I am no good with these 'login' scripts.
I am in the process of creating a system, which needs a login script.
I cannot create a secure, working login code with sessions/cookies.
So, could anyone create me a working, secure login code with sessions/cookies and a code that would only allow logged in users to view a page? Also, so it takes the details from a mySQL database.
I know it may be a lot, but I really need this. I can only offer +rep, and maybe a small amount of paypal cash (most likely not).
Thanks a bunch!
Results 1 to 10 of 14
Thread: Help, please?! ;]
-
Help, please?! ;]
-
You shouldn't ask us to make it for you - no one will. You should ask us how to make it
. Making a secure login script requires sessions. read up on them here.
How could this hapen to meeeeeeeeeeeeeee?
lol.
-
Okay, how could I make one? Are there any good tutorials?
-
A secure login does not require sessions.
Originally Posted by Reconix
You shouldn't ask us to make it for you - no one will. You should ask us how to make it. Making a secure login script requires sessions. read up on them here.
You can make a complete and secure system using cookies, if you have enough knowledge to secure it correctly.
Although many people prefer sessions > cookies, its a personal preference.
Both have their own pros and cons.
-
Well here is a link to a tutorial that I quickly checked through that looked fairly comprehensive and secure at first glance.
http://www.devshed.com/c/a/PHP/Creat...-Login-Script/
As for the Cookie vs. Session question it is mostly a matter of preference and opinion. I use Sessions because I'm used to dealing with them but you should do some Googling to find out for yourself which best suits your needs/situation.
-
But if you gave a person of avid knowledge the task of designing a secure login system with cookies and one with sessions, a hacker gets into the one with cookies first.
How could this hapen to meeeeeeeeeeeeeee?lol.
-
Thats because they are not verified or checked right. Originally Posted by Reconix
Just checking if a cookie exists is nothing.
You need to verify it against the database, and some more things.
-
Well actually... Cookies can be just as secure as Sessions when implemented correctly. The perfect example is vBulletin. Just because it uses Cookies does that make it insecure? I mean sure, it has it's flaws, but 99% of those have nothing to do with the Cookies (moreso MySQL injection). Originally Posted by Reconix
Actually, what he said was 'if you gave a person of avid knowledge'... chances are that if they are a 'person of avid knowledge' then they would know enough to actually put something in the cookie and not just check for a cookie Originally Posted by Zedtu
-
A page to see if their logged inPHP Code:
<?php
if($_POST["lol"]) {
$username = addslashes(htmlspecialchars(mysql_real_escape_string($_POST["name"])));
$pass = addslashes(htmlspecialchars(mysql_real_escape_string($_POST["pass"])));
$haha = mysql_connect("localhost", "username", "pass");
if(!haha) { echo 'cant connect'; } else {
mysql_select_db("$haha");
$q = mysql_query("SELECT * FROM `users` WHERE user = '$username' AND pass = '$pass'");
$m = mysql_num_rows($q);
if($m == "0") { echo 'No such user or pass!'; } else {
$_SESSION["loggedin"] = "true";
}
}
} else {
?>
<form action="login.php" method="post">
<input type="text" name="name"><br><br><input type="password" name="pass"><br><br><input type="submit" name="lol" value="Login!!">
<?php
}
?>
Thats crap, did in 5 mins and its just to give a very basic idea of the sorta thing to do, not secure atall reallyPHP Code:<?php
if($_SESSION["loggedin"] == "true") {
// logged in
} else {
echo 'Login please!';
}
?>
-
True but it's quite a 50/50 ay?
How could this hapen to meeeeeeeeeeeeeee?lol.
Reply With Quote
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts