mike177 Posted June 15, 2008 Share Posted June 15, 2008 Hi, I've been using php for about a year and a half now but I'm having a lot of trouble designing a good solid login system. My current system runs the profile, account settings, register and login system all from 4 files. I fell it’s to centralised. I want to have a file for each single system, e.g. the login page is just one page with all the functions and database connection and error handling all in one. Could someone please give some suggestions on how I could achieve this or show some example? Quote Link to comment Share on other sites More sharing options...
mike177 Posted June 15, 2008 Author Share Posted June 15, 2008 does any 1 have any sugestions or would I be right in saying that there is not a single desent tutorial on how to write a proper login system on the internet that doesnt use sessions for god saks Quote Link to comment Share on other sites More sharing options...
MasterACE14 Posted June 15, 2008 Share Posted June 15, 2008 I'll show you my current one, but it uses sessions. <?php // Check to see if security codes match. if ($_POST['imagecaptcha'] != $_SESSION['code']) { echo "<center>The Security Code was incorrect!</center><br>"; echo "<center>"; echo "<form action=\"index.php?page=home\">"; echo "<input type=\"submit\" value=\"Back\">"; echo "</form>"; echo "</center>"; die(); } else { $username = $_POST["username"]; $email = $_POST["email"]; $password = md5($_POST["password"]); if (empty($username) || empty($email) || empty($password)) { echo "<center><br><br><b>You need to enter a Correct Username, Password and E-mail</b><br><br> <input type=button value=\"Back\" onClick=\"history.go(-1)\"></center>"; die(); } $username_check = "SELECT `username` FROM `cf_users` WHERE `username`='" . $username . "' LIMIT 1"; $username_you = mysql_query( $username_check ); $username_you = mysql_fetch_row($username_you); if($username != $username_you[0]) { echo "<center><br><br><b>Their is no Account matching the Username, Password and E-mail address you entered</b><br><br> <input type=button value=\"Back\" onClick=\"history.go(-1)\"></center>"; die(); } $email_check = "SELECT `email` FROM `cf_users` WHERE `email`='" . $email . "' LIMIT 1"; $email_you = mysql_query( $email_check ); $email_you = mysql_fetch_row($email_you); if($email != $email_you[0]) { echo "<center><br><br><b>Their is no Account matching the Username, Password and E-mail address you entered</b><br><br> <input type=button value=\"Back\" onClick=\"history.go(-1)\"></center>"; die(); } $pass_check = "SELECT `password` FROM `cf_users` WHERE `username`='" . $username . "' LIMIT 1"; $pass_you = mysql_query( $pass_check ); $pass_you = mysql_fetch_row($pass_you); if($password !== $pass_you[0]) { echo "<center><br><br><b>Their is no Account matching the Username, Password and E-mail address you entered</b><br><br> <input type=button value=\"Back\" onClick=\"history.go(-1)\"></center>"; die(); } $sql = "SELECT `id` FROM `cf_users` WHERE `username`='" . $username . "' && `email`='" . $email . "' && `password`='" . $password . "' LIMIT 1"; if ($rs = mysql_query( $sql )) { if (mysql_num_rows($rs)) { $row = mysql_fetch_assoc($rs); $_SESSION['username'] = $username; $_SESSION['playerid'] = $row['id']; header("Location: index.php?page=base"); } else { echo "<center><br><br><b>Their is no Account matching the Username, Password and E-mail address you entered</b><br><br> <input type=button value=\"Back\" onClick=\"history.go(-1)\"></center>"; die(); } } else { die('Query:<br />' . $sql . '<br /><br />Error:<br />' . mysql_error()); } } ?> it also uses Image Captcha for a little more security. Regards ACE Quote Link to comment Share on other sites More sharing options...
marklarah Posted June 15, 2008 Share Posted June 15, 2008 *there. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.