Learn how to create a secure login system using salt and pepper technique and using sha1 and md5 encryption in this great step by step Php Tutorial
Learn how to create a secure login system using salt and pepper technique and using sha1 and md5 encryption in this great step by step Php Tutorial
THIS TUTORIAL IS A LITTLE OUT DATED AND WE ARE PLANNING ON UPDATING THIS TO BENEFIT FROM MODERN DAY TECHNIQUES!
Welcome back the the second part of the tutorial, if you have not followed the first part i suggest you do or you will not know what is going on.
In this part we will be finishing the login page. Making sure that the sessions are set and setting cookies.
First thing is first lets make sure that if there are any errors it will show, for instance if someone doesnt input a password it will tell us.
I know we have setup this within the php, but this is only storing up to now. Now we need to output any errors if there are any.
We do this by going to the loginwarning div, within it we doing this:
<?php if(count($errors) > 0){ foreach($errors as $error){ echo $error . "<br />"; } } else { echo "Encrypted Area!"; } ?>
Basically this is counting the errors variable with the function count() and if the number of errors within the errors array is greater than 0 we will do a foreach loop.
Then we get the errors array and ask it to get all errors and seperate with the php loop of $errors as $error, then echo them out.
Now under the database section did in part 1 which is:
//find out if user and password are present $query = "SELECT * FROM users WHERE username='".mysql_real_escape_string($uname)."' AND password='".mysql_real_escape_string($passencrypt)."'"; $result = mysql_query($query) OR die(mysql_error());
You will need to input this
$result_num = mysql_num_rows($result); if($result_num > 0){ } else { //tell there is no username etc $errors[] = "Your username or password are incorrect"; }
Then we need to know if the username and password was correct which is done by the $result_num = mysql_num_rows function. This basically says if the username and password are correct then there is a row of a value 1 or more.
That is why the if result_num is greater than 0, the greater sign is > in php.
Else if the result num is not greater than 0 we will produce an error within the errors array again.
Now we need to start fetching some data from the database to get the id, username and firstname. We do this by doing this within the {} before the else on the result_num section as follows:
if($result_num > 0){ while($row = mysql_fetch_array($result)){ $idsess = stripslashes($row["id"]); $firstnamesess = stripslashes($row["firstname"]); $username = stripslashes($row["username"]); $_SESSION["SESS_USERID"] = $idsess; $_SESSION["SESS_USERFIRSTNAME"] = $firstnamesess; $_SESSION["SESS_USERNAME"] = $username; setcookie("userloggedin", $username); setcookie("userloggedin", $username, time()+43200); // expires in 1 hour //success lets login to page returnheader("users-area.php"); } } else { //tell there is no username etc $errors[] = "Your username or password are incorrect"; }
So the way we did this is:
We created a while loop which stated while there is a table in the database for the query already given give the id and firstname and put it into the variables idsess, firstnamesess and username.
We then input that data into sessions by desclaring the session names and inputting the vairables for them.
We also create a id session and do the same.
After that we need to setup some cookies to manage the time people are allowed to be logged in etc. We do this by setcookie function and we allocate a time.
After this we then we make a set a header function to redirect to login page.
But before this will work we need to go to the very first line and under the <? we add:
session_start(); //redirect function function returnheader($location){ $returnheader = header("location: $location"); return $returnheader; }
We started the session which is a must if dealing with sessions, without this the session variables will not work.
We then create a function called return headers which redirects to somewhere.
You dfeine you are creating a function by entering the word function, you then name the function which we have called it returnheader and then set an arguement of $location.
We then set a variable to header function which is a global function and put the arguement where the url would normally go.
We then return the variable.
That concludes the 2nd part to this tutorial. The next and final section will be available soon!
Sorry for the delay, third part will be coming soon, just been a little snowed under recently!
Thanks for the tutorial, i have just one question, i cant create a new user into the database when i try to encrypt the password it doesnt let me log in, but with your password works great, what type of encrypt did you use, i see SHA1 and MD5 but still isnt working.
thanks in advance
E
Hi enzo,
We will be uploading the last tutorial within the next couple of days.
Sorry for the delay, we have been so snowed under with work.
Could you give more information and i am sure i can help you get this working.
Sorry my English. maybe i am not explending my self well.
I have donwload your tutorial with all the php file and the SQL which i uploaded on my databese and i was working a bit with the login system to understand how it works and i also saw the video in youtube. all the problem now is on the tbl users on the database, i can add new users with password encrypted in sha1 and md5 but i cant log in but with the user which was alredy there "admin ' admin' " with name Robert" i can and the password was encrypted and i cant figure it out what kind of encryption is that
"7eec54842ae92700ea21f7289a2ed383d033e22ae348aeb5660fc2140aec35850c4da997kikikikikicbtr" this is the password it has 87 characters can you please tell me what can i use to encrypt my password like that.
many thanks Enzo
The script will do that for you.
Do you mean, to start with?
you can generate sha1 at www.sha1.cz and you can do md5 at www.md5generator.net...
Hope this helps
Nothing seems to be the same password as the one you have encrypted in your sql database which i downloaded with the tutorial files :(
Are you going to make also a registration form ?
thanks for you help!
Enzo
The password is the same, the files are exact to the tutorial as i was writing the tutorial at the same time of creating the files.
A registration tutorial is not on the agenda anytime soon, sorry.
Hello, finally i manage to get it working, thanks a lot for your support and for the tutorial.
Your welcome, hope you find this useful!
I have 2 question,could you please help me , my database suppose doesn't have first name just username and password and ID. So can i create session of just username. will that be ok. Sorry beginner level.
And what will be code than - after while loop according to my situation.. And Is it necessary to create session of firstname,username,id etc ... please guide what is the benefit of 3 session lines.
Second As i am working with my old database which has 4 user i created manually where password type is varchar.So will your script work normally when i will login with my credentials.
and you have used $session["SESS_USERID"] can i use anything in place of "SESS_USER_ID".
Thanks
When will you be putting up part 3? I have been waiting patiently for it!
Great tutorial! Exactly what im after... Do you know when you are putting up the third part?
Dear Admin When your third and final part will come ? and kindly tell me how do i update password through PHP page ?
One of our developers are working on a more secure and up to date version of this tutorial, within the next couple of weeks we will try and publish it. Thanks UBL
Hello, I like the tutorial and can;t wait to get the third part. I am not sure how I can add new users. Regards Didz
Hi This is a great tutorial. I am also waiting for the users registration page, please. Thanks
Comments are now closed for this post... – UBL Designs
05jj22 2 Mar, 2012
Great tutorial! Looking forward to the 3rd part!