|
|
|
|
Thread title: Free secure PHP login system |
|
|
|
|
|
Thread tools
Search this thread
Display Modes
|
|
08-25-2007, 01:03 PM
|
#1
|
Status: Request a custom title
Join date: Feb 2005
Location: The Netherlands
Expertise:
Software:
Posts: 2,616
|
Free secure PHP login system
Had this coded for me by one of my programmers, thought it might come in handy for some of you guys! This code may only be used for personal sites, you may not sell this code or edit in any way! If you want to use it for commercial purposes, please send me a PM. Will only cost you $5!
login.php
PHP Code:
<?php
// Sample Login Script
// AuthClass Suite
// Sam Granger
include ('./authclass.php');
$ac = new AuthClass();
if ($_POST['loginButton']) {
$username = htmlspecialchars($_POST['username']);
$password = htmlspecialchars($_POST['password']);
$auth_result = $ac->authenticate($username,$password);
if ($auth_result) {
header('Location: securepage.php');
exit;
} else {
echo "Invalid Login";
}
}
?>
<html>
<title>Login Form</title>
<body style='font-family: Verdana;font-size: 11px;'>
<form name=authform id=authform action='login.php' method='post'>
Username: <input type=text size=20 name=username /><br>
Password: <input type=password size=20 name=password /><br>
<input type=submit name=loginButton id=loginButton value='Login'/>
</form>
</body>
</html>
securepage.php
PHP Code:
<?php
// Sample Secure Page
// AuthClass Suite
// Sam Granger
include ('./authclass.php');
$ac = new AuthClass();
if (!$ac->verify()) {
echo "Unauthorized Login Detected";
exit;
}
?>
<html>
<title>Secure Area</title>
<body style='font-family: Verdana;font-size: 11px;'>
<h1>Secure Area</h1><br>
If you see this. You are authorized.<br><br>
Logged in: <b>
<?php
echo $_SESSION['username'];
?></b><br>
</body>
</html>
authclass.php
PHP Code:
<?php
// AuthClass
// Syed Imran Moinuddin
// Created for Sam Granger
// Please review AUTH_INSTALL and AUTH_NOTES before usage
// Description: The purpose of this class is to provide a secure authenticated mechanism for login and login verification
// Recommended usage is as is done in the sample code provided (login.php , securepage.php)
// By Syed Imran Moinuddin
include ('./includes/db_settings.php');
class AuthClass {
var $db_link;
var $failed = true;
var $id = null;
//default constructor
function AuthClass() {
@session_start();
global $DB_SERVER,$DB_USER,$DB_USER,$DB_PWD,$DB_NAME;
//try to connect to the server and save db object
$this->db_link = mysql_connect($DB_SERVER,$DB_USER,$DB_PWD) or die("Auth Subsystem Error");
//try to select the database;
mysql_select_db($DB_NAME, $this->db_link) or die ("Auth Subsystem Error");
// only do this if not been run before.
@session_start();
if (!isset($_SESSION['logged'])) {
$this->session_defaults();
}
}
function session_defaults() {
@session_start();
$_SESSION['logged'] = false;
$_SESSION['uid'] = 0;
$_SESSION['username'] = '';
}
function checkLogin($username,$password) {
$username = mysql_escape_string($username);
$password = mysql_escape_string(md5($password));
$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_query($sql,$this->db_link) or die("Auth Subsystem Error");
if ( mysql_num_rows($result) > 0 ) {
$match = mysql_fetch_array($result,MYSQL_BOTH);
$this->setSession($match);
return true;
} else {
$this->failed = true;
return false;
}
}
function setSession($match, $init = true) {
@session_start();
$id = $match['id'];
$_SESSION['uid'] = $id;
$_SESSION['username'] = htmlspecialchars($match['username']);
$_SESSION['logged'] = true;
if ($init) {
$session = session_id();
$ip = $_SERVER['REMOTE_ADDR'];
$sql = "UPDATE users SET session = '$session', ip = '$ip' WHERE id = '$id'";
mysql_query($sql,$this->db_link) or die("Auth Subsystem Error");
}
}
function checkSession() {
@session_start();
$username = $_SESSION['username'];
$session = session_id();
$ip = $_SERVER['REMOTE_ADDR'];
$sql = "SELECT * FROM users WHERE (username = '$username') AND (session = '$session') AND (ip = '$ip')";
$result = mysql_query($sql,$this->db_link) or die("Auth Subsystem Error");
if (mysql_num_rows($result) > 0 ) {
return true;
} else {
$this->session_defaults();
return false;
}
}
// Public function: authenticate
// Arguments: Username, Password [string]
// Description: Perform the actual authentication at the time of login.
function authenticate($username,$password) {
@session_start();
$ret = $this->checkLogin($username,$password);
if (!$ret) {
$_SESSION = array();
$this->session_defaults();
}
return $ret;
}
// Public function: verify
// Arguments: Void
// Description: Ensure that a valid authenticated session is in process. To be called to check on all secure pages. recommended to place in include.
function verify() {
$ret = $this->checkSession();
return $ret;
}
function logout() {
@session_start();
$_SESSION = array();
$this->session_defaults();
}
}
?>
includes/db_settings.php
PHP Code:
<?php
// Please update with your current settings.
$DB_SERVER = "localhost";
$DB_USER = "root";
$DB_PWD = "abcd";
$DB_NAME = "test";
?>
SQL
Code:
CREATE TABLE users (
id int NOT NULL auto_increment,
username varchar(20) NOT NULL default '',
password char(32) binary NOT NULL default '',
session char(32) binary NOT NULL default '',
ip varchar(15) binary NOT NULL default '',
PRIMARY KEY (id),
UNIQUE KEY username (username)
);
INSERT INTO `users` (username,password) values ('username1',md5('password1'));
Install:
Authentication Class - AuthClass
Syed Imran Moinuddin
23rd September 2006
=================================
Installation and Deployment Notes
Please follow the following steps in order to deploy on server:
-> Open the authtable.sql file in sql/ subdirectory and ensure that the commands are executed in the database which will be hosting the users login/members details. Optionally this may be done at the command line by:
mysql -u <your_mysql_user> -p <your_mysql_db> < authtable.sql
-> Open the db_settings.php in the includes/ subdirectory and modify the database settings to match the MySQL server of the deployment
-> Place the all the files (excluding sql/ subdirectory) into a browser accesible folder (as per definition of your web server deployment)
-> In your browser enter the URL:
http://yourserver/pathtoauthfiles/login.php
-> Enter username and password as test & test respectively and click Login
-> If you see "Secure Page" your installation is a success.
Developer's note: For maximum effectivenes for security please use the AuthClass in the manner that it is used in the provided sample code login.php and securepage.php
|
Notes:
Authentication Class - AuthClass
Syed Imran Moinuddin
23rd September 2006
=================================
General Notes
-> All passwords in the DB must be stored as MD5 hashed.
-> The AuthClass object offers two key functions (not including internal functions):
- authentication($username,$password)
The function will accept the username and password as provided by the user and then proceed to compare the md5 hashed
value of the password with the encrypted password in the database.
- verify()
The function will check the browser session and compare against active sessions in the database and return a boolean to
the caller on the validity of the session. verify can be called on the top of all pages which require security. It is
better to place it in a consistently present include to avoid code repetition.
- logout()
This will destroy session variables associated with the existing login and should be triggered such as when the user clicks
a logout button as well.
|
Enjoy!!
|
|
08-25-2007, 02:40 PM
|
#2
|
Status: Request a custom title
Join date: Feb 2006
Location: USA
Expertise:
Software:
Posts: 1,076
|
I have a question. If someone used it then why can't they edit it to fit their needs? Also this looks exactly like the stuff from The PHP Anthology OOP Solutions except for some of the naming. If that is true you cannot resell this script.
|
|
08-25-2007, 03:00 PM
|
#3
|
Status: Sin Binner
Join date: Aug 2007
Location: Canada
Expertise:
Software:
Posts: 118
|
is there a preview of this script?? Or i a demo. what is the point of using this script?
|
|
08-25-2007, 04:43 PM
|
#4
|
Status: Waving
Join date: Aug 2005
Location:
Expertise:
Software:
Posts: 2,694
|
Originally Posted by Xuxa
I have a question. If someone used it then why can't they edit it to fit their needs? Also this looks exactly like the stuff from The PHP Anthology OOP Solutions except for some of the naming. If that is true you cannot resell this script.
|
I was going to say that too Xuxa, about the PHP Anthology!
|
|
08-25-2007, 04:46 PM
|
#5
|
Status: Geek
Join date: Apr 2006
Location: Denver, CO
Expertise: Software
Software: Chrome, Notepad++
Posts: 6,894
|
Whats the point of it being free when its incomplete and you cant edit it for free? This doesn't belong in the giveaway section.
|
|
08-26-2007, 10:15 AM
|
#6
|
Status: Request a custom title
Join date: Feb 2005
Location: The Netherlands
Expertise:
Software:
Posts: 2,616
|
Well, you can edit it but I dont want people saying its their own and selling it. About The PHP Anthology OOP Solutions, I don't have a clue. I gave the specifications to the programmer who is quite experienced.
|
|
08-26-2007, 10:19 AM
|
#7
|
Status: Request a custom title
Join date: Feb 2005
Location: The Netherlands
Expertise:
Software:
Posts: 2,616
|
Could you please refer to which volume and page?
|
|
08-26-2007, 01:50 PM
|
#8
|
Status: Geek
Join date: Apr 2006
Location: Denver, CO
Expertise: Software
Software: Chrome, Notepad++
Posts: 6,894
|
Looking at sitepoints free portion of that e-book, the code bares no resemblance whatsoever.
|
|
08-26-2007, 03:37 PM
|
#9
|
Status: Request a custom title
Join date: Feb 2005
Location: The Netherlands
Expertise:
Software:
Posts: 2,616
|
Originally Posted by Village Idiot
Looking at sitepoints free portion of that e-book, the code bares no resemblance whatsoever.
|
Thank god! I have the sitepoint books at home, will also take a look. Thanks for checking VI. Still waiting for a reply from Xuxa or Garrett
|
|
08-26-2007, 07:54 PM
|
#10
|
Status: Request a custom title
Join date: Feb 2006
Location: USA
Expertise:
Software:
Posts: 1,076
|
I own the book. It looks exactly like it except the names of the some functions are changed along with variables and all of that sort.
|
|
|
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
|