10 replies to this topic

[princeofvegas]

Creating a Custom PHP Login Script

I figured I would contribute something to the tutorials from my web programming knowledge. This is how to create a custom login script in PHP.

Requirements:

Basic Knowledge of PHP
Knowledge of creating MySQL Databases
Web Server with PHP/MySQL Support (Trap17 Hosting is Sufficient)

Step 1:
We need to create a database to store the users information in. You can create the database in cPanel under MySQL Databases. One you have created your database, you can create the table for your user information to be stored in. That can easily be done by running this code:

   <?php 
	 // Connects to your Database 
	 mysql_connect(\"your.hostaddress.com\", \"username\", \"password\") or die(mysql_error()); 
	 mysql_select_db(\"Database_Name\") or die(mysql_error()); 
   
	   //This code runs if the form has been submitted
	 if (isset($_POST[\'submit\'])) { 
   
	 //This makes sure they did not leave any fields blank
	 if (!$_POST[\'username\'] | !$_POST[\'pass\'] | !$_POST[\'pass2\'] ) {
	 		die(\'You did not complete all of the required fields\');
	 	}
   
	 // checks if the username is in use
	   	if (!get_magic_quotes_gpc()) {
	 		$_POST[\'username\'] = addslashes($_POST[\'username\']);
	 	}
	 $usercheck = $_POST[\'username\'];
	 $check = mysql_query(\"SELECT username FROM users WHERE username = \'$usercheck\'\") 
   or die(mysql_error());
	 $check2 = mysql_num_rows($check);
   
	   //if the name exists it gives an error
	   if ($check2 != 0) {
	 		die(\'Sorry, the username \'.$_POST[\'username\'].\' is already in use.\');
	 				}
   
	 // this makes sure both passwords entered match
	   	if ($_POST[\'pass\'] != $_POST[\'pass2\']) {
	 		die(\'Your passwords did not match. \');
	 	}
   
	 	// here we encrypt the password and add slashes if needed
	   	$_POST[\'pass\'] = md5($_POST[\'pass\']);
	   	if (!get_magic_quotes_gpc()) {
	 		$_POST[\'pass\'] = addslashes($_POST[\'pass\']);
	 		$_POST[\'username\'] = addslashes($_POST[\'username\']);
	 			}
   
	   // now we insert it into the database
	   	$insert = \"INSERT INTO users (username, password)
					VALUES (\'\".$_POST[\'username\'].\"\', \'\".$_POST[\'pass\'].\"\')\";
	   	$add_member = mysql_query($insert);
	   	?>
   
		 
	   <h1>Registration Complete</h1>
	   <p>Your account has been created, you can now log in.</a>.</p>
   
   <?php 
	   } 
	 else 
	 {	
			 ?>
		   <form action=\"<?php echo $_SERVER[\'PHP_SELF\']; ?>\" method=\"post\">
	 <table border=\"0\">
	 <tr><td>Username:</td><td>
	 <input type=\"text\" name=\"username\" maxlength=\"60\">
	 </td></tr>
	 <tr><td>Password:</td><td>
	 <input type=\"password\" name=\"pass\" maxlength=\"10\">
	 </td></tr>
	 <tr><td>Confirm Password:</td><td>
	 <input type=\"password\" name=\"pass2\" maxlength=\"10\">
	 </td></tr>
	 <tr><th colspan=2><input type=\"submit\" name=\"submit\" value=\"Register\"></th></tr>  </table>
	 </form>
   
	   <?php
	 }
	 ?>

This script checks to see if the form was submitted as if it was it makes sure that all of the fields are filled out properly, such as the username not existing and passwords are matching. If the form has not been submitted by the user they are shown the registration form.

Step 3:
Next we are going to create a new file and call it login.php. You will then insert this code into login.php:

   <?php 
	   // Connects to your Database 
	 mysql_connect(\"your.hostaddress.com\", \"username\", \"password\") or die(mysql_error()); 
	 mysql_select_db(\"Database_Name\") or die(mysql_error()); 
   
		 //Checks if there is a login cookie
	   if(isset($_COOKIE[\'ID_my_site\']))
   
		 //if there is, it logs you in and directes you to the members page
	 { 
	 	$username = $_COOKIE[\'ID_my_site\']; 
	 	$pass = $_COOKIE[\'Key_my_site\'];
	 		  $check = mysql_query(\"SELECT * FROM users WHERE username = \'$username\'\")or die(mysql_error());
	   	while($info = mysql_fetch_array( $check )) 	
	 		{
	   		if ($pass != $info[\'password\']) 
	 			{
	 						  }
	   		else
	 			{
	 			header(\"Location: members.php\");
   
	   			}
	   		}
	   }
   
		 //if the login form is submitted
	   if (isset($_POST[\'submit\'])) { // if form has been submitted
   
		 // makes sure they filled it in
	   	if(!$_POST[\'username\'] | !$_POST[\'pass\']) {
	 		die(\'You did not fill in a required field.\');
	 	}
	   	// checks it against the database
   
	   	if (!get_magic_quotes_gpc()) {
	 		$_POST[\'email\'] = addslashes($_POST[\'email\']);
	 	}
	   	$check = mysql_query(\"SELECT * FROM users WHERE username = \'\".$_POST[\'username\'].\"\'\")or die(mysql_error());
   
	   //Gives error if user dosen\'t exist
	   $check2 = mysql_num_rows($check);
	 if ($check2 == 0) {
	 		die(\'That user does not exist in our database. <a href=add.php>Click Here to Register</a>\');
	 				}
		 while($info = mysql_fetch_array( $check )) 	
	 {
	   $_POST[\'pass\'] = stripslashes($_POST[\'pass\']);
	 	$info[\'password\'] = stripslashes($info[\'password\']);
	 	$_POST[\'pass\'] = md5($_POST[\'pass\']);
   
	   //gives error if the password is wrong
	   	if ($_POST[\'pass\'] != $info[\'password\']) {
	 		die(\'Incorrect password, please try again.\');
	 	}
   else 
	 { 
	
	 // if login is ok then we add a cookie  
	 	  $_POST[\'username\'] = stripslashes($_POST[\'username\']); 
	 		$hour = time() + 3600;  
	 setcookie(ID_my_site, $_POST[\'username\'], $hour); 
	 setcookie(Key_my_site, $_POST[\'pass\'], $hour);	 
	
	   //then redirect them to the members area 
	 header(\"Location: members.php\"); 
	 } 
	   }   
	 } 
	else  
   {	 
	
	   // if they are not logged in 
	 ?> 
	   <form action=\"<?php echo $_SERVER[\'PHP_SELF\']?>\" method=\"post\"> 
	 <table border=\"0\"> 
	 <tr><td colspan=2><h1>Login</h1></td></tr> 
	 <tr><td>Username:</td><td> 
	 <input type=\"text\" name=\"username\" maxlength=\"40\"> 
	 </td></tr> 
	 <tr><td>Password:</td><td> 
	 <input type=\"password\" name=\"pass\" maxlength=\"50\"> 
	 </td></tr> 
	 <tr><td colspan=\"2\" align=\"right\"> 
	 <input type=\"submit\" name=\"submit\" value=\"Login\"> 
	 </td></tr> 
	 </table> 
	 </form> 
	 <?php 
	 } 
	  
	   ?>

This script checks to see if the login information is stored in a cookie on the users computer. If a cookie already exists with the proper credentials then the user will be redirected to the memers page. If no cookie exists for the site, then the login page is displayed and if the login credentials are valid then the cookie is created and the user is directed to the members page.

Step 4:
Next we are going to create a file called members.php. Once you have created that file, insert the following code:

   <?php 
	   // Connects to your Database  
	 mysql_connect(\"your.hostaddress.com\", \"username\", \"password\") or die(mysql_error());  
	 mysql_select_db(\"Database_Name\") or die(mysql_error());  
	
	   //checks cookies to make sure they are logged in 
	 if(isset($_COOKIE[\'ID_my_site\'])) 
	   {  
	 	$username = $_COOKIE[\'ID_my_site\'];  
	 	$pass = $_COOKIE[\'Key_my_site\']; 
	 		  $check = mysql_query(\"SELECT * FROM users WHERE username = \'$username\'\")or die(mysql_error()); 
	   	while($info = mysql_fetch_array( $check )) 	 
	 		{ 
	
	   //if the cookie has the wrong password, they are taken to the login page 
	   		if ($pass != $info[\'password\'])  
	 			{			  header(\"Location: login.php\"); 
	 			} 
	
	   //otherwise they are shown the admin area	 
	   	else 
	 			{ 
	 				  echo \"Admin Area<p>\"; 
	   echo \"Your Content<p>\"; 
	   echo \"<a href=logout.php>Logout</a>\"; 
		   			} 
	   		} 
	   		} 
	   else 
	
	 //if the cookie does not exist, they are taken to the login screen 
	   {			 
	 header(\"Location: login.php\"); 
	 } 
		 ?>

This code checks to see if a cookie exists for the user. If it does then the page is shown. If no cookie exists then the user is simply redirected to the login page so that they can log in.

Step 5:
Lastly, we are going to create a logout.php papge. Once you have created that file, then you can insert this code into the file:

 <?php 
	   // Connects to your Database  
	 mysql_connect(\"your.hostaddress.com\", \"username\", \"password\") or die(mysql_error());  
	 mysql_select_db(\"Database_Name\") or die(mysql_error());  
	
	   //checks cookies to make sure they are logged in 
	 if(isset($_COOKIE[\'ID_my_site\'])) 
	   {  
	 	$username = $_COOKIE[\'ID_my_site\'];  
	 	$pass = $_COOKIE[\'Key_my_site\']; 
	 		  $check = mysql_query(\"SELECT * FROM users WHERE username = \'$username\'\")or die(mysql_error()); 
	   	while($info = mysql_fetch_array( $check )) 	 
	 		{ 
	
	   //if the cookie has the wrong password, they are taken to the login page 
	   		if ($pass != $info[\'password\'])  
	 			{			  header(\"Location: login.php\"); 
	 			} 
	
	   //otherwise they are shown the admin area	 
	   	else 
	 			{ 
 ?>

and then by adding this to the very bottom of the file (AFTER EVERYTHING!!!)

 <?php
 }
 ?>

That is pretty much it. Please feel free to post any questions or comments and I will be more than happy to help you out.

[DroopsLoops]

Hey! I have an error in the login.php. Can you help me solve it?

the error is the following:

Quote

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\ja_pruebas\login.php:9) in C:\xampp\htdocs\ja_pruebas\login.php on line 70

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\ja_pruebas\login.php:9) in C:\xampp\htdocs\ja_pruebas\login.php on line 71

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\ja_pruebas\login.php:9) in C:\xampp\htdocs\ja_pruebas\login.php on line 74

and those lines are in the code the followings:

70 setcookie(ID_my_site, $_POST['username'], $hour);
71 setcookie(Key_my_site, $_POST['pass'], $hour);

74 header("Location: members.php");

Edited by truefusion, 09 February 2010 - 06:35 PM.

[Pankyy]

Droops, it would be better if you created a new thread, but anyway, going to your problem; The #9 line in the script login.php would be good to find the problem also.

[jlhaslip]

Indeed, this should be a seperate thread, and after the issue is resolved, it can be moved.

Check the Login.php file and remove all the spaces from the first line before the <?php token. See if that works.

[contactskn]

Thank you for such a good code set for login, Even I was searching something like that for my new website and I think it will be very useful for me. Thanks again. 

[stefan_pavikevik]

Pretty nice tutorial. I really needed as thing such as this.
I am experimenting with the code, to get some other kind of php login script.
Thanks!

[Ash-Bash]

Thank you for sharing this with us princeofvegas I will be using this on my site, But I wonder if you could make a tutorial on how to make your own image upload script or own file uploading script Like Rapid-Share or Megaupload? That would be most kind of you if you did make one .

[DroopsLoops]

Pankyy, on Mar 20 2009, 02:25 AM, said:

Droops, it would be better if you created a new thread, but anyway, going to your problem; The #9 line in the script login.php would be good to find the problem also.

Hey, how do I create a new thread? I'm not the most advance programmer. In fact I'm a bit lost in some parts of this code. If you can help me a bit more or direct me on the way of a tutorial that help me with the problem would be awesome. Also I dont know what is the problem in the line #9... so the same that up there, if you can help me a bit more or direct me on the way of a tutorial that help me with the problem would be awesome.

Thanks for the answers everyone!

[ghulamsarwer]

Hi to all,

i am facing a problem with login page script. As i login it gives me "Incorrect password, please try again"

Need Help

[Semsem]

If I were you, I'd go for a different login. This one is too dang confusing and has pointless stuff in it for normal use.

However, sounds to me as though you haven't registered an account (via the script). Do that, or manually add a row in MySQL, and you should be good to go.