Jump to content

any one can develop this login script??

s7az2mm

By s7az2mm
in PHP Coding Help

 Share

Recommended Posts

pocobueno1388 Regular Member

pocobueno1388

Posted
Posted

This forum is for "help", not getting people to do things for you. If you would like someone to do this for you, you would best post in the freelance section. Otherwise, you need to attempt to figure it out, and when you get stuck, ask your question. Or you could rephrase your topic as "How would I implement this idea?", instead of "Implement this idea for me".

 

And as rarebit just said, please do get the code for us instead of having us download it just to help you.

Link to comment
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

all that i need is , i want when user successful login that account will change status to disable and no one can login again. it means only 1 login per account.

 

What you are asking for is actually more complex than you think. If users utilize a logiut function, things are fine. But, because of the nature of a web page, the server has no way to know when the user has closed the browser window (implicit logiut). So, if a user simply closes the window instead of logging out, their account will be locked indefinitely.

 

There are workarounds.

 

In addition to having a disabled status, you can also save a "last_activity" timestamb - basically save the time any time they make a request. Then if a user attempts to log in and the account is disabled check the last_activity timestamp. If the last_activity time is more than some set time limit assume they did not log out on their last visit and allow them to log in.

 

But there are still problems with that. If the user wants to get back in right after closing the window, they will have to wait until the time limit. You could aso save the IP address and let them back in if their account is locked as long as it came from the same last IP. But, that's not perfect either for many reasons.

Link to comment
Share on other sites
s7az2mm Newbie

s7az2mm

Posted
  • Author
Posted

hi again Guys

here is the code

and so sorry me for this Topic

i think 1 new table in mysql can fix it, value 0/1 and default all users value have 0 and when login changed to 1.(i'm not a programmer)

i have so big problem that will be fix with your help.

 

protect.php

<?php

session_start ();

// --------------------------------THE VARIABLES---------------------------------- //

@include ("config.php");

// ----------------------------------THE CODE ------------------------------------ //

function clearance ($user_value, $pass_value, $level_value, $userlevel_value, $table_value, $column1, $column2, $path) { // Function to see if user can login

$check = mysql_query ("SELECT $userlevel_value FROM $table_value WHERE username='$user_value' AND password='$pass_value'"); // Query to see if user exists

$verify = mysql_num_rows ($check);

if ($verify == 0) { // Check if passwords are hashed with MD5

	$md5 = md5 ($pass_value);

	$check = mysql_query ("SELECT $userlevel_value FROM $table_value WHERE username='$user_value' AND password='$md5'"); // Query to see if user exists

	$verify = mysql_num_rows ($check);

}

if ($verify == 0) { // Check if passwords are hashed with SHA1

	$sha1 = sha1 ($pass_value);

	$check = mysql_query ("SELECT $userlevel_value FROM $table_value WHERE username='$user_value' AND password='$sha1'"); // Query to see if user exists

	$verify = mysql_num_rows ($check);

}

$get = mysql_fetch_array ($check);

if (count ($level_value) != 0) { // If the allow array contains userlevels

	if (in_array ($get[$userlevel_value], $level_value) && $verify > 0) { // Search allow to see if userlevels match

		$_SESSION['username'] = $user_value; // Register sessions
		$_SESSION['password'] = sha1 ($pass_value); // sha1 password for extra security
		$_SESSION['userlevel'] = $get[$userlevel_value];

	}

} else {

	if ($verify == 0) { // If attempt fails then redirect to login page

		$_SESSION = array();

		$error = "Sorry but your login details were incorrect";

		@include ("login.php");

		exit;

	}

	if ($verify > 0) { // If attempt is good then register the user

		$_SESSION['username'] = $user_value;
		$_SESSION['password'] = sha1 ($pass_value);

	}

}

}

function protect ($level_value, $password_value, $userlevel_value, $table_value, $column1, $path) { // Function to keep pages secure

if (!isset ($_SESSION['username'])) { // If session doesn't exist then get user to login

	if (isset ($_POST['username']) && isset ($_POST['password'])) {

		$error = "Sorry but your login details were incorrect";

	}

	$_SESSION = array();

	@include ("login.php");

	exit;

} else { // If user is logged in check to see if session is valid and that they have the required userlevel

	$check = mysql_query ("SELECT $password_value, $userlevel_value FROM $table_value WHERE $column1='$_SESSION[username]'"); // Query to see if user exists

	$verify = mysql_num_rows ($check);

	$get = mysql_fetch_array ($check);

	if ($verify == 0) {

		$_SESSION = array();

		$error = "Sorry but your login details were incorrect";

		@include ("login.php");

		exit;

	}

	if ($verify > 0 && count ($level_value) != 0) {

		if (!in_array ($get[$userlevel_value], $level_value)) { // Check to see if the users userlevel allows them to view the page

			$error = "Sorry but your login details were incorrect";

			@include ("login.php");

			exit; // Ensure no other data is sent

		}

	}	

}

}

if (isset ($_POST['username']) && isset ($_POST['password'])) { // If user submits login information then validate it

clearance ($_POST['username'], $_POST['password'], $allow, $userlevel, $table, $username, $password, $path);

}

protect ($allow, $password, $userlevel, $table, $username, $path);

mysql_close ($link); // Close the database connection for security reasons

// -----------------------------------THE END ------------------------------------ //

?>

 

 

Link to comment
Share on other sites
cooldude832 Advanced Member

cooldude832

Posted
Posted

Just make your own login script. A basic script can be done within about 50 lines of code, But of couse it wont be secure!

 

50 lines?  That is over kill

<?php
$username = mysql_escape_string($_POST['username']);
$password = md5($_POST['password']);
//Connect SQL
//Select DB
$q = "select UserID from `Users` Where Username = '".$username."' and Password= '".$password."'";
$r = mysql_query($q) or die(mysql_error());
if(mysql_num_rows($r)){
//Logged in
}
else{
//not a valid login
}
//Done
?>

 

I think that is less than 50 and perfectly secure

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.