[matthewhaigh]

Right i was wanting to know how i could built a login script that

1. validates a username and pass with a database
2. if correct directs to the relevant page for that username, (each username would have its own page)

any help would be appriciated, im new to this....

thanks mat

[girasquid]

If you're going to build a script like that, you'll need to learn some sort of server-side language - like Perl, PHP, ASP.Net, or others.

You'll need to figure out how to store the information for a users username and password. The two most common options are flat files and databases; both have advantages and disadvantages, although databases are much more commonly used.

[matthewhaigh]

girasquid, on 12 Nov, 2007 - 02:43 PM, said:

If you're going to build a script like that, you'll need to learn some sort of server-side language - like Perl, PHP, ASP.Net, or others.

You'll need to figure out how to store the information for a users username and password. The two most common options are flat files and databases; both have advantages and disadvantages, although databases are much more commonly used.

which SSL wolud you recomend?

[PsychoCoder]

Verisign is pretty much the industry defacto when it comes to SSL, but they're also the most expensive. You can go here to find more possibilities

[matthewhaigh]

PsychoCoder, on 12 Nov, 2007 - 02:52 PM, said:

Verisign is pretty much the industry defacto when it comes to SSL, but they're also the most expensive. You can go here to find more possibilities

cheers

allthough it doesnt need to be super secure its just a project for one of my websites, im just lookin how it could possibly be achived, ive heard a lot about php

[PsychoCoder]

Well PHP is a language to programming what you're looking for, SSL is Secure Socket Layer, which is a secure certificate (URL's that start with https:// rather than http://), so they are 2 completely different beasts.

[matthewhaigh]

PsychoCoder, on 12 Nov, 2007 - 02:57 PM, said:

Well PHP is a language to programming what you're looking for, SSL is Secure Socket Layer, which is a secure certificate (URL's that start with https:// rather than http://), so they are 2 completely different beasts.

oh sorry i just relised by ssl i was referring to server sided languages, cheers ill give php a go then , just one question can you use access databases with it?

[axel]

PHP is probably the more popular choice.

[matthewhaigh]

axel, on 13 Nov, 2007 - 07:18 AM, said:

PHP is probably the more popular choice.

yera, so do you have amy ideas for the code?

[Thorian]

Tell ya what I am going to move this over to the PHP section, Someone may be able to better able to assist. you there

[PsychoCoder]

Heres a snippet I write on logging in in PHP and implementing sessions. The part about logging in just might be enough to get you started

[matthewhaigh]

PsychoCoder, on 14 Nov, 2007 - 11:48 AM, said:

Heres a snippet I write on logging in in PHP and implementing sessions. The part about logging in just might be enough to get you started

Thanks,

ill take a look

[blux]

Quote

oh sorry i just relised by ssl i was referring to server sided languages, cheers ill give php a go then , just one question can you use access databases with it?

I'm sorry but you are mistaken, SSL means Secure Socket Layer

[c0mrade]

PsychoCoder, on 14 Nov, 2007 - 11:48 AM, said:

Heres a snippet I write on logging in in PHP and implementing sessions. The part about logging in just might be enough to get you started

thanks, ive been looking for a login solution too, this code looks nice. Im going through it at the moment, hope i can build the rest...

i found this script on codango (www.codango.com), there was no description saying how to use it, but it appears to be complete, and its some pretty coding

<? 
class db { 
	 
	var $db_type; 
	var $db_server; 
	var $db_name; 
	var $db_user; 
	var $db_pass; 
	var $db_persistent; 
	var $dbh; 
	 
	function db() { 
		 
	 
		$this->db_type = 1; 
		$this->db_server = 'localhost'; 
		$this->db_name = 'db'; 
		$this->db_user = 'user'; 
		$this->db_pass = 'pass'; 
		$this->db_persistent = 0; 
				$this->db_connect(); 
		 
	} //end constructor 
	 
	function db_connect () { 
		 
		// mySQL  
		if($this->db_type == 1) { 
			if ($this->db_persistent) 
				$this->dbh = @mysql_pconnect($this->db_server, $this->db_user, $this->db_pass); 
			else 
				$this->dbh = @mysql_connect($this->db_server, $this->db_user, $this->db_pass); 

			if (!$this->dbh) { 
				printf("Error: Connection to MySQL server '%s' failed.<BR>\n", $this->db_server); 
				return; 
			} 

			if (!@mysql_select_db($this->db_name, $this->dbh)) { 
				printf("Error: Connection to MySQL database '%s' failed.<BR>\n>%s: %s<BR>\n", $this->db_name, @mysql_errno($this->dbh), @mysql_error($this->dbh)); 
				return; 
			} 
		} 
		//end mySQL 
	} //end db_connect() 
	 
	function db_query ($query) { 
		 
		// mySQL  
		if($this->db_type == 1) { 
			$result = mysql_query($query, $this->dbh) 
				or die ("Error: A problem was encountered while executing this query."); 
			 
			return $result; 
		} 
		//end mySQL 
	} //end db_query() 
	 
	function db_numrows ($result) { 
		 
		switch($this->db_type) { 
			case 1: //mySQL 
				return mysql_num_rows($result); 
		 
		} //end switch 
	} // end db_numrows() 
	 
	function db_fetch_array (&$result) { 
		 
		switch($this->db_type) { 
			case 1: //mySQL 
				return mysql_fetch_array($result); 
		} //end switch 
	} //end db_fetch_array() 
	 
			 
} //end class db 

class authenticate { 
	 
	var $db; 
	var $salt; 
	 
	function authenticate() { 
		 
		 
		$this->db = new db; 
		$this->salt = 'a552avf1ss'; 
		 
		 
	} //end constructor 

	 
	function login($uname, $pword) { 
		 
		$query = "SELECT username FROM users WHERE username = '" . $uname . "' AND password = '" . crypt($pword, $this->salt) . "'"; 
		$result = $this->db->db_query($query); 
		if($this->db->db_numrows($result) > 0) { 
			$secret = crypt($uname,$this->salt); 
			setcookie("mysite", "$uname:$secret");			 
			return 1; 
		} else { 
			return 0; 
		} 
	} //end login() 
	 
	function createUser($uname,$pword,$email) { 
		srand(make_seed()); 
		$randval = rand(); 
		$query = "INSERT authorize(username,password,accesslevel,email,id) VALUES ('" . $uname . "','" . crypt($pword,$this->salt) . "',0,'" . $email ."','" . $randval . "')"; 
		$result = $this->db->db_query($query); 
		$message = "This message has been sent to you because you requested a login for mysite.com.\n\n"; 
		$message .= "Please use the following URL to verify your email address and be added to the userlist.\n\n"; 
		$message .= "http://mysite.com/newuser.php?email=" . $email . "&id=" . $randval . "\n\n"; 
		$message .= "Please note that if you have recieved this message in error, or you do not want to sign up, you do not need to do anything.\nYou will not be added to the listing unless you use the proceeding URL.\n\n"; 
		$message .= "Thanks for visiting our site!\n"; 
		mail($email, "mysite.com - account confirmation", $message, "From: register@mysite.com"); 
		 
	} 
	 
	function checkUsername($uname) { 
		$query = "SELECT * FROM users where username='" . $uname ."'"; 
		$result = $this->db->db_query($query); 
		if($this->db->db_numrows($result) > 0) {			 
			return 0; 
		} else { 
			return 1; 
		} 
	} 
	 
	function validateUser($email,$id) { 
		$query = "SELECT * FROM authorize WHERE email='" . $email . "' AND id='" . $id ."'"; 
		$result = $this->db->db_query($query); 
		if($this->db->db_numrows($result) > 0) { 
			$row = $this->db->db_fetch_array($result); 
			$query = "INSERT users(user_id,username,password,accesslevel,email) VALUES ('','" . $row['username'] . "','" . $row['password'] . "',1,'" . $row['email'] ."')"; 
			$result = $this->db->db_query($query); 
			$query = "SELECT user_id FROM users WHERE username='" . $row['username'] ."'"; 
			$result = $this->db->db_query($query); 
			$row = $this->db->db_fetch_array($result); 
			$query = "DELETE FROM authorize WHERE id='" . $id ."'"; 
			$result = $this->db->db_query($query); 
			return 1; 
		} else { 
			return 0; 
		} 
	} 
	 
	function logout() { 
		 
		setcookie("mysite"); 
	} //end logout() 
	 
	function checkLogin() { 
		global $HTTP_COOKIE_VARS; 

		$array = explode(":", $HTTP_COOKIE_VARS['mysite']); 
		if(crypt($array[0], $this->salt) == $array[1]) { 
			return 1; 
		} else { 
			return 0; 
		} 
	} //end checkLogin() 
	 
	function getName() { 
		global $HTTP_COOKIE_VARS; 
		$array = explode(":", $HTTP_COOKIE_VARS['mysite']); 
		return $array[0]; 
	} 
	 
	function getLevel() { 
		$logged = $this->checkLogin(); 
		if($logged) { 
			$username = $this->getName(); 
			$query = "SELECT accesslevel FROM users WHERE username='" . $username . "'"; 
			$result = $this->db->db_query($query); 
			$row = $this->db->db_fetch_array($result); 
			return $row['accesslevel']; 
		} else { 
			return 0; 
		} 
	} 
	 
	function getID() { 
		$logged = $this->checkLogin(); 
		if($logged) { 
			$username = $this->getName(); 
			$query = "SELECT user_id FROM users WHERE username='" . $username . "'"; 
			$result = $this->db->db_query($query); 
			$row = $this->db->db_fetch_array($result); 
			return $row['user_id']; 
		} else { 
			return 0; 
		} 
	} 
	 
		 
} //end class authenticate 
?> 
####table structures 
CREATE TABLE authorize ( 
  username varchar(15) NOT NULL default '', 
  password varchar(20) NOT NULL default '', 
  accesslevel tinyint(4) NOT NULL default '0', 
  email varchar(30) NOT NULL default '', 
  id varchar(30) NOT NULL default '', 
  PRIMARY KEY  (username) 
) TYPE=MyISAM; 
CREATE TABLE users ( 
  user_id int(10) unsigned NOT NULL auto_increment, 
  username varchar(15) NOT NULL default '', 
  password varchar(20) NOT NULL default '', 
  accesslevel tinyint(4) NOT NULL default '0', 
  email varchar(30) NOT NULL default '', 
  PRIMARY KEY  (username), 
  KEY user_id (user_id) 
) TYPE=MyISAM; 

if someone could explain that id really appreciate it

[Jody LeCompte]

The first class(db) is simply an organized collection of database related classes. It's the same as using the mysql_* functions included in PHP but most people these days tend to write an external class to save time in handling database interaction there own way. For instance, I'm real big about completely controlling error output and debug information so I use a database class rather than just the PHP functions.

Your involvement with the database class ends with simply changing the configuration to match your server.

		$this->db_type = 1; // Leave as 1
		$this->db_server = 'localhost'; // MySQL server almost always localhost
		$this->db_name = 'db'; //Your database name
		$this->db_user = 'user'; //Your database username
		$this->db_pass = 'pass'; //Your database password
		$this->db_persistent = 0; //Persistent connections are suposedly faster if your server has them turned on
 

The authentication class is where your attention should be focused, each function has it's own paritcular purpose but you you should notice(assuming your new to programming) is that it's not a stand alone membership application, just a library. You still have to code your HTML pages and handle information.

CREATE TABLE authorize (
  username varchar(15) NOT NULL default '',
  password varchar(20) NOT NULL default '',
  accesslevel tinyint(4) NOT NULL default '0',
  email varchar(30) NOT NULL default '',
  id varchar(30) NOT NULL default '',
  PRIMARY KEY  (username)
) TYPE=MyISAM;
CREATE TABLE users (
  user_id int(10) unsigned NOT NULL auto_increment,
  username varchar(15) NOT NULL default '',
  password varchar(20) NOT NULL default '',
  accesslevel tinyint(4) NOT NULL default '0',
  email varchar(30) NOT NULL default '',
  PRIMARY KEY  (username),
  KEY user_id (user_id)
) TYPE=MyISAM; 

This is the SQL dump for the database, you would simply enter that into your MySQL interface, most php developers favor phpMyadmin.

createUser() is the function you want to use to create your members obviously, login() and logout() are also just as self explanatory. You really just have to create a few forms and then pluck the functions into use.

validateUser() is the function that validates the user account once they have checked their email and clicked the link sent by the createUser function.

getLevel(), getId(), and getName() are all functions that retrieve user information post-login which is where you want to look after logging in and going along the way to create your user specific pages.

Finally, checkLogin is just a function to check if the user is logged in, Im assuming intended to be used at the begining of any "members only" page.

That said, I wouldn't use this script for more than learning purposes. Just by glancing at it, I as well as many other people around DIC, will be able to tell you it has many poor coding practices, and poor security. Not to mention the use of $HTTP_* globals inplies it was actually written on a very old version of PHP.

Even still, you never did actually mention your ability with PHP, if you are new to the language I would actually consider finding another membership script to play around with as Object Oriented programming is actually a more advanced feature of PHP and will probably only to serve to throw you off in your development as a PHP programmer.

I recommend finding something over at hotscripts.com:
http://www.hotscript...tion/index.html