PHP Login Script
20 Sep 2002 — martin
A complete PHP login script; includes user registration, login, logout, change password, change member details, and user list.
Features
- Prevents session stealing by verifying session data on every request
- Remember-me cookie doesn't include the password at all, thus network sniffers may only log in as you but not change your password
Download
Note: the script is packaged with PEAR's HTML_Table, HTML_Common, and required parts of PEAR and PEAR_DB. It is known to work with PHP 4.3.10 and the packaged version of PEAR, your luck may vary with other versions.
- php-login-script.tgz
- Complete code as gzipped tarball
- php-login-script.zip
- Complete code as zip archive
Dependencies
Quick Install Guide
Note: replace username, password, and db with your real username, password, and database name. If it doesn't work with localhost below ask your database administrator what values to use, you will have to remove unix+ from the DSN too.
- Unpack the archive and move it to a directory under your DocumentRoot, config.php can be placed in an upper directory for higher security
- Start mysql and connect as a user with grant privileges (usually root)
- mysql> CREATE DATABASE db;
- mysql> GRANT ALL PRIVILEGES ON db.* TO username@localhost IDENTIFIED BY 'password';
- mysql> q
- mysql -u username -p db < php-login-script.sql
- Password: password
- Delete php-login-script.sql
- Open config.php and change the line that says: $dsn = "mysql://username:password@unix+localhost/db"; to match your username, password, and database name
Bookmark/Search this post with:
Delicious
Digg
Reddit
Technorati
Comments
Love it...
Love the script...its great, already customized it and everything. One question maybe someone...not necessarily martin has to answer. Within the "protected" area, I also have a higher protection based area that only certain users can access. Anyone know how I can only allow certain users to have crudentials to also access that area?
Permission levels
Ryan, just add a column in the database like permission and register that as a session variable. Then you can check it whereever you need to.
login script taht does not use pear
it seems i tried to get this working for nothing.. the site is hosted elsewhere and i dont have access to folder permissions (and wont get access to it in future). anyone know of another login script that DOES NOT USE PEAR?
any help would be gerat
Script that works.
Leave this joker, this is the site you need....
http://www.free2code.net/tutorials/programming/php/4/phplogin.php
much simpler login for us dumb folk
I, like many of the people who have visited this page, can't get the scripts above to work, so I found something simpler on another page, of which I will give you the address. However, I must warn you that this particular script is probably not as secure as the one above and currently does not offer the option of allowing users to change their passwords. You have been warned. http://www.evolt.org/article/PHP_Login_Script_with_Remember_Me_Feature/1...
outdated
This tutorial is totally outdated when using the latest PEAR. Specially the HTML/Form.php.
nice coding dude
i just wanted to ask some ?'s but they've all be aked before, hehe.
thats why i choose to find out for myself... check www.w3schools.com if you're a newb.
slaske 19.10.2004
login script idea
hey, i was wondering, if it was possible to MD5 hash the whole username that the user enters and store in the database only MD5 hashed usernames, because this would probably really be good for preventing SQL injection attacks, wouldnt it?
just a thought, dunno if this has been done before, thats all. i cant think of any drawbacks such a thing would have.
you could just use php to ensure the usernames arent of an improper format, like if they contain unicode symbols, html tags, spaces, etc, and then once php is sure this is an acceptable username, php would MD5 hash it and store that in the database.
any thoughts on this?
vauthenticate takes five minutes to set up
http://www.beanbug.net/vScripts.php
confused - willing to pay
I own a site with php nuke - but i want a different registration so that their username is their email address, they have their own account page which I want to make alot different than the one php nuke creates for a user... i need a login page... i want them to have to check their email for a password... and i want them to receive a referral id if they refer other people to the site which they can put on the end of a link to the site. e.g. www.mysite.com/register/#referralID#
I'm too confused to do this myself, but if someone can actually help me do this i am willing to pay 150 USD for this... email me at goz456@hotmail.com if you think you can help me :S
The code now comes bundled with PEAR.
A README file would have been nice. This must be a new version of php for me because i could not figure out the database connection formats, username, password, and database table. I suppose they go into config.php, but even that is not clear.
PLease tell me i dowloaded that, i excreated these file, and click on confiq.php this is not openinig showing Open With Error so then i open it with explorer not showing me page but showing its Source. What i do that it showz me a page.
Hi Martin!
great work. one question, there are some permssion sets like editord, admin etc. and also one function in user class , editoronly. are you still expanding this script for these things to be operatuive.
regards
dharam
Actually development is halted. I was using this code for my site and developed it for it but I recently moved to wordpress.
In order to get the "Remember Me" functionality to work properly I had to change a line in lib/user.php where it unserializes the login cookie.
The line was:
list($username,$cookie) = @unserialize($cookie);
however, this fails because the cookie values are actually quote-escaped, so I changed it to
list($username,$cookie) = @unserialize(stripslashes($cookie));
and it works nicely.
Another tip for using these scripts -- if you make modifications to any of these scripts:
'global.php'
'functions.php'
'../config.php'
'session_defaults.php'
'lib/user.php'
Make sure you do not leave any additional newlines after the php end tag in these files as they will prevent you from modifying header information after including these and thus leave you scratching your head for hours on end.
yup this script is greate but i got a problem whit it
it gives me this error : Database connection failed. why?
i set up everything but ... it doens't connect whit database .. in mssql .. ?? why??
The result is:
Warning: session_start(): open(/tmp\sess_b3ba97caa3a3a0739aab68bd6e08dc44, O_RDWR) failed: No such file or directory (2) in c:\program files\apache group\apache\htdocs\global.php on line 4
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at c:\program files\apache group\apache\htdocs\global.php:4) in c:\program files\apache group\apache\htdocs\global.php on line 4
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at c:\program files\apache group\apache\htdocs\global.php:4) in c:\program files\apache group\apache\htdocs\global.php on line 4
Database connection failed.
Warning: Unknown(): open(/tmp\sess_b3ba97caa3a3a0739aab68bd6e08dc44, O_RDWR) failed: No such file or directory (2) in Unknown on line 0
Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
What should i do?
Fatal error: Class 'eastwood09_user' not found in /www/110mb.com/e/a/s/t/w/o/o/d/eastwood09/htdocs/php-login-script/config.php on line 14 so wots up with it
Already using your code its working but when I click edit profile or password I received this error:
"The requested URL /user/edit was not found on this server."
I check the file user.php and edit.php and the file is intact. Can you please help me solve this error thanks!