Learn VBA & Macros in 1 Week!

PHP - Encrypt Password In Login Script

Full Excel VBA Course - Beginner to Expert

Encrypt Password In Login Script	View Content

Hi.

I have made a login script, but I would wan't to encrypt the password.
I followed a tutorial and got this:
login.php
<?php
$password = "secret";

echo $password;
/* displays secret */

$password = sha1($password);

echo $password;
/* displays e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4 */
?>
<form action="validate.php" method="post">
  <label for="username">Username</label>
  <input type="text" name="username" id="username" />
  <br />
  <label for="password">Password</label>
  <input type="password" name="password" id="password" />
  <br />
  <input type="submit" name="submit" value="Submit" />
</form>
<?php
?>

validate.php

<?php
include "setup.php";

/* get the incoming ID and password hash */
$username=$_POST['username'];
$password=$_POST['password'];
$password=md5($password); // Encrypted Password

/* establish a connection with the database */
$server = mysql_connect("$db_host", "$db_username","$db_password");
if (!$server) die(mysql_error());
mysql_select_db("$database");


/* SQL statement to query the database */
$query = "SELECT * FROM users WHERE Username = '$username' AND Password = '$password'";

/* query the database */
$result = mysql_query($query);

/* Allow access if a matching record was found, else deny access. */
if (mysql_fetch_row($result))
  echo "Access Granted: Welcome, $username!";
else
  echo "Access Denied: Invalid Credentials.";

mysql_close($server);
?>

Its the line $password=md5($password); // Encrypted Password
that messes everything up.
If I delete it and login, everything is fine, if I add it it says Code: [Select]
Access Denied: Invalid Credentials
I need help with this one!
And if someone have time, give me some ideas how to make PHP scripts safer!

Regards
Worqy

Full Excel VBA Course - Beginner to Expert

How To Encrypt Password In Php Cli

Similar Tutorials

View Content

Hi, for my php program running in command line (windows cmd), the user must login first, so my ques is how can they enter the password as *****
when they are typing for example?

all help appreciated.

Help - Login Always Says 'incorrect Password'

Similar Tutorials

View Content

I have a register page that MD5 Hash's the users password and a login which also does this. However, no matter what I try it always says incorrect password. Even when I remove the MD5.

Register Code:

Code: [Select]
<?php

error_reporting (E_ALL ^ E_NOTICE);

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Member System - Register</title>
</head>
<body>
<?php

if ( $_POST['registerbtn'] ){
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getretypepass = $_POST['retypepass'];

if ($getuser){
if ($getemail){
if ($getpass){
if ($getretypepass){
if ( $getpass === $getretypepass ){
if ( (strlen($getemail) >= 7) && (strstr($getemail, "@")) && (strstr($getemail, ".")) ){
require("./connect.php");

$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){

$password = md5(md5("kjfiufj".$password."Fj56fj"));
$date = date("F d, Y");
$code = md5(rand());

mysql_query("INSERT INTO users VALUES (
'', '$getuser', '$password', '$getemail', '0', '$code', '$date'
)");

$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 1){

$site = "http://c3221281.web44.net/";
$webmaster = "Simon <admin@simon.com>";
$headers = "From: $webmaster";
$subject = "Activate Your Account";
$message = "Thanks for registering. Click the link below to activate your account.\n";
$message .= "$site/activate.php?user=$getuser&code=$code\n";
$message .= "You must activate your account to login.";

if ( mail($getemail, $subject, $message, $headers) ){
$errormsg = "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b>.";
$getuser = "";
$getemail = "";
}
else
$errormsg = "An error has occueed. Your activation email was not sent.";

}
else
$errormsg = "An error has occured. Your account was not created.";

}
else
$errormsg = "There is already a user with that email.";
}
else
$errormsg = "There is already a user with that username.";

mysql_close();
}
else
$errormsg = "You must enter a valid email address to register.";
}
else
$errormsg = "Your passwords did not match.";
}
else
$errormsg = "You must retype your password to register.";
}
else
$errormsg = "You must enter your password to register.";
}
else
$errrosmg = "You must enter your email to register.";
}
else
$errormsg = "You must enter your username to register.";
}

$form = "<form action='./register.php' method='post'>
<table>
<tr>
<td></td>
<td><font color='red'>$errormsg</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='$getuser' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='$getemail' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='password' name='retypepass' value='' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>";

echo $form;

?>
</body>
</html>

Login Code:

Code: [Select]

<?php
error_reporting (E_ALL ^ E_NOTICE);
session_start();
$userid = $_SESSION['userid'];
$username = $_SESSION['username'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Member System - Login</title>
</head>
<body>
<?php

if ($username && $userid){
echo "You are already logged in as <b>$username</b>. <a href='./member.php'>Click here</a> to go to the member page.";
}
else{
$form = "<form action='./login.php' method='post'>
<table>
<tr>
<td>Username:</td>
<td><input type='text' name='user' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='loginbtn' value='Login' /></td>
</tr>
<tr>
<td><a href='./register.php'>Register</a></td>
<td><a href='./forgotpass.php'>Forgot your password?</a></td>
</tr>
</table>
</form>";

if ($_POST['loginbtn']){
$user = $_POST['user'];
$password = $_POST['password'];

if ($user){
if ($password){
require("connect.php");

$password = md5(md5("kjfiufj".$password."Fj56fj"));

// make sure login info correct
$query = mysql_query("SELECT * FROM users WHERE username='$user'");
$numrows = mysql_num_rows($query);
if ($numrows == 1){
$row = mysql_fetch_assoc($query);
$dbid = $row['id'];
$dbuser = $row['username'];
$dbpass = $row['password'];
$dbactive = $row['active'];

if ($password == $dbpass){
if ($dbactive == 1){
// set session info
$_SESSION['userid'] = $dbid;
$_SESSION['username'] = $dbuser;

echo "You have been logged in as <b>$dbuser</b>. <a href='./member.php'>Click here</a> to go to the member page.";

}
else
echo "You must activate your account to login. $form";
}
else
echo "You did not enter the correct password. $form";
}
else
echo "The username you entered was not found. $form";

mysql_close();
}
else
echo "You must enter your password. $form";
}
else
echo "You must enter your username. $form";
}
else
echo $form;
}
?>
</body>
</html>

Many thanks for your time and help,

Php Login Username And Password With Filters

Similar Tutorials

View Content

Hi all, I have been reading in almost everywhere that we should not use our own custom login and password validations ( like regex etc.) but instead use the filter_var and filter_input built in functions provided by PHP 5 and above. However even after searching for more than an hour for with different search strings, I have not found even a single example that shows how we may validate for a username/login and password in a login form. Can someone be kind enough to provide a strong secure validations for username and login. Additionally I would also like to clarify if the username and login fields in a Login form be manipulated in any manner to pose a security threat? I mean can a hacker craft a username/login or password in such a manner as to pose an injection or any other threat? Thanks all.

Add Php Password Encryption To Login Class

Similar Tutorials

View Content

(Main Objective)
I need this login class to encrypt the password before it sends it to the database for login verification.

(Alternative Solution)
Force a login with just the username and captcha no password..

This is the original working script..

<?
session_start();
include "config.php";
global $c;
include "data.php";
global $config;
require('funciones.php');
if ($_POST['username']) {

session_start();
if($_POST['code']!=$_SESSION['string']){
header("Location: login.php?error=1");
}

//Comprobacion del envio del nombre de usuario y password

$username=uc($_POST['username']);
$password=uc($_POST['password']);

if ($password==NULL) {
header("Location: login.php?error=2");
}else{

$query = mysql_query("SELECT username,password FROM tb_users WHERE username = '$username'") or die(mysql_error());
if(mysql_num_rows($query) == 0)
{
header("Location: login.php?error=3");
} else {
$data = mysql_fetch_array($query);
if($data['password'] != $password) {
header("Location: login.php?error=4");
}else{
$query = mysql_query("SELECT username,password FROM tb_users WHERE username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($query);

$nicke=$row['username'];
$passe=$row['password'];

//90 day  cookie
setcookie("usNick",$nicke,time()+7776000);
setcookie("usPass",$passe,time()+7776000);

$lastlogdate=time();
$lastip = getRealIP();

$querybt = "UPDATE tb_users SET lastlogdate='$lastlogdate', lastiplog='$lastip' WHERE username='$nicke'";
mysql_query($querybt) or die(mysql_error());

header("Location: members.php");
// echo "Has sido logueado correctamente ".$_SESSION['s_username']." y puedes acceder al index.php.";
// echo "<script>location.href='index.php';</script>";
?>

<META HTTP-EQUIV="REFRESH" CONTENT="0;URL=members.php">

<?
}
}
}
}
?>

<div class="heading">Login</div><br />
<?
if($_GET['error'] == 1)
{
print "<b>Error</b> - Wrong Captcha Code<br /><br/>";
}
if($_GET['error'] == 2)
{
print "<b>Error</b> - Please supply a password<br /><br/>";
}
if($_GET['error'] == 3)
{
print "<b>Error</b> - Invalid Username<br><br>";
}
if($_GET['error'] == 4)
{
print "<b>Error</b> - Invalid Password<br /><br />";
}
?>

<form action="login.php" method="post">
    <table>
        <tr>
            <td class="midtext">Username:</td>
            <td>
            <input type="text" name="username" size="25" class="form" autocomplete="off"></td>
        </tr>
        <tr>
            <td class="midtext">Password:</td>
            <td>
            <input type="password" name="password" size="25" class="form" autocomplete="off"></td>
        </tr>
        <tr>
            <td class="midtext" valign="top">Security Code:</td>
            <td class="midtext">
            <img src="image.php" onclick="this.src='image.php?newtime=' + (new Date()).getTime();">(Click
            to reload)<br />
            <input type="text" name="code" size="17" maxlength="17" autocomplete="off" class="form"></td>
        </tr>
        <tr>
            <td></td>
            <td align="right">
            <input type="submit" value="Login" name="loginsubmit" class="form"></td>
        </tr>
    </table>
</form>

Let me know if you need any files...

Better Password Protected Pages / Login Form .. ??

Similar Tutorials

View Content

Hello:

I wanted to see if I can make my password protected pages in my admin area, and the login form "more secure."
I was told I should use MD5 / SALTING / HASHING to do this.

I have tried some online tutorials, but am not understanding it, so I wanted to start from what I have and build upon it>

This is my database table storing the myAdmins data (when I initially insert it into the database):
Code: [Select]
CREATE TABLE `myAdmins` (
`id` int(4) NOT NULL auto_increment,
`myUserName` varchar(65) NOT NULL default '',
`myPassword` varchar(65) NOT NULL default '',
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;

INSERT INTO myAdmins VALUES("1","abc","123");

This is the login form I use:
Code: [Select]
<?php

include('../include/myConn.php');
include('include/myAdminNav.php');

session_start();
session_destroy();

$message="";

$Login=$_POST['Login'];
if($Login){
$myUserName=$_POST['myUserName'];
$myPassword=$_POST['myPassword'];

$result=mysql_query("select * from myAdmins where myUserName='$myUserName' and myPassword='$myPassword'");
if(mysql_num_rows($result)!='0'){
session_register("myUserName");
header("location:a_Home.php");
exit;
}else{
$message="<div class=\"myAdminLoginError\">Incorrect Username or Password</div>";
}

}
?>

<form id="form1" name="form1" method="post" action="<? echo $PHP_SELF; ?>">

<? echo $message; ?>

Username: <input name="myUserName" type="text" id="myUserName" size="40" />
Password: <input name="myPassword" type="password" id="myPassword" size="40" />

<input name="Login" type="submit" id="Login" value="Login" />

</form>

This is the code on top of each page I password protect:
Code: [Select]
<?
session_start();
if(!session_is_registered(myUserName)){
header("location:Login.php");
}
?>

Works well, but can it be "better"??

And, if I am allowing the admin to update his/her username or password, I do it this way:
Code: [Select]
<?php

include('../include/myConn.php');
include('include/myCheckLogin.php');

if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$myUserName = mysql_real_escape_string($_POST['myUserName']);
$myPassword = mysql_real_escape_string($_POST['myPassword']);

$sql = "

UPDATE myAdmins
   SET
      myUserName = '$myUserName',
      myPassword = '$myPassword'
  ";
mysql_query($sql) && mysql_affected_rows()

?>

<?php
}

$query=mysql_query("SELECT * FROM myAdmins") or die("Could not get data from db: ".mysql_error());

while($result=mysql_fetch_array($query))

{
  $myUserName=$result['myUserName'];
  $myPassword=$result['myPassword'];
}

?>

<form method="post" action="<?php echo $PHP_SELF;?>">
<input type="hidden" name="POSTBACK" value="EDIT">

Username: <input type="text" size="60" maxlength="60" name="myUserName" value="<?php echo $myUserName; ?>">
Password: <input type="password" size="60" maxlength="60" name="myPassword" value="<?php echo $myPassword; ?>">

<input type="submit" value="Submit" />

</form>

Should it be "better" .. ??

I don't seem to understand how to "encrypt" all of this to make it "stronger" ..

Ideas? Improvements?

How To Add Sha1 Hash Password To Login Page

Similar Tutorials

View Content

Hi guys I have a script which i've been playing around with thanks to Spiderwell: http://www.phpfreaks.com/forums/index.php?action=profile;u=35078

I have sort of merged it with another 'member managment' script which is working great.

Now i can't seem to correctly create a login page to pass the hashed password using (sha1).

Now all i want to do is verify the username and the (hashed) password according to the database and allow the user in. The script i am using to check login works fine without a hashed password in the database. But ideally i'd like to use a hashed form of password.

Can somebody show me what change i need to make in this script below in order to pass a sha1 hashed password? I'm guessing it's a really small change from the examples i've seen online, but i just cant seem to get mine to work. :|

Your help would be much appreciated.

Login Page PHP:

Code: [Select]
<form name="login" method="post" action="check_login.php3">
<p><strong>Secured Area User Log-in</strong></p>
<p>Username: <input name="bioname" type="text" id="bioname"></p>
<p>Password: <input name="biopass" type="password" id="biopass"></p>
<p> </p>
<p><input type="submit" name="Submit" value="Login"></p>
</form>

Check Login Processor (which is the file i that needs the sha1 added somewhere i think)

Code: [Select]
<?php
require_once('config.php3');

// Connect to the server and select the database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db")or die("Unable to select database");

//
$loginusername = false;
$loginpassword = false;

$err = false; // default error message is empty

// The username and password sent from login.php
//the isset() basically means if its there get it, otherwise dont bother

if (isset($_POST['bioname'])) $loginusername=$_POST['bioname'];
if (isset($_POST['biopass']))$loginpassword=$_POST['biopass'];

// if either isnt filled in, tell the user, a very basic bit of validation

if (!$loginusername || !$loginpassword) $err = "please complete the form";
if (!$err) //if no error continue

{
//The following bit of coding protects from MySQL injection attacks

$loginusername = stripslashes($loginusername);
$loginpassword = stripslashes($loginpassword);
$loginusername = mysql_real_escape_string($loginusername);
$loginpassword = mysql_real_escape_string($loginpassword);

//you could add other things like check for text only blah blah

$sql="SELECT * FROM $tbl WHERE bioname='$loginusername' and biopass='$loginpassword'";

$result=mysql_query($sql);
// Count how many results were pulled from the table
$count=mysql_num_rows($result);

// If the result equals 1, continue
if($count==1)
{
session_start();
$_SESSION['user'] = $loginusername; // store session data
//please see I have used a session variable that is generic not specific, otherwise you will have to make this page different for every user
//that would be a pain in the ass, you don't need to have user1 or user2, its the value stored that relevant, not what the variable name is
header("Location: {$loginusername}/index.php3");

}
else
{
$err = "Wrong Username or Password";
}
}// end login if statement

if ($err) // show error message if there is one
{
echo $err;
echo "<br>Please go back in your browser and try again";
}
?>

The secure page:

Code: [Select]
<?php
session_start();

$mypath = $_SERVER["REQUEST_URI"];
//echo $mypath; // for debugging
//now we have the path lets see if the username is in that path, i.e. test2 is inside /something/test2/index.php
//use the built in strpos() function, which returns position of the last occurance of the string you are looking for inside another string.
//http://php.net/manual/en/function.strrpos.php

if(strpos($mypath,"/".$_SESSION['user']."/"))//on testing it failed initially as username test is found in path /test2/ so i added the slashes to stop that. so /test/ doesnt get found in /test2/
{
echo "congratulations you are the right person in the right place";
}
else
{
session_destroy(); //kill the session, naughty person trying to come here
header("Location: ../login.php3");
die();// stop page executing any further
}

?>

<html>
<body>

</body>
</html>

Thanks and i look forward to your replies.

Login Page Without Sql That Saves Users And Password On File

Similar Tutorials

View Content

Hi! I have read like crazy to find a tutorial on a login page without My_SQL. Anyway I am working on a easy login/logged out page with sessions. Here is the login page with tree users in an array. The things that I need some hints to solve is, when clicking on login the error message don't show. Instead the script goes to the logged in page right away. And when you write the wrong password you get loged in anyway. I am not sure how or if it's possible to write a varible to a file this way. But I tried and recived a parse error with the txt varible. When searching for topics I get more confused with the My_SQL varibles. I am near a breaking point at cracking the first step on PHP, but need some advice.

<?php 
$page_title = 'Logged in'; //Dynamic title 
include('C:/wamp/www/PHP/includes/header.html');
?> 
<?php
session_start();
//A array for the sites users with passwords
$users = array(
                'Dexter'=>'meow1',
                'Garfield'=>'meow2',
		'Miro'=>'meow3'
                );

//A handle to save the varible users to file on a new line from the last entry				
$handle = fopen("newusers.txt, \n\r")
$txt = $users;
fclose($handle);


if(isset($_GET['logout'])) {
    $_SESSION['username'] = '';
    header('Location:  ' . $_SERVER['PHP_SELF']);
}

if(isset($_POST['username'])) {
    if($users[$_POST['username']] == $_POST['password']) { 
        $_SESSION['username'] = $_POST['username'];
    }else {
        echo "Something went wrong, Please try again";
    }
}
?>

<?php 
echo "<h3>Login</h3>";
echo "<br />";
?>
<!--A legend form to login-->
		<fieldset><legend>Fill in your username and password</legend>
        <form name="login" action="777log.php" method="post">
            Username: <br /> 
			<input type="text" name="username" value="" /><br />
            Password: <br /> 
			<input type="password" name="password" value="" /><br />
			<br />
            <input type="submit" name="submit" value="Login" />
	</fieldset>
	</form> 

<?php //Footer include file 
include('C:/wamp/www/PHP/includes/footer.html');
?>

The logged in page

<?php //Header
$page_title = 'Reading a file'; 
include('C:/wamp/www/PHP/includes/header.html');
?> 

<?php 
	session_start();
	//Use an array forthe sites users  
$users = array(
                'Dexter'=>'meow1',
                'Garfield'=>'meow2',
		'Miro'=>'meow3'
                );
//
if(isset($_GET['logout'])) {
    $_SESSION['username'] = '';
	echo "You are now loged out";
	//The user is loged out and returned to the login page
    header('Location:  ' . $_SERVER['PHP_SELF']); 
}

if(isset($_POST['username'])) {
	//Something goes wrong here when login without any boxes filled
    if($users[$_POST['username']] == $_POST['password']) { 
        $_SESSION['username'] = $_POST['username'];
    }else {
        echo "Something went wrong, Please try again";
		$redirect = "Location: 777.php";
    }
}
?>
        <?php if($_SESSION['username']): ?>
            <p><h2>Welcome <?=$_SESSION['username']?></h2></p> 
			<p align="right"><a href="777.php">Logga ut</a></p><?php endif; ?>
			<p>Today Ben&Jerrys Chunky Monkey is my favorite!</p>	

<?php //Footer
include('C:/wamp/www/PHP/includes/footer.html');
?>

Selecting Different Database Based On Username/password Login

Similar Tutorials

View Content

Alright, I've been assigned a project at work. I did not develop the application and the individual who did used CodeIgnited framework and mysql as the db. Here's the problem, I'm not given much OT to do this and in our meeting the best way to proceed was to replicate the database for different parts of the organization. Basically we are a subsidiary and have been using an application that other groups within the organization want to use. Usually I would reconfigure the db schema and add org ids and in the user table add the appropriate organization to go to. However, they are not giving me enough time to do that. So what I'm thinking is to just create a copy of the database we use (just the structure) and create a new database. What I want to know is how to use mysql to check to see if a user exists in one database and if they don't then to go on to the next database. I understand this is a very sloppy way to do it, but it's the way we are moving forward. I found the code to connect to the db in CodeIgnitor... how can I connect to a database, check to see if the user exists, then close that db connection and try the next database?

    /**
     * Select the database
     *
     * @access    private called by the base class
     * @return    resource
     */
    function db_select()
    {
        return @mysql_select_db($this->database, $this->conn_id);
    }

Thanks in advance.

Password Protected Pages / Simple Admin Login With Php

Similar Tutorials

View Content

Hello everyone:

I wanted to see how I can make a simple login page (user name and password) that redirects to a page(s) if the login is correct. Also, I wanted to put protection on the page(s) that will send the user back to the login page if the credentials are nor correct.

I would imagine the username/password would be stored in a database table (Admins), and the correct login info would be stored in a session ..?

I am use to doing this with ASP, but never PHP. I want to make sure I understand how to do this properly and securely so I can use this as a model for other systems.

In ASP I would do a protected page like this:
a_login_check.asp
Code: [Select]
<%
if session("admin_user_name") = "" then
session.abandon
response.redirect "login.asp"
end if
%>

Protected-Page.asp
Code: [Select]

<html>
...
CONTENT

...
</html>

And of course there is the login page itself ...
(I thought it would be nice to add a "Forgot Password" link on the login page, but if that is too complicated I can do that later .. or is it easy ??)

Anyway, can someone point-out to me how to do this.

I would appreciate it!

Encrypted Password Not Recognized By Database During Registered Member Login

Similar Tutorials

View Content

Hello Everyone,

I recent made a simple membership website. Every page I created works exactly how I envisioned it...
All members data from my registration form goes into my database along with their md5 Encrypted passwords with a time-stamp.
Subsequent pages have a start_session included.

I am very please with it except ONE THING. Logging in is now a problem... username is recognized but NOT the password.

Now the strange thing is that when I go into the database and copy the encrypted password and paste
it into the password field in my login page, I miraculously get into my website with NO problem.

" How do I get the registered members Encrypted Passwords to be recognized by the database when
the registered members decide to logging in with the password that they create? "

Is there a easy fix for this?

I appreciate ALL your help...

thanks
mrjap1

Facebook Login Tutorial For Php Login Script?

Similar Tutorials

View Content

Hello guys,

Is there on web any updated tutorial on how can I add Facebook login on my simple php login script?

My Php Is Not Working When I Enter A Username And A Password But Works When I Send The Login Form Empty. What Am I Doing Wrong?

Similar Tutorials

View Content

I have developed a code for a login and seems to work well (No syntax error according to https://phpcodechecker.com/ but when I enter a username and a password in the login form, I get an error HTTP 500. I think that everything is ok in the code but obviously there is something that I am not thinking about. The code (excluding db connection):

$id="''"; $username = $_POST['username']; $password = md5($_POST['password']); $func = "SELECT contrasena FROM users WHERE username='$username'";

$realpassask = $conn->query($func); $realpassaskres = $realpassask->fetch_assoc(); $realpass= $realpassaskres[contrasena];

$func2 = "SELECT bloqueado FROM users WHERE username='$username'"; $blockedask = $conn->query($func2); $blockedres = $blockedask->fetch_assoc(); $bloqueado = $blockedres[bloqueado];

//Login if(!empty($username)) { // Check the email with database
$userexists = $pdo->prepare("SELECT COUNT(username) FROM users WHERE username= '$username' LIMIT 1"); $userexists->bindParam(':username', $username); $userexists->execute(); // Get the result $userexistsres = $userexists->fetchColumn(); // Check if result is greater than 0 - user exist if( $userexistsres == 1) { if ($bloqueado == NO) { if ($password != $realpass) { die("contrasena incorrecta"); } Else{ $_SESSION['loguin']="OK"; $_SESSION['username']="$username"; header("Location: ./index.php"); } } Else{ die("Tu usuario ha sido bloqueado o todavía no ha sido aceptado por un administrador. } Else{ die("No hay ninguna cuenta con este nombre de usuario"); } } else { echo 'El campo usuario esta vacio'; } ?>

Set Password Script Is Not Working

Similar Tutorials

View Content

here is my change password script (This is being done by the admin)

<?php

error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');

require 'connect.php';

if(isset($_POST['change'])) {

	$newp = trim($_POST['npass']);
	$confp = trim($_POST['cpass']);

	if(empty(trim($newp))) {

		echo "<h3><center>You did not enter a new password!</center></h3>";

		exit();

	} if(empty(trim($confp))) {

		echo "<h3><center>You must confirm the password!</center></h3>";

		exit();

	} if($confp !== $newp) {

		echo "Passwords do not match!, try again.";
	} else {

		$sql = "UPDATE $db_name SET cpass='$password' WHERE id=' ".$row['id']." '";

		echo " ".$row['username']."\s password has been reset! ";
	}
}

?>

<html><title>  Change password  </title><head><style>#form {border-radius: 20px;font-family: sans-serif; margin-top: 60px; padding: 30px;background-color: #aaa;margin-left: auto; margin-right: auto; width: 500px; clear: both;} #form input {width: 100%; clear: both;} #form input:hover {border: 1px solid #ff0000;}</style></head>
<body>
<div id="form">
	<form action='' method='POST'>
	<h2><b><center>Change Password</center></b></h2><br>
	<tr>
	<td><b>New password:</b><input type="password" name="npass" placeholder="Enter new password" /></td><br><br>
	<td><b>Confirm password:</b><input type="password" name="cpass" placeholder="Confirm password" /></td><br><br>
	<td><input type="submit" name="change" value="Change!" /></td>
</tr>
</form>
</div><!-- end of form div -->
</body>
</html>

I'm getting

Notice: Undefined variable: row in C:\xampp\htdocs\Login\web_dir\changepassword.php on line 30

Notice: Undefined variable: row in C:\xampp\htdocs\Login\web_dir\changepassword.php on line 32

And it say's

\s password has been reset!

It's saying that the variable row is undefined, it's defined in my edit user / select user page

<?php

error_reporting(E_ALL | E_NOTICE);
ini_set('display_errors', '1');

session_start();

require 'connect.php';

echo "<title>  Edit a user  </title>";

$sql = "SELECT id, username FROM $tbl_name ORDER BY username";
$result = $con->query($sql);
while ($row = $result->fetch_assoc())
{
   	echo "<div id='l'><tr><td>{$row['username']}</td>&nbsp;|
        <td><a href='editUser.php?id={$row['id']}'>Edit User</a>&nbsp;|</td>
        <td><a href='changepassword.php?id={$row['id']}'>Change Password</a>&nbsp;|</td>
        <td><a href='banUser.php?id={$row['id']}'>Ban User</a></td><br><br>
        </tr></div>\n";
}


?>

Also it doesn't actually UPDATE the password.

Lost Password Script

Similar Tutorials

View Content

Okay I am a beginner and haven't coded in months. I am trying to find a tutorial or help figuring out how to build a lost password script for user log-in system I built a while ago.

Can anyone help with either something that works that I can learn from, a tutorial somewhere?

thanks
Tim

Update Password Script

Similar Tutorials

View Content

I have a script to let the user update their password, when I submit it i get a 500 error and I'm not sure.

Here is the code:
If (isset($_POST['update-password'])) {
//This makes sure they did not leave any fields blank
if (!$_POST['oldpw'] || !$_POST['pass'] || !$_POST['pass2'] ) {
$error="<span style=";
$error .="color:red";
$error .=">";
$error .= "You did not complete all of the required fields";
$error .="</span>";
setcookie('Errors', $error, time()+20);
header('Location /useredit.php');
exit;
}

// checks if the password is correct
$pass = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$pass = addslashes($pass);
}
$check = mysql_real_escape_string("SELECT * FROM YBK_Login WHERE pass = '{$pass}'");
mysql_query($check) or die( 'Query string: ' . $check . '<br />Produced an error: ' . mysql_error() . '<br />' );

// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
$error="<span style=";
$error .="color:red";
$error .=">";
$error .= 'Your passwords did not match.';
$error .="</span>";
setcookie('Errors', $error, time()+20);
header('Location: /useredit.php');
exit;
}

// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['pass2'] = addslashes($_POST['pass2']);
}

// now we insert it into the database
mysql_real_escape_string($insert = "UPDATE `YBK_Login` SET `pass` = '{$_POST['pass']}', `HR` = '{$_POST['pass2']}', `comment` = '{$_POST['oldpw']}' WHERE `ID` = {$_COOKIE['UID_WatsonN']}");
mysql_query($insert) or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' );
$error="<span style=";
$error .="color:green";
$error .=">";
$error .= "<p>Thank you, your password has been updated.</p>";
$error .="</span>";
setcookie('Errors', $error, time()+20);
header('Location: /useredit.php');
exit;
}

Reset Password Script Help

Similar Tutorials

View Content

This works up until if (email == email2){
What is wrong? Is it a problem with the queries?

if(isset($_SESSION['rest']) || isset($_SESSION['chef'])){ header('Location:index.php');}

if (isset($_POST['submit'])) {

$errors = array();

// VALIDATION SCRIPT HERE

$newpass = generatepassword();

$link = mysql_connect("****","*****","******") or die ("Could not connect!");
mysql_select_db("****");
$query = "SELECT `username`, `type` FROM `users` WHERE `username`='$username'";
$result = mysql_query($query);
while($row = mysql_fetch_array($result))

{$type = $row['type'];}

$numrows = mysql_num_rows($result);
if ($numrows!=1){

$errors[] = 'Username not Found (Usernames are case sensitive)';}

if($email == '' || $username == ''){

$errors[] = 'Please Fill in all Fields';}

if (empty($errors)){

if ($type = 1){

$res1 = mysql_query("SELECT `username`,`email` FROM `rests` WHERE `username`='$username'");

while($row1 = mysql_fetch_array($res1))

{$email2 = $row1['email'];}
}else{

$res2 = mysql_query("SELECT `username`,`email`

FROM `chefs` WHERE `username`='$username'");

while($row2 = mysql_fetch_array($res2))

{$email2 = $row2['email'];}

if ($email2 == $email)
{

echo $newpass;

mysql_query("UPDATE `users` SET `password` = '$newpass' WHERE `username`='$username'");

//SEND EMAIL

$my_email = 'enquiries@bakerdesigns.co.uk';

$email_from = 'Chef Match';

$email_subject = "Your New Password :: Chef Match";

$message = "Your new password is $newpass<br>You may change this via your control panel later.";

$referer = $_SERVER['HTTP_REFERER'];
    $this_url = "http://".$_SERVER['HTTP_HOST'].$_SERVER["REQUEST_URI"];
    if ($referer != $this_url) {
        echo "You do not have permission to use this script from another URL.";
        exit; }

$from = "From: $email2\r\n";
    mail($email2, $email_subject, $message, $from);

    $thanks = 'An email has been sent to $email2 containing your new password. Please check your junk folder.';

}}
}else{$errors[] = 'Email did not match Username';
$thanks = 'Email could not be sent.';}
}

Php Password Change Script With Validation ??

Similar Tutorials

View Content

Hello ever1 , I ve created a php password change script with validation but its nt working properly can any1 please help me with this as m new with php???? below m pasting the code :

<?php
session_start();
include "connection.php";
//include_once('header1.php');
$msg="";

if($_SERVER['REQUEST_METHOD']=='POST' &&
empty($_POST['username']) ||
empty($_POST['password']) ||
empty($_POST['newpass']) ||
empty($_POST['newpassconfirm'])

)
{
$msg="empty fields";
}

{
$user=$_POST['username'];
$pass=$_POST['password'];
$newpass=$_POST['newpass'];
$confirmpass=$_POST['newpassconfirm'];

$result=mysql_query("SELECT password FROM user WHERE username='$user'");
if(!$result)
{
$msg="The Username You Entered Does not Exist";
}
elseif($pass!= mysql_result($result,0))
{
echo $msg="You Entered An Incorrect Password";
}
if($newpass != $confirmpass)
{ $msg = "Passwords do not match"; }
elseif($newpass=$confirmpass)
$sql=mysql_query("update user set password='$newpass' where username ='$user'");

if($sql)
{
echo "Congrats you have successfully changed your password.";
}
header('refresh:3 databases.php');
}
{
?>

<html>
<body>
<?php echo $msg ; ?>
<form class="changepass" action="changepass.php" method="POST"><P>
<table><tr><td>
Enter ur username :</td> <td> <input type="text" name="username" /></td></tr>
<tr><td>Enter ur existing pass : </td><td><input type="password" name="password" /></td></tr>
<tr><td>Enter ur new pass :</td> <td><input type="password" name="newpass" /></td></tr>
<tr><td>Renter ur new pass :</td> <td><input type="password" name="newpassconfirm" /></td></tr>
<tr><td><input class="cpassbtn" name="Submit" type="image" value="Submit" src="passnrm.png" onmouseover="this.src='passhvr.png'" onmouseout="this.src='passnrm.png'"></td></tr>

</table>

</form>
</body>
</html>

<?php }?>

Lost Username/password Script

Similar Tutorials

View Content

I've never actually done a username password, retrieval script before so need a little help. In the profile form the user is submitting username/password/name/email etc. into a MySQL DB along with a security question and answer. Is it just a matter of creating a form which does a check against the database and sends out an email to the user with their password? The password is hashed with MD5, so how would I send out an un-hashed PW?

thanks!

Trouble With Password Recovery Script

Similar Tutorials

View Content

Hi,

I'm very new to PHP.

I've been working on this code for password recovery for a week and I'm pretty close, but I'm having problems understanding why I keep getting the:

"Can not send password to your email address". I know for certain that it has found the email in the table, but why is it still having problems sending? There are no other error messages thrown.

Code: [Select]
function frm_lostpass()
{
global $skn,$In,$db,$Film,$Url,$Date,$module,$userinfo;
if(isset($_GET['check']) and trim($_GET['check'])=='ok')
{
$email = $In->get('email',0,'');
$sql_check ="SELECT Count(m.Email) AS numrows FROM tbl_member AS m\n"
."WHERE m.Email = '$email'\n";
$numrow=$db->sql_get_first($sql_check);
if($numrow['numrows']!=1)
{
return "<center>Email not found !</center>";
}
else
{

global $skn,$In,$db,$Film,$Url,$Date,$module,$userinfo;

// value sent from form
$email_to=$_POST['email_to'];

// retrieve password from table where e-mail = $email_to
$sql ="SELECT m.Password FROM tbl_member AS m\n"
."WHERE m.Email = '$email'\n";
$result=mysql_query($sql);

// if found this e-mail address, row must be 1 row
// keep value in variable name "$count"
$count=mysql_num_rows($result);

// compare if $count =1 row
if($count==1){

$rows=mysql_fetch_array($result);

// keep password in $your_password
$your_password=$rows['password'];

// ---------------- SEND MAIL FORM ----------------

// send e-mail to ...
$to=$email_to;

// Your subject
$subject="Your password here";

// From
$header="example@example.com";

// Your message
$messages= "Your password for login to our website \r\n";
$messages.="Your password is $your_password \r\n";
$messages.="more message... \r\n";

// send email
$sentmail = mail($to,$subject,$messages,$header);

}

// else if $count not equal 1
else {
return "That email address is not found in our database";
}

// if your email succesfully sent
if($sentmail){
return "&emsp;&emsp;Your Password Has Been Sent To Your Email Address.";
}
else {
return "&emsp;&emsp;Cannot send password to your e-mail address";
}

}
}
else
{
$skn ->set_file( 'lost_pass', 'member/frm_lostpass.html' );
return $skn -> output('lost_pass');
}
}

Forgot Password/username Script

Similar Tutorials

View Content

I'm having a little issue with this script. It's returning:

"Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/zyquo/public_html/makethemoviehappen.com/forgot_password.php on line 89"
(Line 89 is: $num_rows1 = mysql_num_rows($result1)

and

"New password could not be generated. If you continue to have issues, please email general@makethemoviehappen.com for assistance."

I checked the database and the random password generation did run, and it was inserted into the database. So it's just not detecting that it ran, so it's not sending the email. Any ideas on why?

I also checked what is returned in the $result1 variable and it's the number 1.

Code: [Select]
elseif($_GET['forgot']=="password"){

function &generatePassword($length=9, $strength=0) {
$vowels = 'aeiuy';
$consonants = 'bcdfghjkmnpqrstwz';
if ($strength & 1) {
$consonants .= 'BCDFGJLMNPQRSTVXZ';
}
if ($strength & 2) {
$vowels .= "AEIUY";
}
if ($strength & 4) {
$consonants .= '23456789';
}
if ($strength & 8) {
$consonants .= '@#$%';
}

$password = '';
$alt = time() % 2;
for ($i = 0; $i < $length; $i++) {
if ($alt == 1) {
$password .= $consonants[(rand() % strlen($consonants))];
$alt = 0;
} else {
$password .= $vowels[(rand() % strlen($vowels))];
$alt = 1;
}
}
return $password;
}

$new_password =& generatePassword();

$username=$_POST['username'];
$sql="SELECT * FROM $tbl_name WHERE Username='$username' AND Email='$email' AND Amount='$donation_amount'";
$result=mysql_query($sql);
$num_rows = mysql_num_rows($result);

if($num_rows==1){
$sql1="UPDATE $tbl_name SET Password='$new_password' WHERE Username='$username' AND Email='$email' AND Amount='$donation_amount'";
$result1=mysql_query($sql1);
$num_rows1 = mysql_affected_rows($result1);

if($num_rows1==1){
$content.='<p class="center">New password generated. It has been emailed to the email address provided.</p><br />';
$message='Some one (hopefully you) requested a new password be generated for your account on Make the Movie Happen.
Below is the newly generated password:

Password: '.$new_password.'

Once you log-in, please change your password.

Thank You,
Make the Movie Happen Support Team
';
mail($email, 'Make the Movie Happen - New Password', $message, 'From: general@makethemoviehappen.com');
}

else{
$content.='New password could not be generated.
If you continue to have issues, please email <a href="mailto:general@makethemoviehappen.com">general@makethemoviehappen.com</a> for assistance.';
}

}
else{
header("Location: ./index.php?forgot&e=1");
}
}