|
PHP - Need Of A Good Login
Hey!
I was wondering if anyone had a really nice login tutorial that teach to make a secure login that is easy to use. Also, it would be best if it checked the other files as a normal logincheck.php does, but it gotta fit the login of course Anyone ? Similar Tutorialshi i need help an idea how can i separate members from admins since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 ) (its session login form only that i made it work other tutorials wre too old or something) how what i want to do is separate members and admins because admin need more rights to do now i have idea but dont know will it work like that what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work? and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag? Hi guys. What I want to create is really complicated. Well I have a login system that works with post on an external website. I have my own website, but they do not give me access to the database for security reasons, therefore I have to use their login system to verify my users. What their website does is that it has a post, with username and password. The POST website is lets say "https://www.example.com/login". If login is achieved (i.e. username and password are correct), it will redirect me to "https://www.example.com/login/success" else it will redirect me to "https://www.example.com/login/retry". So I want a PHP script that will do that post, and then according to the redirected website address it will return me TRUE for success, FALSE for not successful login. Any idea?? Thanks Hello guys, Is there on web any updated tutorial on how can I add Facebook login on my simple php login script? Hi guys, Can anyone assist me. I am trying to create a login for admin and user (if user not a member click register link) below is my code: But whenever I enter the value as: Username: admin Password:123 - I got an error message "That user does not exist!" Any suggestion and help would be appreciated. Thanks. login.php <?php //Assigned varibale $error_msg as empty //$error_msg = ""; session_start(); $error_msg = ""; if (isset($_POST['submit'])) { if ($a_username = "admin" && $a_password = "123") { //Define $_POST from form text feilds $username = $_POST['username']; $password = $_POST['password']; //Add some stripslashes $username = stripslashes($username); $password = stripslashes($password); //Check if usernmae and password is good, if it is it will start session if ($username == $a_username && $password == $a_password) { session_start(); $_SESSION['session_logged'] = 'true'; $_SESSION['session_username'] = $username; //Redirect to admin page header("Location: admin_area.php"); } } $username = (isset($_POST['username'])) ? $_POST['username'] : ''; $password = (isset($_POST['password'])) ? $_POST['password'] : ''; if($username && $password) { $connect = mysql_connect("localhost", "root", "") or die ("Couldn't connect!"); mysql_select_db("friendsdb") or die ("Couldn't find the DB"); $query = mysql_query ("SELECT * FROM `user` WHERE username = '$username'"); $numrows = mysql_num_rows($query); if ($numrows != 0){ while ($row = mysql_fetch_array($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } //Check to see if they are match! if ($username == $dbusername && md5($password) == $dbpassword) { header ("Location: user_area.php"); $_SESSION['username'] = $username; } else $error_msg = "Incorrect password!"; //code of login }else $error_msg = "That user does not exist!"; //echo $numrows; } else $error_msg = "Please enter a username and password!"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login Page</title> </head> <body> <br /> <?php require "header.php"; ?><br /> <div align="center"> <table width="200" border="1"> <?php // If $error_msg not equal to emtpy then display error message if($error_msg!="") echo "<div id=\"error_message\"style=\"color:red; \">$error_msg</div><br />";?> <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post"> <!--form action="login_a.php" method="post"--> Username: <input type="text" name="username" /><br /><br /> Password: <input type="password" name="password" /><br /><br /> <input type="submit" name = "submit" value="Log in" /> </form> <p> </p> Register a <a href="register.php">New User</a> </table> </div> </body> </html> How to add the ability to login with username or email for login?
<?php
ob_start();
include('../header.php');
include_once("../db_connect.php");
session_start();
if(isset($_SESSION['user_id'])!="") {
header("Location: ../dashboard");
}
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$result = mysqli_query($conn, "SELECT * FROM users WHERE email = '" . $email. "' and pass = '" . md5($password). "'");
if ($row = mysqli_fetch_array($result)) {
$_SESSION['user_id'] = $row['uid'];
$_SESSION['user_name'] = $row['user'];
$_SESSION['user_email'] = $row['email'];
header("Location: ../dashboard");
} else {
$error_message = "Incorrect Email or Password!!!";
}
}
?>
I was wondering if this is faster or better performance. Each time a user submit's a post on my forum I will make it +1 the .txt file on my main server directory called test.txt, then I can just call that on my main forum index to show the amount of total posts our board has, instead of using mysql queries to sum all of it from the tables... good idea? or am i retarded? I have a SQL statement which is difficult to use PDO on, it might not even be possible to do.
So I'm filtering it like this:
$search = $_GET['search'];
$search = preg_replace("/[^A-Za-z0-9]/", " ", $search);
$search = $mysqli->real_escape_string($search);
Will this result in an acceptable level of security?
Edited by anderson_catchme, 16 September 2014 - 12:28 PM. I've always had an issue needing to write and maintain script to validate both client side and sever side so a while back I wrote a validation class whose primary purpose was: Accept in its constructor a JSON string which is mostly identical to the jQuery validation option except it also included a "sanitize" property. For instance: {"rules": {"account": {"minlength": 6}}, "messages": {"account": {"minlength": "Six numbers are required"}, "sanitize":{"account":int}}. Provide the correct jQuery validation option so a form can be validated client side. Sanitize the form data server side. Validate the form data server side.I recently looked at the code and it is a train wreck. I used a single class and had a bunch of protected functions where some would validate per a given rule and return the message upon error and others would sanitize. For non-typical rules required by the specific application, I would extend the class and add them. Some of these added rules required other resources such as an entities primary key, a PDO connection, etc. While inheritance worked fine to add simple rules, it did not do so for the rules which needed other resources. Also, even though I used "final" on my base class methods, I never liked this single class of many methods as I couldn't use the same name for a given rule and sanitize method (i.e. would rather use digit and digit instead of digit and int). I am thinking of changing it to something like the following. While this is definitely better, I question whether I should be using traditional classes to define my standard and custom rules. Any recommendations? Thanks
class Validator
{
protected $options,
$rules=[
"digit"=>function($value, $prop, $name){
return /*validate and return error string or null*/;
},
"minlength"=>"ect, etc"
];
public function __construct(string $json, \Closure ...$customRules=[]) {
$this->options=json_decode($json);
$this->rules=array_merge($this->rules, $customRules);
}
}
class Application
{
public function someMethod() {
$pdo=$this->pdo;
$applicationCustomRules=[
'someCustomRule'=>function($value, $prop, $name) use ($pdo) {
return /*validate and return error string or null*/;
}
];
$validator=new Validator($json, ...$applicationCustomRules);
//Which can be used such as:
$jQueryOptions=$validator->getJQueryOptions();
$validator->validate($data);
$validator->validateProperty('account', $account);
}
}
Hi there, I am currently using the in_array() function to check the user's country with the country in the ShippingProfile table. I have a function that returns the shipment profile info from the table. $myshipProfile = filter_shippingprofile(array(......)); And in the $myshipProfile I get the profile info with the countryID. Now I can check the user's country in the array: if(in_array($_SESSION['userCountryId'], $myshipProfile)) { print "yes country is found"; } I works fine so far. But there is a slight problem to it. I did a quick: print_r($myshipProfile); And the output was: Array ( [shippingprofileID] => 14 [supplierId] => 66 [shippingprofilename] => ProfName1 [shippingto] => CustomCountries [ShipRegionCountries] => 66 [shippingcost] => 10 Notice the supplierId and the ShipRegionCountries has the same value. And now when I try to perform in_array() it will return true every time even if the ShipRegionCountries is not 66 because as supplierID is 66. You see the conflict. Therefore, can we write like this: if(in_array($_SESSION['userCountryId'], $myshipProfile['ShipRegionCountries'])) { print "yes country is found"; } I get no ouput for this. Whats the correct way to check only the 'ShipRegionCountries' in the array? Thank you I would realy like to study php, other than taking other codes and editing them i havnt got a clue. Can someone provide me with a good tutorial on how to create really nice looking buttons please. Not just crap ones, like real nice ones. XD Thanks in advance Let's say for an "entry-income or low-income" to get started with.
How should it look like when it comes to the skills?
Could it work out if somebody for example can program with "bind parameters" and OOP in PHP?
What are your recommendations?
Edited by glassfish, 26 October 2014 - 10:20 AM. I'm going to write a script that determines if a proxy is good or not through cURL and I would like to know if anyone knows what qualifies a proxy as being good. Let's assume I need to do some surfing through a proxy - that's it. Is there a way in PHP to determine the 'type' of proxy? For example (elite, codeen, etc.) If the proxy page exists is that all I need to run cURL through it or otherwise consider it as being good? Or should I focus my attention towards simply going through the whole process of getting a 'dummy' page using cURL through the proxy and, should it succeed, it will be considered good. I suppose if I can avoid the latter then the script would be more efficient. Advice and suggestions are always greatly appreciated here. This topic has been moved to Application Design. http://www.phpfreaks.com/forums/index.php?topic=347419.0 hello; I have: mysql: utf8_general_ci index.php: header( ... UTF-8) index.php: <meta ... content-type ... UTF-8> index.php, mysql query procedu ... mysql_set_charset( utf8 , .. ) ... So, if I put a special character in my db, it WILL display correctly in index.php But, if I put the same character in a php variable, it is BAD ... diamond-shape with question mark inside Since my special characters work from the db, I would like to also use them in html (index.php ). am I missing anything? thanks for your time .. Shannon I just made this mini class for hashing passwords, is this all there is to it? Setting a salt string, and hashing the string using something like sha1(md5($salt.$password)) Code: [Select] <?php class MyHash { private $salt = "a6B2yj90sZ34"; public function set_salt($salt){ $this->salt = $salt; } public function hash_string($string){ return sha1(md5($this->salt.$string)); } public function check_hashed_string($user_input, $correct_pass){ if($this->hash_string($user_input) == $correct_pass){ return true; }else{ return false; } } } ?> This topic has been moved to Other Programming Languages. http://www.phpfreaks.com/forums/index.php?topic=347880.0 Code: [Select] <?php /* * To change this template, choose Tools | Templates * and open the template in the editor. */ $width=120; $height=60; $image= imagecreate($width, $height); $txt=substr(md5(rand()),0,8); $white= imagecolorallocate($image, 255, 255, 255); $black= imagecolorallocate($image, 0, 0, 0); $red= imagecolorallocate($image, 255, 0, 0); $new= imagecolorallocate($image, 128, 128, 255); //imagefilledrectangle($image, 10, 10, 110, 50, $white); imagefilledrectangle($image, 20, 20, $width-20, $height-20, $new); imagestring($image, 40, 27, 22, $txt, $black); header("content-type:image/jpeg"); imagejpeg($image); imagedestroy($image); ?> This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=320875.0 My first post! Im sorry it has to be a question.. But im also sharing! I found a great php to mail script with attachment. I added it as a text file for if ur intrested in the whole code. Its really easy for adding to your form and has a great way of posting errors. Now my question: The script works great with 1 attachment but how do i add a second attachment? I tried so many things but how hard can it be? Lets say this is a part of your html to upload your files: <html> <body> <form method="post" class="appnitro" action="<?php echo basename($_SERVER["PHP_SELF"]); ?>" enctype="multipart/form-data"> <li id="li_8" > <label class="description" for="element_8">Upload your logo </label> <div> <input name="probe" class="element file" type="file"/> <?php if (isset($_POST['probe'])) echo htmlentities(stripslashes($_POST['probe'])); else echo ""; ?> </div> <p class="guidelines" id="guide_8"><small>Upload your logo here. there is a max of 1 mb</small></p> </li> <li id="li_9" > <label class="description" for="element_9">Upload foto 1 </label> <div> <input name="probe2" class="element file" type="file"/> <?php if (isset($_POST['probe2'])) echo htmlentities(stripslashes($_POST['probe2'])); else echo ""; ?> </div> <p class="guidelines" id="guide_9"><small>Upload your logo here. there is a max of 1 mb</small></p> </li> </form> </body> </html> Heres a part of the php processing // if attachment, MIME-Mail: if (isset($_FILES['probe']['name']) && trim($_FILES['probe']['name']) != "") { // read and encode file: $datei_content = fread(fopen($_FILES['probe']['tmp_name'],"r"),filesize($_FILES['probe']['tmp_name'])); $datei_content = chunk_split(base64_encode($datei_content),76,"\n"); //? encode a second file here? // Boundary: $boundary = md5(uniqid(rand())); // Attachment: $mail_header .= "\n--".$boundary; $mail_header .= "\nContent-Type: ".$_FILES['probe']['type']."; name=\"".$_FILES['probe']['name']."\""; $mail_header .= "\nContent-Transfer-Encoding: base64"; $mail_header .= "\nContent-Disposition: attachment; filename=\"".$_FILES['probe']['name']."\""; $mail_header .= "\n\n".$datei_content; //? attach a second file here? // End: $mail_header .= "\n--".$boundary."--"; Cant i duplicate the encoding and attaching and rename? what am i missing here? Can someone please help me out here? Tnx. |
|||||||