PHP - Facebook Login Tutorial For Php Login Script?

Hi i have a facebook login social plugin made but my ? is why do i get symbols in my url link ?.
I login with the plugin to facebook but when page returns me back to my site i have symbols at the end of url.
Like this http://www.games-flash.co.uk/#_=_

Ps sry if i have made this post in wrong section.

I need some guidance in regards to adding Login with Facebook.   Is this something which is easily done? Currently, I'm using UserCake:   http://usercake.com/   How much testing and QA is necessary for this type of work?

This topic has been moved to Third Party PHP Scripts.

http://www.phpfreaks.com/forums/index.php?topic=357535.0

http://pixpresso.mycyberlove.com/

This is my test hosting for this site I'm making.
Navigation and facebook login are almost done.

So, the problem is that after facebook login URL is http://pixpresso.mycyberlove.com/#_=_

Why is this? Is this bad, should I and can I remove this?

hi

i need help an idea how can i separate members from admins
since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 )   (its session login form only that i made it work other tutorials wre too old or something)
how what i want to do is separate members and admins because admin need more rights to do
now i have idea but dont know will it work like that
what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work?
and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag?

Hi guys.

What I want to create is really complicated. Well I have a login system that works with post on an external website.
I have my own website, but they do not give me access to the database for security reasons, therefore I have to use their login system to verify my users.
What their website does is that it has a post, with username and password. The POST website is lets say "https://www.example.com/login".
 If login is achieved (i.e. username and password are correct), it will redirect me to "https://www.example.com/login/success" else it will redirect me to "https://www.example.com/login/retry".

So I want a PHP script that will do that post, and then according to the redirected website address it will return me TRUE for success, FALSE for not successful login.

Any idea??

Thanks

Hi guys,

Can anyone assist me. I am trying to create a login for admin and user (if user not a member click register link) below is my code: But whenever I enter the value as: Username: admin Password:123 - I got an error message "That user does not exist!"

Any suggestion and help would be appreciated.
Thanks.

login.php

<?php 

//Assigned varibale $error_msg as empty

//$error_msg = "";

session_start();

$error_msg = "";

if (isset($_POST['submit'])) {

if ($a_username = "admin" && $a_password = "123") 

{

//Define $_POST from form text feilds

$username = $_POST['username'];

$password = $_POST['password'];

//Add some stripslashes

$username = stripslashes($username);

$password = stripslashes($password);

//Check if usernmae and password is good, if it is it will start session

if ($username == $a_username && $password == $a_password)

{

session_start();

$_SESSION['session_logged'] = 'true';

$_SESSION['session_username'] = $username;

//Redirect to admin page

header("Location: admin_area.php");

}

}

$username = (isset($_POST['username'])) ? $_POST['username'] : ''; 

$password = (isset($_POST['password'])) ? $_POST['password'] : ''; 

if($username && $password) {

$connect = mysql_connect("localhost", "root", "") or die ("Couldn't connect!");

mysql_select_db("friendsdb") or die ("Couldn't find the DB");

$query = mysql_query ("SELECT * FROM `user` WHERE username = '$username'");

$numrows = mysql_num_rows($query);

if ($numrows != 0){

while ($row = mysql_fetch_array($query)) {

$dbusername = $row['username'];

$dbpassword = $row['password'];

}

//Check to see if they are match!

if ($username == $dbusername && md5($password) == $dbpassword) {

header ("Location: user_area.php");

$_SESSION['username'] = $username;

}

else

$error_msg = "Incorrect password!";

//code of login

}else

$error_msg = "That user does not exist!";

//echo $numrows;

}

else

$error_msg = "Please enter a username and password!";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Page</title>
</head>

<body>
<br />
<?php

require "header.php";
?><br />
<div align="center">
<table width="200" border="1">

<?php

// If $error_msg not equal to emtpy then display error message

if($error_msg!="") echo "<div id=\"error_message\"style=\"color:red; \">$error_msg</div><br />";?>

<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<!--form action="login_a.php" method="post"-->

Username: <input type="text" name="username" /><br /><br />

Password: <input type="password" name="password"  /><br /><br />

<input type="submit" name = "submit" value="Log in"  />
</form> <p> </p>

Register a <a href="register.php">New User</a>
</table>
</div>
</body>
</html>

How to add the ability to login with username or email for login?

 

<?php 
ob_start();
include('../header.php');
include_once("../db_connect.php");
session_start();
if(isset($_SESSION['user_id'])!="") {
	header("Location: ../dashboard");
}
if (isset($_POST['login'])) {
	$email = mysqli_real_escape_string($conn, $_POST['email']);
	$password = mysqli_real_escape_string($conn, $_POST['password']);
	$result = mysqli_query($conn, "SELECT * FROM users WHERE email = '" . $email. "' and pass = '" . md5($password). "'");
	if ($row = mysqli_fetch_array($result)) {
		$_SESSION['user_id'] = $row['uid'];
		$_SESSION['user_name'] = $row['user'];	
		$_SESSION['user_email'] = $row['email'];		
		header("Location: ../dashboard");
	} else {
		$error_message = "Incorrect Email or Password!!!";
	}
}
?>

 

Hey, could someone help me with login script ? I've got registration script.

It contains 3 files:

reg.php
<?php

require_once 'database.php';
?>

<h1><strong>Register</strong></h1>

<form name="register" method="post" action="regcheck.php">

  <label>
  <input type="text" name="user" id="user"> Username<br />
  </label>
  
  <br />
  
  <label>
  <input type="password" name="pass" id="pass"> Password<br />
  </label>
  
  <br />
  
  <label>
  <input type="text" name="email" id="email"> Email<br />
  </label>
  
  <label>
  <input type="submit" name="reg" id="reg" value="Register">
  </label>
  
</form>

regcheck.php
<?php
$email = $_POST['email'];

if(
    isset( $_POST['user'] ) &&
    isset( $_POST['pass'] ) &&
    isset( $_POST['email'] )
)
{
    if( strlen( $_POST['user'] ) < 4 )
    {
        echo "Username is too short";
    }
    elseif( strlen( $_POST['pass'] ) < 4 )
    {
        echo "Password is too short";
    }
    elseif(!filter_var($email, FILTER_VALIDATE_EMAIL))
{
    echo "Bad email address";
}  
    elseif( $_POST['pass'] == $_POST['user'] )
    {
        echo"Username and password can't be the same";
    }
    else
    {
        include( 'database.php' );

        $username = mysql_real_escape_string( $_POST['user'] );
        $password = mysql_real_escape_string( $_POST['pass'] );
        $email = mysql_real_escape_string( $_POST['email'] );

        $sqlCheckForDuplicateN = "SELECT username FROM user WHERE username = '". $username ."'";
$sqlCheckForDuplicateE = "SELECT email FROM user WHERE email = '". $email ."'";
        
        if( mysql_num_rows( mysql_query( $sqlCheckForDuplicateE ) ) == 0 && mysql_num_rows( mysql_query( $sqlCheckForDuplicateN ) ) == 0 )
        {
            $sqlRegUser =     "INSERT INTO
                        user( username, password, email )
                    VALUES(
                        '". $username ."',
                        '". $password ."',
                        '". $email ."'
                        )";

            if( !mysql_query( $sqlRegUser ) )
            {
                echo "You Could Not Register Because Of An Unexpected Error.";
            }
            else
            {
                echo "You Are Registered And Can Now Login";
            }
        }
        elseif( !(mysql_num_rows( mysql_query( $sqlCheckForDuplicateE ) ) == 0))
        {
            echo "The Email You Have Entered Is Already Being Used. Please Try Another One.";
        }
        elseif( !(mysql_num_rows( mysql_query( $sqlCheckForDuplicateN ) ) == 0))
        {
            echo "The Username You Have Entered Is Already Being Used. Please Try Another One.";
        }
        elseif( !(mysql_num_rows( mysql_query( $sqlCheckForDuplicateE ) ) == 0) && !(mysql_num_rows( mysql_query( $sqlCheckForDuplicateN ) ) == 0))
        {
            echo "The Email and Username You Have Entered Is Already Being Used. Please Try Another One.";
        }
        
        
    }
}
else
{
    echo "You Could Not Be Registered Because Of Missing Data.";
}
?>

database.php
<?
$con = mysql_connect('host','username','password');
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db('dbname');
?>


So could someone help me with login ???

Hello everyone,

I am brand new to php and am starting off my journey by trying to create a simple login/register script.  I have run into a bit of difficulty, however, and cannot seem to get this to work. I know that the register script is very basic (lacks strlen check, doesn't verify that both passwords are the same, etc.), but for the time being I simply want to have a functional script.  Then I can continue learning by adding more components.  Here are the login.php, checklogin.php, and register.php files (in this order).  I believe that the login/checklogin files work, but the register file just shows the form without actually writing to DB when it is submitted.  Thank you very much for your help.

Code: [Select]
<html>
<body>
<b> Member Login </b> <br />
<form name="input" action="checklogin.php" method="post">
Username : <input type="text" name="myusername" id="username"> <br />
Password : <input type="password" name="mypassword" id="password"> <br />
<input type="checkbox" name="remember" value="checkbox"> Remember me <br />
<input type="submit" value="Login">
Not a member? <a href="./register.php">Register!</a>
</form>
</body>
</html>

Code: [Select]
<?php
$host="localhost";
$usr="root";
$pwd="";
$db="MemberDB";
$tbl_name="members";

mysql_connect($host, $usr, $pwd) or die("Unable to connect");
mysql_select_db($db) or die("Unable to select database");

$myusr = $_POST['myusername'];
$mypswd = md5($_POST['mypassword']);

$myusername = stripslashes(strip_tags($myusr));
$mypassword = stripslashes(strip_tags($mypswd));
$myusername = mysql_real_escape_string($myusr);
$mypassword = mysql_real_escape_string($mypswd);

$sql="SELECT *FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if ($count==1) {
session_register("myusername");
session_register("mypassword");
header("location:menu.php");
}
else {
echo "Incorrect Username or Password";
}
?>

Code: [Select]
<?php
$host="localhost";
$usr="root";
$pwd="";
$db="MemberDB";
$tbl_name="members";

mysql_connect($host, $usr, $pwd) or die("Unable to connect");
mysql_select_db($db) or die("Unable to select database");

if (isset($_POST['register'])) 
{ 

$query = "INSERT INTO members ('username', 'password', 'email') 
VALUES('$_POST[username]', 'md5($_POST[password1])', '$_POST[email]')";

mysql_query($db,$query) or die();
mysql_close();

echo "You have successfully registered!";
}
else{
?>
<html>
<body>
<b> Register</b> <br />
<form name="register" action="./register.php" method="post">
Username : <input type="text" name="username" id="username"> <br />
Password : <input type="password" name="password" id="password1"> <br />
Confirm Password : <input type="password" name="password2" id="password2"> <br />
Email: <input type="text" name="email" id="email"> <br />
<input type="submit" value="register">
</form>
</body>
</html>
<?php
}
?>

Quote from: scootstah on November 30, 2011, 01:19:13 PM


Code: [Select]
function hash_password($password, $salt = null) {
// create a salt if not already defined
if (is_null($salt))
$salt = substr(sha1(uniqid(mt_rand(), true), 0, 10);

// $password will be plaintext at this point

// $site_key should be a large random string statically
// located in a file with secure permissions

$hash = hash_hmac('sha512', $password . $salt, $site_key);

return array('hash' => $hash, 'salt' => $salt);
}

$password = 'abcdef';

$pass = hash_password($password);




First off I just want to say thank you for the valuable information I have been reading in this topic (for a few days) and I have updated my pages accordingly.

My passwords are now salted with a random encrypted string and I am using sha1 but would like to switch to sha512. So I am playing around with some code to learn more about how it works and have noticed that:

sha1(test) returns a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
but
sha512(test) just crashes the page.

Can anyone help me understand why this is?

I am looking to use this for an admin panel.   session_start.php

"session_start()"
"if statement" where it checks if a successful login is given

Is it necessary to include "session_start.php" into the top of each script file?   If I just include "session_start.php" into the top of the "main" file where the other script files are included inside of the "main" as well, then I have it in ways where the other script files could get called up through the URL.(?)   I thought it is a bit too much to include "session_start.php" into each script file.   Is there a way where this can be done with more simple ways?   I would appreciate the suggestions a lot.

Hello everyone,

The last few weeks I've asked a few questions. From the answers given, I've finished my login script.
But, I am a noob at oop php and I have also no clue if there are any security holes.

So my question to you guys is:

What have i done wrong? What can i do better? And what's missing?
I also have a one basic question:

I have't declared any variable to public, protected or private. Is it better to declare every variabe? or only a few?
Here is my code:

Index.php:

<?php

if ($_SERVER['REQUEST_METHOD'] == 'POST')

{

require('classes/class_lib.php');

if(isset($_POST['username'])){

$username = $_POST['username'];
}
if(isset($_POST['password'])){

$password = $_POST['password'];
}

try{

$user = new User;

$user->login($username, $password);
}
catch(MysqlException $error){

echo $error->getError();
}

catch(LoginException $error){

echo $error->getError();
}

}

?>

// form etc.

And my class_lib.php:

<?php

class MysqlException extends Exception{

public function getError(){

$errorMessage = 'Er is een fout opgetreden in '.$this->getFile().' op regel '.$this->getLine().'<br />';

$errorMessage .= 'Foutmelding: <i>'.$this->getMessage().'</i><br />';

return $errorMessage;

}
}

class LoginException extends Exception{

public function getError(){

$errorMessage = $this->getMessage();

return $errorMessage;

}
}

class Mysql{

public function __construct(){

$this->db = new mysqli('localhost','root','','login');

if($this->db->connect_error){

throw new MysqlException('Kan geen verbinding maken.');

}

}

public function escapeString($string){

$this->string = $this->db->real_escape_string($string);

return $string;

}
}

class Query extends Mysql{

public function runQuery($query){

$this->result = $this->db->query($query);

if(!$this->result){

throw new MysqlException('Er is iets fout gegaan tijdens het uitvoeren van de query.');

}

}

public function returnQuery(){

return $this->result->num_rows;

if(!$this->result){

throw new MysqlException('Er is iets fout gegaan tijdens het ophalen van de resultaten.');

}

}
}

class User{

public function __construct(){

$this->mysql = new Mysql;

$this->query = new Query;

}

public function login($username, $password){

$this->username = $this->mysql->escapeString($username);

$this->password = $this->mysql->escapeString($password);

$this->setQuery = "SELECT gebruikerid FROM gebruikers WHERE gebruikersnaam='" . $this->username . "' AND wachtwoord='" . $this->password . "'";

$this->query->runQuery($this->setQuery);

if($this->query->returnQuery() > 0){

return true;

}else{

if(empty($username) || empty($password)){

throw new LoginException('U moet alle velden invullen.');

}else{

throw new LoginException('Uw logingegevens kloppen niet.');

}

}

}
}

?>

where do i download a login script like this used here at phpfreaks

Hey so this is my login script but when i enter something into the username and password box and submit it, the page just refreshes.  

<?php


echo "


<h1>LOGIN</h1>
<form action='' method='POST'>
<table>
<tr>
<td>
<b>Username:</b>
</td>
<td>
<input type='text' name='username' placeholder='Enter your username'>
</td>
</tr>
<tr>
<td>
<b>Password:</b>
</td>
<td>
<input type='password' name='password' placeholder='Enter your password'>
</td>
<td>
<input type='submit' value='login' name='submit'>
</td>
</tr>
</form>
";


$host = "localhost";
$username = "root";
$password = "";
$db_name = "website";


mysql_connect("$host", "$username", "$password") or die("Could not connect");
mysql_select_db("$db_name") or die("Could not find database");


if(isset($_POST['submit'])) {
if(!empty($_POST['username'])) {
$sql = "SELECT * FROM members WHERE username='$username' AND password='$password'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);


if($count==1) {
$row = mysql_fetch_array($sql);
$bancheck = mysql_query($row);
if($row['active']==0 && count==0) {
include 'userban.html';
} else if($count==1 && $bancheck==1) {
$_SESSION['username'] = "$username";
include '/home/user/index.php';
} else {
echo "You entered invalid information";
}
}
}
}


?>