Login system troubles

[mike177]

Hi, I've been using php for about a year and a half now but I'm having a lot of trouble designing a good solid login system. My current system runs the profile, account settings, register and login system all from 4 files.

 

I fell it’s to centralised. I want to have a file for each single system, e.g. the login page is just one page with all the functions and database connection and error handling all in one.

 

Could someone please give some suggestions on how I could achieve this or show some example?

[mike177]

does any 1 have any sugestions or would I be right in saying that there is not a single desent tutorial on how to write a proper login system on the internet that doesnt use sessions for god saks

[MasterACE14]

I'll show you my current one, but it uses sessions.

 

<?php

// Check to see if security codes match.
if ($_POST['imagecaptcha'] != $_SESSION['code'])
{

	echo "<center>The Security Code was incorrect!</center><br>";
	echo "<center>";
	echo "<form action=\"index.php?page=home\">";
	echo "<input type=\"submit\" value=\"Back\">";
	echo "</form>";
	echo "</center>";
	die();

} else { 



$username = $_POST["username"];
$email = $_POST["email"];
$password = md5($_POST["password"]);

if (empty($username) || empty($email) || empty($password)) {
  echo "<center><br><br><b>You need to enter a Correct Username, Password and E-mail</b><br><br>
    <input type=button value=\"Back\" onClick=\"history.go(-1)\"></center>";
  die();
}

$username_check = "SELECT `username` FROM `cf_users` WHERE `username`='" . $username . "' LIMIT 1";
$username_you = mysql_query( $username_check );
$username_you = mysql_fetch_row($username_you);
if($username != $username_you[0]) { echo "<center><br><br><b>Their is no Account matching the Username, Password and E-mail address you entered</b><br><br>
            <input type=button value=\"Back\" onClick=\"history.go(-1)\"></center>";
            die(); }

$email_check = "SELECT `email` FROM `cf_users` WHERE `email`='" . $email . "' LIMIT 1";
$email_you = mysql_query( $email_check );
$email_you = mysql_fetch_row($email_you);
if($email != $email_you[0]) { echo "<center><br><br><b>Their is no Account matching the Username, Password and E-mail address you entered</b><br><br>
            <input type=button value=\"Back\" onClick=\"history.go(-1)\"></center>";
            die(); }


$pass_check = "SELECT `password` FROM `cf_users` WHERE `username`='" . $username . "' LIMIT 1";
$pass_you = mysql_query( $pass_check );
$pass_you = mysql_fetch_row($pass_you);
if($password !== $pass_you[0]) { echo "<center><br><br><b>Their is no Account matching the Username, Password and E-mail address you entered</b><br><br>
            <input type=button value=\"Back\" onClick=\"history.go(-1)\"></center>";
            die(); }

$sql = "SELECT `id` FROM `cf_users` WHERE `username`='" . $username . "' && `email`='" . $email . "' && `password`='" . $password . "' LIMIT 1";
if ($rs = mysql_query( $sql )) {
  if (mysql_num_rows($rs)) {
    $row = mysql_fetch_assoc($rs);
    $_SESSION['username'] = $username;
    $_SESSION['playerid'] = $row['id'];
    header("Location: index.php?page=base");
  } else {
    echo "<center><br><br><b>Their is no Account matching the Username, Password and E-mail address you entered</b><br><br>
            <input type=button value=\"Back\" onClick=\"history.go(-1)\"></center>";
            die();
  }
} else {
  die('Query:<br />' . $sql . '<br /><br />Error:<br />' . mysql_error());
}

} 

?>

 

it also uses Image Captcha for a little more security.

 

Regards ACE

[marklarah]

*there.