"])) // checks wheter the page is called using the login form
{
// it is not called using the registration form
header("Location:login.html"); // the script sends the user to the registration page
} else {
// login form is used, continue with login
if ($_POST["username"] == NULL || $_POST["password"] == NULL) // check wheter both username and password are filled
{
// one of the two is not filled
echo "<font color=\"red\">Not all fields were filled. Please go <a href=\"login.html\">back</a> and fill them</font>";
} else {
// they are both filled, check wheter the username and password exists in the database, password must be for the same user
// remember we made "DatabaseConfig.php"? Here it will be included so connection is made with the database.
include("DatabaseConfig.php"); // now its simple, otherwise we had to make connection everytime with much more code.
$usernameexists = mysql_query("SELECT ID FROM tblusers WHERE username='".$_POST["username"]."' && password='".$_POST["password"]."'") or die
(mysql_error());
if (mysql_num_rows($usernameexists) != 0)
{
// user exists
$_SESSION["mywebsite_userid"] = mysql_result($usernameexists,'',"ID");
?>
<font color="red">You are successfully logged in.</font><br>
Go to the secret page: <a href="secret.php">Secret page</a>
<?php
} else {
// user doesn't exists
echo "<font color=\"red\">Wrong combination username/password. <a href=\"login.html\">Try login again</a> or <a
href=\"register.html\">register</a></font>";
}
// don't forget to close the database connection when you don't need it anymore
mysql_close();
}
}
?>
that's the loginscript
Now the last script we need is the one who takes care on the secured pages to see if you are logged in.
And this is the script to check if you're logged in:
It's named "checklogged.php"
CODE
<?php
session_start();
if (!isset($_SESSION["mywebsite_userid"]))
{
// visitor is not logged in
echo "You need to be logged in to see this page. <a href=\"login.html\">Login</a> or <a href=\"register.html\">register an account</a></font>";
die();
}
echo "<a href=\"logout.php\">Logout</a><br>";
?>
session_start();
if (!isset($_SESSION["mywebsite_userid"]))
{
// visitor is not logged in
echo "You need to be logged in to see this page. <a href=\"login.html\">Login</a> or <a href=\"register.html\">register an account</a></font>";
die();
}
echo "<a href=\"logout.php\">Logout</a><br>";
?>
You use following piece of code in every page you want to secure a page. Just set it in the very top of your script. EVERY PAGE YOU WANT TO SECURE MUST BE A
PHP SCRIPT!!!
CODE
<?php
include("checklogged.php");
?>
include("checklogged.php");
?>
And ofcourse we need a logout script:
Page is named: "logout.php"
CODE
<?php
session_destroy();
echo "You are logged out. <a href=\"login.html\">Login</a>."
echo $_SESSION["mywebsite_userid"];
?>
session_destroy();
echo "You are logged out. <a href=\"login.html\">Login</a>."
echo $_SESSION["mywebsite_userid"];
?>
Now that's all. Since I don't know what problems you might have just put them here.
PS: for people who don't know php, you can't test it on you pc unless you have a server running on it. But you can test it on trap17. But nevertheless you will have to create you database. You can do that accessing your control panel and go to "MySQL Databases" and create one there. I'm not used to it on trap17 but I think there are people who will help you with that using this topic.
The structure and the name of the table you find some higher on this page.
Of course then you have to edit the DatabaseConfig.php script with your settings.
PPS: important is that posting this in this topic the structure of the code when you past it isn't correct anymore. If you want to use the script simply download the attachment. It's my working script.
but it looks great. Though I won't use it because I wrote my own forum 
and I do not use ipb nor phpBB 
.
Been looking for this for a while 