Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
* * * * * 3 votes

Creating A Simple Yet Secured Login/registration With Php5

encryption registration login

  • Please log in to reply
113 replies to this topic

#25 aljosa

aljosa

    CC Lurker

  • New Member
  • Pip
  • 3 posts
  • Programming Language:PHP
  • Learning:PHP

Posted 12 November 2012 - 06:08 AM

Thanks papabear and Orjan.

So this is the right way:

CREATE TABLE IF NOT EXISTS `users`(
`userID`int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(50) NOT NULL,
`password` varbinary(250) NOT NULL,
PRIMARY KEY (`userID`),
UNIQUE KEY (`userID`,`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=0;


Any of you knows how to retrieve UserID from session or otherwise in a secure kind of way when user logs in?

I'll use UserID for MySQL INSERT statement to other table and then link table data to logged in user session for preview? TNX...
  • 0

#26 Orjan

Orjan

    CC Mentor

  • Moderator
  • 2918 posts
  • Location:Karlstad, Sweden
  • Programming Language:C, Java, C++, C#, PHP, JavaScript, Pascal
  • Learning:Java, C#

Posted 12 November 2012 - 06:21 AM

yes, if following the database normalization userID must be the only primary key there... I haven't noticed that I also make the username primary key instead of making it a unique key, but this will work... my purpose is to have a unique username, I might have click the button in phpmyadmin wrong >_<

Having a primary key with both fields needs the combination to be unique, which means any username can be duplicate as long as the userID is changed, which it is if you use a autocounter for the key.

Thanks papabear and Orjan.

Any of you knows how to retrieve UserID from session or otherwise in a secure kind of way when user logs in?

I'll use UserID for MySQL INSERT statement to other table and then link table data to logged in user session for preview? TNX...


you need to store the userID in the session variable. $_SESSION['userid'] for example, then you can retrieve it from the same variable next time the page loads.
  • 1

I'm a System developer at XLENT Consultant Group mainly working with SugarCRM.
Please DO NOT send mail or PM to me with programming questions, post them in the appropriate forum instead, where I and others can answer you.


#27 aljosa

aljosa

    CC Lurker

  • New Member
  • Pip
  • 3 posts
  • Programming Language:PHP
  • Learning:PHP

Posted 12 November 2012 - 06:33 AM

Yes I get this but when looking to login function I wonder if I should add for ex.

$stmt->bindValue( "userID", $this->usid, PDO::PARAM_STR );

to userLogin function and then call it on success page like that ex.:

echo '$_SESSION['userID']';

or should I form new function?
  • 0

#28 Orjan

Orjan

    CC Mentor

  • Moderator
  • 2918 posts
  • Location:Karlstad, Sweden
  • Programming Language:C, Java, C++, C#, PHP, JavaScript, Pascal
  • Learning:Java, C#

Posted 12 November 2012 - 07:18 AM

you shouldn't have the userid in the same unique key as username, then it works as I said above, also, to be a primary key, it's needs to be unique, so you only need username in the unique key.

to set the userid into the session using papabears code, you do when setting $success = true, you also do $_SESSION['userid'] = [user id variable...]
but to use sessions, you need to have started session handling on every page.
  • 0

I'm a System developer at XLENT Consultant Group mainly working with SugarCRM.
Please DO NOT send mail or PM to me with programming questions, post them in the appropriate forum instead, where I and others can answer you.


#29 nkrc10

nkrc10

    CC Lurker

  • Just Joined
  • Pip
  • 1 posts
  • Programming Language:PHP
  • Learning:PHP

Posted 25 November 2012 - 04:16 PM

Excellent tutorial..I was searching for something like that..so I decide to register here :D
Hey mate..how you make the session stuff with your code...I have some knowledge on php, but this is a bit difficult for me. Can you help me?

And the double nick registration issue.
  • 0

#30 EyoHonesty

EyoHonesty

    CC Lurker

  • Just Joined
  • Pip
  • 1 posts

Posted 14 December 2012 - 06:45 PM

Hi,

Your code is magnanimously nice and wonderful!
But there is one problem with the code - it does not run on my web server.
I am using php version 5.4 and Apache version 2.3.14.
Could this be the problem?

I use dreamweaver to design my pages - on the design view, the content and css arrangement are very neat. But on the web browser, when I fill in the form to login, the page clears and displays the comment '//if user did not click the login button show the login form'
No error messages!

I do not know how to figure this out!

Please could you help?

Thank you!

Please find attached files.
NB: changes are: /css/style2.css; /register2.php(instead of register.php); /login2.php(instead of index.php);
username field in db is userName;
password field in db is passWord;
database is 'test';
table is 'users';

Attached Files


Edited by EyoHonesty, 14 December 2012 - 06:56 PM.

  • 0

#31 SamuelArcher

SamuelArcher

    CC Lurker

  • New Member
  • Pip
  • 7 posts
  • Location:Manchester
  • Programming Language:C#, PHP, Lua

Posted 19 December 2012 - 11:29 PM

Can someone give a step by step way to add session support to this script ?

Its a shame that such a simple and well made script has no real use in any application. I have been looking for a small and simple Login script using PDO for a LONG time, but due to lack of session support and the dual username bug it can't really be used. Back to google then :(

Edited by Archer, 19 December 2012 - 11:37 PM.

  • 0

#32 Orjan

Orjan

    CC Mentor

  • Moderator
  • 2918 posts
  • Location:Karlstad, Sweden
  • Programming Language:C, Java, C++, C#, PHP, JavaScript, Pascal
  • Learning:Java, C#

Posted 19 December 2012 - 11:57 PM

It's pretty easy!

start every page with
session_start();

then on successful login, do
$_SESSION['login'] = true;
$_SESSION['uid'] = <the user's id from database>;

on logout, do


$_SESSION['login'] = false;
$_SESSION['uid'] = 0;

session_destroy();

then you need to start your usr variable by adding the current id to keep track of who's logged in
probably create a constructor in the Users class like

__construct($id = 0) {
// set a variable of kkeping the uid and read out the needed information from database
}

which you call with
$usr = new Users($_SESSION['uid']);
and then the main handling should work

Edited by Orjan, 20 December 2012 - 12:00 AM.

  • 2

I'm a System developer at XLENT Consultant Group mainly working with SugarCRM.
Please DO NOT send mail or PM to me with programming questions, post them in the appropriate forum instead, where I and others can answer you.


#33 SamuelArcher

SamuelArcher

    CC Lurker

  • New Member
  • Pip
  • 7 posts
  • Location:Manchester
  • Programming Language:C#, PHP, Lua

Posted 20 December 2012 - 12:08 AM

Thanks for replying. I am loving the site so far :) but i just don't understand the code for this class.

I have a main file called core.php which is included on every page where session_start is called.

Here is the class I have which works with the rest of the system.

<?php
class Authenticate extends Database{
public $username = null;
public $password = null;
public $salt = "Zo4rU5Z1YyKJAASY0PT6EUg7BBYdlEhPaNLuxAwU8lqu1ElzHv0Ri7EM6irpx5w";

public function __construct( $data = array() ) {
if( isset( $data['username'] ) ) $this->username = stripslashes( strip_tags( $data['username'] ) );
if( isset( $data['password'] ) ) $this->password = stripslashes( strip_tags( $data['password'] ) );
}

public function storeFormValues( $params ) {
//store the parameters
$this->__construct( $params );
}

public function userLogin() {
global $Database;
$success = false;
try{
$sql = "SELECT * FROM users WHERE username = :username AND password = :password LIMIT 1";

$stmt = $Database->prepare( $sql );
$stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
$stmt->bindValue( "password", hash("sha512", $this->password . $this->salt), PDO::PARAM_STR );
$stmt->execute();

$valid = $stmt->fetchColumn();

if( $valid ) {
$success = true;
}

return $success;
}catch (PDOException $e) {
echo $e->getMessage();
return $success;
}
}

public function register() {
global $Database;
try {
$sql = "INSERT INTO users(username, password) VALUES(:username, :password)";

$stmt = $Database->prepare( $sql );
$stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
$stmt->bindValue( "password", hash("sha512", $this->password . $this->salt), PDO::PARAM_STR );
$stmt->execute();
return "Registration Successful <br/> <a href='index.php'>Login Now</a>";
}catch( PDOException $e ) {
return $e->getMessage();
}
}

}

?>

Any more help is so very much appreciated.

Edited by Archer, 20 December 2012 - 12:45 AM.

  • 0

#34 Orjan

Orjan

    CC Mentor

  • Moderator
  • 2918 posts
  • Location:Karlstad, Sweden
  • Programming Language:C, Java, C++, C#, PHP, JavaScript, Pascal
  • Learning:Java, C#

Posted 20 December 2012 - 12:41 AM

It's a few things I don't understand either. For example, why nulling the $Database variable, which is a global? that kills the database connection.

to add sessions here, change

if( $valid ) {
$success = true;
}

to
if( $valid ) {
	 $success = true;
     $_SESSION['login'] = true;
     $_SESSION['uname'] = $username;
}
and in your __construct, check if uname is set in session var, and let $username be set to it instead then.

Edited by Orjan, 20 December 2012 - 12:48 AM.

  • 0

I'm a System developer at XLENT Consultant Group mainly working with SugarCRM.
Please DO NOT send mail or PM to me with programming questions, post them in the appropriate forum instead, where I and others can answer you.


#35 SamuelArcher

SamuelArcher

    CC Lurker

  • New Member
  • Pip
  • 7 posts
  • Location:Manchester
  • Programming Language:C#, PHP, Lua

Posted 20 December 2012 - 12:51 AM

Sorry, that was a mistake, I have updated my code.

I don't understand what to do with the _construct method. Yes i am stupid, but i am very grateful for taking the time to help and enplane.
  • 0

#36 sarkons

sarkons

    CC Resident

  • Advanced Member
  • PipPipPipPip
  • 52 posts
  • Location:British Columbia, Canada
  • Programming Language:PHP, JavaScript
  • Learning:PHP, JavaScript

Posted 20 December 2012 - 10:59 PM

Appreciate this, thank you ! :thumbup:
  • 1





Also tagged with one or more of these keywords: encryption, registration, login