Jump to content

Login system troubles


mike177

Recommended Posts

Hi, I've been using php for about a year and a half now but I'm having a lot of trouble designing a good solid login system. My current system runs the profile, account settings, register and login system all from 4 files.

 

I fell it’s to centralised. I want to have a file for each single system, e.g. the login page is just one page with all the functions and database connection and error handling all in one.

 

Could someone please give some suggestions on how I could achieve this or show some example?

Link to comment
https://forums.phpfreaks.com/topic/110258-login-system-troubles/
Share on other sites

I'll show you my current one, but it uses sessions.

 

<?php

// Check to see if security codes match.
if ($_POST['imagecaptcha'] != $_SESSION['code'])
{

	echo "<center>The Security Code was incorrect!</center><br>";
	echo "<center>";
	echo "<form action=\"index.php?page=home\">";
	echo "<input type=\"submit\" value=\"Back\">";
	echo "</form>";
	echo "</center>";
	die();

} else { 



$username = $_POST["username"];
$email = $_POST["email"];
$password = md5($_POST["password"]);

if (empty($username) || empty($email) || empty($password)) {
  echo "<center><br><br><b>You need to enter a Correct Username, Password and E-mail</b><br><br>
    <input type=button value=\"Back\" onClick=\"history.go(-1)\"></center>";
  die();
}

$username_check = "SELECT `username` FROM `cf_users` WHERE `username`='" . $username . "' LIMIT 1";
$username_you = mysql_query( $username_check );
$username_you = mysql_fetch_row($username_you);
if($username != $username_you[0]) { echo "<center><br><br><b>Their is no Account matching the Username, Password and E-mail address you entered</b><br><br>
            <input type=button value=\"Back\" onClick=\"history.go(-1)\"></center>";
            die(); }

$email_check = "SELECT `email` FROM `cf_users` WHERE `email`='" . $email . "' LIMIT 1";
$email_you = mysql_query( $email_check );
$email_you = mysql_fetch_row($email_you);
if($email != $email_you[0]) { echo "<center><br><br><b>Their is no Account matching the Username, Password and E-mail address you entered</b><br><br>
            <input type=button value=\"Back\" onClick=\"history.go(-1)\"></center>";
            die(); }


$pass_check = "SELECT `password` FROM `cf_users` WHERE `username`='" . $username . "' LIMIT 1";
$pass_you = mysql_query( $pass_check );
$pass_you = mysql_fetch_row($pass_you);
if($password !== $pass_you[0]) { echo "<center><br><br><b>Their is no Account matching the Username, Password and E-mail address you entered</b><br><br>
            <input type=button value=\"Back\" onClick=\"history.go(-1)\"></center>";
            die(); }

$sql = "SELECT `id` FROM `cf_users` WHERE `username`='" . $username . "' && `email`='" . $email . "' && `password`='" . $password . "' LIMIT 1";
if ($rs = mysql_query( $sql )) {
  if (mysql_num_rows($rs)) {
    $row = mysql_fetch_assoc($rs);
    $_SESSION['username'] = $username;
    $_SESSION['playerid'] = $row['id'];
    header("Location: index.php?page=base");
  } else {
    echo "<center><br><br><b>Their is no Account matching the Username, Password and E-mail address you entered</b><br><br>
            <input type=button value=\"Back\" onClick=\"history.go(-1)\"></center>";
            die();
  }
} else {
  die('Query:<br />' . $sql . '<br /><br />Error:<br />' . mysql_error());
}

} 

?>

 

it also uses Image Captcha for a little more security.

 

Regards ACE

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.