| | a friend of mine is quite good at php and told me not to use sessions and to use setcookie im not sure how to use setcookie to make a user authentication system and was wondering if anyone here know a tutorial on how to do it |
Jul 26, 2008
|
Jul 26, 2008
|
|
I wrote a tutorial about it (to give the tutorial some more perspective I wrote the full authentication system), It's pending right now, so you'll have to wait until some mod validates it
 I'll post the link once its validated. QUOTE(Raptrex @ Jun 10 2005, 11:58 PM) a friend of mine is quite good at php and told me not to use sessions and to use setcookie  Sessions are more secure than cookies.. Cookies get passed back and forth from the client to the server, and can easily be caught as it goes along the network. Anything that is considered 'sensitive' material/data would need to be encrypted before being stored in a cookie. If shared hosts (like Trap17) concern you and/or you want to avoid possible Session Hijacking techniques, then a better way to protect your sessions is to setup a Custom Session Handler using a DB and store all session data in the DB. Then, with every user privelage escalation (like a Login) you simply regenerate the users Session ID to prevent it from being Hijacked. Also, storing Sessions in a cookie presents other problems as well. Some people disable cookies, forcing get/post alternatives (ever see a long encrypted SessionID in your URL bar?), which could limit the user from seeing your site altogether. Also, many browsers limit the size of the cookies they accept, and to be on the safe side, you should not exceed 4kb (4096 bytes) in a single cookie, otherwise some browsers may truncate the cookie data. Overall, I would recommend utilizing both methods to maximize your security, and you can read up on both of these methods and more at PHP Security Consortium. @Hmmz: Is it the one entitled "Incredible Secure Authentication"? I would like to see what types of security measures you have considered in your tutorial. I am writing a tutorial myself on Secure Authentication and is quite large to say the least. I am curious to see if our systems are very similar or very distinct! If it is too similar, I guess you beat me to posting then, 'cause I wouldn't want to post anything like a copy-cat tutorial! I look forward to reading it! 
well with cookies, the site remembers you, but with session, it only remembers you until you close your browser or something like that
anyway i found a pretty decent tutorial and was wondering how i can make a "logout" script and a "whos online" script http://www.xentrik.net/php/signup/complete.php the scripts works see it here nothing fancy just added if your logged in it would show you oh and also say your not logged in, i want it to show the login form but i dont know how to use the if then statement that much thx
there will be more lots of things you would need to learn..that' s true.i can't know so many code of php i just install lots of php programme then they all use cookies,but not dangerous
ok i found a little script
CODE <?php // grab current time $time=time(); // handle the logout event if ($logout == true) { setcookie ("user", md5($_POST[user]), $time-3200); setcookie ("pass", md5($_POST[pass]), $time-3200); echo "<a href=http://www.pro.trap17.com/>Logged Out!</a>"; } // handle validation event if ($_POST[user] && $_POST[pass]) { mysql_connect(localhost, raptrex_forum, forum) or die(mysql_error()); // Connection mysql_select_db(raptrex_member) or die(mysql_error()); // Selection of database $user_data = mysql_fetch_array(mysql_query("select id, username, password from users where username='$_POST[user]' and password='$_POST[pass]'")); if ($user_data[id] > 0) { setcookie ("user", md5($user_data[username]), $time+3200); setcookie ("pass", md5($user_data[password]), $time+3200); echo "<a href=http://www.pro.trap17.com>Logged In!</a>"; } else { $login_error= true; } } // handle login event, both successful and erroneous, or show login screen if ($login_error == true) { ?> <table align=center style="font-family:arial; font-size:12; border:1 solid #000000;"> <tr><td align=center bgcolor=#123dd4>LOGIN ERROR</td></tr> <tr><td align=center><b>Invalid Username and/or Password</b><br><br><a href=login.php>Back</a></td></tr> </table> <? } elseif ($_COOKIE[user] == md5($username) && $_COOKIE[pass] == md5($password)) { ?> <table align=center style="font-family:arial; font-size:12; border:1 solid #000000;"> <tr><td align=center bgcolor=#123dd4>SECURE AREA</td></tr> <tr><td align=right><a href=login.php?logout=true>Logout</a></td></tr> <tr><td>You have successfully logged in.<br><br> Encrypted Username: <b><?= $_COOKIE[user] ?></b><br> Encrypted Password: <b><?= $_COOKIE[pass] ?></b><br> </td></tr> </table> <? } else { ?> <form action=login.php method=post> <table align=center style="font-family:arial; font-size:12; border:1 solid #000000;"> <tr><td colspan=2 align=center bgcolor=#123dd4>LOGIN</td></tr> <tr><td align=right>Username: </td><td><input type=text name=user size=15></td></tr> <tr><td align=right>Password: </td><td><input type=password name=pass size=15></td></tr> <tr><td align=center colspan=2><input type=submit value=Login></td></tr> </table> </form> <? } ?> im going to include this onto my site say if im not logged in, it shows the login area but if im logged in, it says im logged in as whoever im logged in as how do i do this?
Man, I made a script an post here a looooooooooong time ago. I think the Title was: Login Sistem and Subtitle: With PHP + MySQL. It was a really long time ago. Try to use the search engine.The script is complete, with login, signup, administration, profile, bla blah blah blah
It uses cookies and MySQL to save the informations. If I find the link, I'll post here.
http://www.joe2torials.com/php/php_cookies_remember_me.php
i found that script that uses sessions and cookies and was wondering if i was logged in it would say "Logged in as Raptrex" and if i wasnt it would show the login form ive tried and it hasnt worked QUOTE I wrote a tutorial about it (to give the tutorial some more perspective I wrote the full authentication system), It's pending right now, so you'll have to wait until some mod validates it tongue.gif I'll post the link once its validated. hmmz did your tutorial ever get validated cuz i havent seen it in the tutorial section lately Latest Entries
This look original to me, I've never seen this code, I believe its original and that's the bad point of having too many moderator(no hard fellings!)...
Maybe try explaining to the admins and show them your work, and ask for justice!! 
Well, i didn't save it or anything so ill have to start completely over..here goes the 'short' version
 Step 1: Connect, login and authenticate Of course, before you start authenticating a user you need a login form that ultimately suits the authentication process, and a config file that sets up a connection to your mysql database and the therein situated usertable, those are a basic thing but do the trick and are self-explanatory: config.php CODE <? $server = "host"; $database = "database name"; $db_user = "db username"; $db_pass = "db password"; $table = "usertable"; ?> logform.php CODE <form action="login.php" method="post"> Username: <input type="text" name="username" size="15"> Password: <input type="password" name="password" size="15"> <input type="submit" value="Log In"> </form> Then you need to create the login.php, wich basically is your authentication page, ill explain everything after the code...: login.php CODE <? ob_start(); include("config.php"); // connect to the mysql server $link = mysql_connect($server, $db_user, $db_pass) or die ("Could not connect to server.."); // select the database mysql_select_db($database) or die ("Could not select database"); $match = "select id from $table where username = '".$_POST['username']."' and password = '".$_POST['password']."';"; $qry = mysql_query($match) or die ("Could not match data because ".mysql_error()); $num_rows = mysql_num_rows($qry); if ($num_rows <= 0) { echo "Sorry, there is no username $username with the specified password.<br>"; echo "<a href=log_form.php>Try again</a>"; exit; } else { setcookie("loggedin", "TRUE", time()+(900 * 1)); setcookie("username", "$username"); echo "You are now logged in!<br>"; echo "Continue to the <a href=members.php>Members</a> area."; } ob_end_flush(); ?> allright, ob_flush() is a function used in php to send the output of the content, known as the output buffer, in this script, it basically sends the output of the authentication to the database, following a full check of the send data. then the script includes config.php, wich is the file used to connect to the server,database and ultimately the table. $link is the variable that actually connects to the database using variables assigned in config.php. then you have to select the database where the usertable is situated following the query to 'get' the username and password inserted in the login fields, then it checks if there's a match, if so, it gives the user the link to the members area, if not, it displays a login error. with a successful login it also sets 2 cookies, one for the successful login and 1 for the user itself, within the usercookie, it also sets the variable $username, if you now anywhere wanna display the users username, you don't have to assign a whole new variable, all you need is $username, wich basically displays the username used with the login. Step 1: members area code We've gone through the whole login and authentication process, but we of course need something on each members page that recognizes and validates the user, this small code checks if the cookie is valid and disconnects or connects (continued)the user if valid or invalid: CODE <? if (!isset($_COOKIE['loggedin'])) die("You are disconnected! <a href=\"log_form.php\">Click here</a>"); $username = $HTTP_COOKIE_VARS["username"]; echo "You are connected! « $username »"; ?> Put that small piece of code at the top of every members page to secure your members pages. Thats about it, Hope this helps.. and NO dooga, this is not ripped or anything so don't accuse me again, ive never ripped before and i like to keep it that way..
Recent Queries:-
Keywords : user, login, system, setcookies
Adding User Directory to PHP Upload Form - Help (0) Alright I am trying to have a PHP FTP Upload Form that allows the user to create the directory (3) When we login, we got a session. But at the same time when we still login, another one could login (7) how to get the id number of the loged in user? my db is id. username. password. i have tryed a Is it possible? (2) Hello. I´m building my own site and I need some help... Is it possible to use a login sistem in php (6) i am designing a site for my alliance for the game Dark Throne. and i want some content to be (1) Hi all. I am trying to make a list out of 2 list. The first list is a complete list of users id (1) I'm looking for a good php login script. I would like one where it pops up. like http-auth. but Have my phpBB Forum Intergrated with my Website (4) Can someone please give me a code that I can use to put a login box on my website, that will login a Multiple drop down lists to take user to new page (4) Hi everyone I was wondering if anyone could help. I want to create a page with multiple drop down (0) On an intranet I'm running php. apache and mysql. We use Windows logins. I have a form that A login script (9) Okay, I am trying to password one page of my website. I need confirmation if this is a safe code or (1) I have easyphp. But i can not log when i go to phpmyadmin. I directly enter the page. But i think i (3) I know, nol tried to use this script.. and erm.. i think failed.. but i installed it all good, works Sloppy login script, couse i used @ on one string (12) Here's a sloppy 3 files login script. First file is Login file that looks like this login.php Nettek Login Trouble (2) Okay, so I installed Nettek and got everything set up. But every time I try and login, it says $ban = ($data->login) ? $lban : $iban; (4) I'm correcting a 'few' php-files for a friend, but I got this line of code: CODE (3) I make a signup page. I want that when someone signups and login for first time..then he is directed The code works okay...just not the authorization part (4) I have developed a piece of code /smile.gif" style="vertical-align:middle" emoid=":)" border="0" (13) I am trying to make a login system that looks and works like .htaccess using sessions, with a PHP (11) I am using the following code as a login page. I try to start by checking if a session already Without Cookies (5) Hi, I have a login script i made using PHP sessions and MySQL. It works fine but there is a (1) If you'are lazy people like me. This script may help u. This script is to automated our login to how can I track on or offline users? (4) long explaination: hey, I'm building a user profile site right now. And, I kinda know how to (2) many of u guys would already have noticed that now a days , on most of the websites , when some one To Forums, Chat, and Site (7) Major problem I got here. A site at which I am employed as PHP Coder (privet-drive.com), needs a adding information (4) Is there any way to make such database where I can write like name and passwords.. Then make an please help anyone good in PHP.. (8) On my main site i have this login box: Click here! ... And I want to change the look of it in (1) As anyone who works with user input knows, not everyone who submits information makes it look (10) I'm making a simple login script, but it doesn't seem to work like I want. The error Looking for user, login, system, setcookies
|
|
 User Login System With Setcookies |
| ADD REPLY / Got an Opinion! | Remove these ADs! | RAPID SEARCH! | Free Web Hosting | [X] |
|
Express your Opinions, Thoughts or Contribute more info. to help others. Ask your Doubts & Queries to get answers, So that "Together We can help others!" |
Register FREE for AD-FREE forum, Create your own topics, Ask Questions, track topics, setup subscriptions & notifications and Get a Free Website w/ Email and FTP. | 500MB Space *No Ads*, CPanel, FTP, PHP, MySQL, EMails - 100% FREE |
|