| Nov 22, 2009 |
Multiple Login Help Login System I have a website www.Musicseensa.Com and I want to try and make it easier for the user to navigate it. I am really new to mysql and don't really know how to do much on it but I currently have 4 databases set up and would like to make it to where people don't have to log in multiple times. I have wordpress set up with one user name and password and then zencart with another and simplemachinesforum with yet another and want to ...
read more.
Next you'll need a password database, in this database you re-use the user ID and have another collumn containing the password (preferably save using MD5). So you have something like user database: CODE | ID | NAME | MAIL | | 11 | John | john@johnymail.com | | 12 | Frans | Frans@fransmail.com| password database CODE | ID | password | | 11 | 8896e76cb1c472a1847e75cf23324577 | | 12 | e36aea312ecf63d21b5d134b6998d529 | User 11 has password: hallo priteshgupta User 12 has password: dit is een ongeloofelijk lang en belachelijk wachtwoord om te gebruiken There's a lot of info available about creating login systems and the use of md5 in php (altough I do suggest to use javascript to use the md5-hash because this way you don't send any password in the clear). And of course, search the internet  , probably the best way to learn something.
If you like the "learn by example" way, you can also go at phpbb.com and download the phpbb3 environment forum, and have a look at their scripts for user logging.
There's no reason to keep the user and password databases separate. One database should suffice, columns you would need are (feel free to change the names, e.g. password to psd, if you want):
ID: Set this to auto-increment - Int with max length 4 should suffice, it allows for 10000 users, increase the length later if necessary User: A log-in username - Tinytext with max length 16 should be fine. Password: The hash of a password - Tinytext with max length 40. Sid: A session ID relating to a user - e.g. Tinytext with max length 40. Any other data you wish to keep can be stored as well, for example columns: LLI: The last logged in date Name: A user's first name etc. A hash function is a function which takes an input of any length, and returns a fixed-length output. Common hashes include MD5 and SHA1 (the latter is more secure). Hashes are used because they are irreversible (easily verified with the pigeon hole theorem). In a registration page, you should have a series of text boxes for each relevant column (i.e. username and password - plus extras you want like first name). On the page this data is submitted to, what you want to do it: Retrieve the data using $_POST['user'], where 'password' is replaced with whatever you named it in the previous page. You need some basic checks e.g. username is between 4 and 16 characters (long usernames are annoying!), username consists only of alphanumerical characters (or something similar). Calculate the hash of the password - e.g. $hash = sha1($_POST['password']); INSERT INTO the SQL database the relevant data. When you log in, (use a similar form to the registration form except only with username and password boxes), you should SELECT from the table WHERE the username and password (hash) match - if the mysql_num_rows($result) is 1 then success, else fail. You need to set a session ID associated with the account, which will be used to authenticate the user when he visits other pages. An example could be sha1($user+date("FjYg:ia"));. You need to UPDATE the session ID value stored in the database and set the value as a cookie to the client. When the user visits other pages, you should check whether the session ID is associated with any IDs in the database (basically logging in but checking for session ID match). QUOTE There's a lot of info available about creating login systems and the use of md5 in php (altough I do suggest to use javascript to use the md5-hash because this way you don't send any password in the clear). I hope you realise how stupid this is, this less less secure than sending passwords as plaintext. If a hacker is able to sniff the password sent, they can easily log in, yes. If it's a hash instead, they can easily spoof the request (e.g. tamper data, javascript injection, packet editor). However if there is an SQL injection vulnerability, a hacker will immediately be able to access any account, regardless of password strength, if the hash is done locally. If the hash is done on the server, one would need to first crack the hash.
Again, you can always use md5-based logins instead of cookie-based logins. Here is an example.
Notice the way it works, hopefully you already know PHP. It includes an admin center, a login/register system, profiling system, and a session check system. If you are the type of person who learns from examples this is the best file to use. Read all the comments to understand what is going on exactly.
I don't get what you're trying to say - look at /include/session.php for example. Lots of cookies there.
If you aren't going to have cookies, then the only options (which I can think of) are having to log in on every page, having some form of verification data (e.g. a session ID) on each link on each page, or storing the log-in data to be associated with your IP. I don't see how any of these are better than simply storing a cookie. QUOTE(Nabb @ Oct 29 2008, 06:50 AM)  I don't get what you're trying to say - look at /include/session.php for example. Lots of cookies there. If you aren't going to have cookies, then the only options (which I can think of) are having to log in on every page, having some form of verification data (e.g. a session ID) on each link on each page, or storing the log-in data to be associated with your IP. I don't see how any of these are better than simply storing a cookie. I use that, $_SESSION['id'], it works and you don't have to relogin unless you close the window. It works fine and i think its better than creating and using a cookie since some antispyware or some browsers might block cookies from untrusted sites. This is a good login system script of PHP which uses mySQL. It is simple but very effective. Check here yourself: codingtricks.Blogspot.Com/2008/10/php-login-script-using-sessions-secure.html -Khurram QUOTE (priteshgupta @ Oct 28 2008, 08:43 AM) have already made a database in http://www.sitebooth.com now what type of table When I try your URL, I get : QUOTE SITEBOOTH.COM HAS SHUT DOWN
Please use this site for free web hosting: http://www.x10hosting.com/
I do not think making a login system is a good way to start learning PHP - if you are already good at PHP, do carry on.
A simple login system might not pose a problem, but "simple" usually means "not secure". What is more, even the easiest ones need to make use of cookies or sessions, or even both. I have been writing PHP code for over a year now, and I still try to postpone writing login systems as much as I can  It might be a good idea to start with fetching data from the MySQL database, as this is one of the most simple tasks. You can also install different web applications and examine their MySQL structure - reading their PHP code as well is not a good idea, as these applications have very complex coding. Latest Entries
Multiple Login Help
Login System I have a website www.Musicseensa.Com and I want to try and make it easier for the user to navigate it. I am really new to mysql and don't really know how to do much on it but I currently have 4 databases set up and would like to make it to where people don't have to log in multiple times. I have wordpress set up with one user name and password and then zencart with another and simplemachinesforum with yet another and want to consolidate them into one database so that people only have to log in once to use all the services. Any help would be greatly appreciated. -question by Oscar
What do you use to make and edit a mySQL database table?
Login System What do you use to make and edit a mySQL database table? thats all I need to know! -reply by Julian
Similar Topics
Keywords : login, system, make, login, system, mysql, amateur, thing
(3) It is good practice to use multiple tables to sort out big amounts of data. But once you do that it (4) any website provide free host mysql host? i need it because i am using 000webhost.com now but it XD (9) I posted PHP on computer? , but for some reason it doesn't show :/. Anyways I am wondering if (2) Hello .. I would like to ask if i can use use Microsoft excel files in order to make entries to (1) Hi i am new, I have a problem in understanding the query decomposition in D-DB. Can anyone help me (0) HI, I've hit the grain while trying to import file to mysql database - I need to enable file mysql connection error (7) ok so here's my web page... http://lacrossems.t35.org/ it only lags cause its trying to (4) I just got my site hacked!! (don't worry because it is not on astahost) Actually it is a (6) SUN bought the swedish company MYSQL for much money, around 2million each worker got in the company, Come in here if you think MySQL is soo hard! (14) Doesn't anybody think MySQL is so hard to code? I mean think about it, you need loads of Is this easy to make a login/password? (17) I was looking to make a site where people need to create an account, and log in to view the main How do i do this? (5) Hi guys, ive got a registration system that looks something like the one below: Firstname: When trying to install Joomla (16) I don't know if this is the correct forum, but here is my question: I'm trying to test Please Help! (8) I seem to have a problem with accessing my database with proper permissions. I have set the my is Navcat any good? (9) Hello all, i ve recently come across NavCat (GUI tool) for MySQL. I have not bought a copy yet, just (6) Hello to all of you beautifull people out there, I am new to MySQL, i just wanted to know if its a (27) Ok, I'm coding a project which is a leap than what I'd normally do. Before, I've always (19) I am new to MySql and have just created a database after using a script. My problem is not the I'd like to batch them (6) Hi, maybe one of you already came across this, so I ask. I'll continue searching on. I've (7) Hi. i'm interested in alternatives to MySql combined with php. what database else can i use to Help me connect my flash Work with MySql (8) I know Flash and mysql but could not figure out if I could ever connect these? I want to have a (7) Hi..I want to ask if its possible to automatically mirror my mysql databases into another mysql (9) I have a couple of .frm files with no corresponding data or index files. Is it possible to recover (8) My friends have a little forum running here . The problem is that quite often we get the following MySQL server cannot be started (9) I try to upgrade my MySQL server from 4.018 to 4.1.10a. Firstly, I downloaded mysql-4.1.10a (not the I was able to export but where's import? (3) I am having hard times finding that import csv in the mysql phpmyadmin. I once worked on some csv Any solutions ?? (4) Hi, Can anyone provide me with a quick example of fetching a MySQL Datetime Field and converting it how to replicate mysql in realtime (4) i dont know if this might be useful to ppl here, but this is a very good knowledge for serious (3) I'm trying to insert about 500 rows into mysql, but I keep getting errors. If I copy and paste Looking for login, system, make, login, system, mysql, amateur, thing
|
 Login System - I want to make a login system using Mysql. I am amateur in these thing |
Affordable Web Hosting, Low cost Web Hosting - ComputingHost.com
