Neverside

mLogin (Small login system)

I've seen a lot of login threads by people who are fairly lost in what to do, just want you to make your own system from them, or are very close but they have a few mistakes.

I made a login system a few months ago, that I don't use personally but a few of my friends to for their websites in the general admin area. I named it mLogin, and so far to date, I haven't found any bugs.

I won't post the code here, because even though it is a small file, it would take up a lot of room, so I'll attach it for you.

If you want to learn, its commented more than I usually comment, and if you know me, I rarely comment, and it's also there for those of you who just want something that works... And of course, for the rest of you, if you catch any errors, or have any optimization suggestions, I'd be glad to hear them.

So here is the simple login...

___________________

Travis Farrell

Nice. I was actually just working on a login system but having problems. I'm going to see if I can integrate this.

This should work instead of the users array you currently have right?

PHP:

<?php
$sql = "SELECT user, pass, rights FROM users";
$query = mysql_query($sql) or die(mysql_error());
$users = mysql_fetch_assoc($query);
?>

Also, your brackets (or lack of) make it sort of confusing.

And to make it more secure, I wouldn't use the messages telling them what they got wrong. Use a general message telling them Authentication Failed or just redirect them to a custom error page.

Also, if you are going to use custom error messages, get rid of urlencode and just use ID, it looks cleaner.

Last edited by evan, August 11th, 2004 04:13 AM (Edited 1 times)

Nice,

I have just finished the latest version of my login script.
It was very easy to make and it is easy to setup, use and understand.

You can get it here...

http://www.zerofx.net/scripts.php?act=view&id=1

___________________

Thanks akdov for the suggestions.

If you wanted to, you could just give the same message for all the custom messages (that way you really don't know.. and it looks like all one general message.. so thats a flexibility.)

Try this query instead

PHP:

<?php

// Use the $sql and $query you had and then..

$users = array();

while($rows = mysql_fetch_row($query)
{
  $users[$row[0]] = $rows[1] . ',' . $rows[2];
}

?>

The only thing bad about that is that the passwords would have to just text and couldn't be encrypted, though I'm sure I could make it a flexible option like that.

I will take you up on that ID message, I agree it looks cleaner.

Fitzo, cool I'll give it a look later.

___________________

Travis Farrell

Last edited by Motorspin, August 11th, 2004 06:10 AM (Edited 1 times)

To help it match the database, couldn't you just change the $post line to make it compatible with the databse?

PHP:

<?php
/* You have */
$post = isset($_POST['password']) ? md5(trim($_POST['password'])) : '';

/* Change it to this maybe */
$post = md5(isset($_POST['password']) ? trim($_POST['password']) : '');
?>

BTW, you forgot a closing parenthesis

PHP:

<?php

// Use the $sql and $query you had and then..

$users = array();

while($rows = mysql_fetch_row($query))
{
  $users[$row[0]] = $rows[1] . ',' . $rows[2];
}

?>

Last edited by evan, August 11th, 2004 06:44 AM (Edited 1 times)

No that wouldn't do anything because where you put the md5 is just the expression evaluation, nothing is really saved there. I'll look into it later.

And thanks, I wasn't using my editor, I was typing away on TF Quick reply. :P

___________________

Travis Farrell