Discuss Scratch
- Discussion Forums
- » Advanced Topics
- » Login Code
![[RSS Feed]](//mv-ezproxy-com.ezproxyberklee.flo.org/scratchr2/static/__35b9adb704d6d778f00a893a1b104339__//djangobb_forum/img/feed-icon-small.png "[RSS Feed]")
![[RSS Feed]](http://mv-ezproxy-com.ezproxyberklee.flo.org/scratchr2/static/__35b9adb704d6d778f00a893a1b104339__//djangobb_forum/img/feed-icon-small.png "[RSS Feed]"){kind=icon}
- QuillzToxic
-
Scratcher
1000+ posts
Login Code
I need a login system that DOES NOT have straight away regester you have to be allowed to go on. This is the system that would lead to a page that is a cpanel.
Thank You
Thank You
- gravtest
-
Scratcher
100+ posts
Login Code
In PHP, I assume.
You need a MySQLi database set up and connected to (my code calls it $con), with a table (in my code, I'm calling it “users”) with at least 4 columns: id (which is A_I), username, pass, and salt. A page to register (even though you won't use it) might look something like this:
That doesn't perform checks on 2 password boxes matching or minimum length or anything, but it gives you an idea of what it might look like.
Logging in is much easier.
These scripts are off the top of my head; I can't guarantee their functionality.
EDIT: Whoops, forgot a logoff page!
You need a MySQLi database set up and connected to (my code calls it $con), with a table (in my code, I'm calling it “users”) with at least 4 columns: id (which is A_I), username, pass, and salt. A page to register (even though you won't use it) might look something like this:
<?php $con = new mysqli("", "", "", ""); // connect to the db session_start(); // you need to have this function on all of your pages if (isset($_SESSION["usrnm"])) { // if the user is already logged in header("Location: http://www.google.com/"); // your site's homepage or whatever exit(); } if (isset($_POST["usrnm"])) { // if the user has submitted their information $newSalt = substr(str_shuffle(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ),0, 1) . substr(str_shuffle(aBcEeFgHiJkLmNoPqRstUvWxYz0123456789),0, 31); // generates a salt $escusrnm = $con->real_escape_string($_POST["usrnm"]); // prepare the username to be inserted $escpass = hash("sha256", $_POST["pass"].$newSalt); // hash pass with salt $escpass = $con->real_escape_string($escpass); // just to be safe! $con->query("INSERT INTO users (username, pass, salt) VALUES ('{$uscusrnm}', '{$escpass}', '{$newSalt}')"); // insert into DB $_SESSION["usrnm"] = $_POST["usrnm"]; // log the user in header("Location: http://www.google.com/"); // your site's homepage or whatever exit(); } ?> <form method="post"> <input name="usrnm" placeholder="Username..." /><br /> <input type="password" placeholder="Password..." /><br /> <input type="submit" value="Submit" /> </form>
That doesn't perform checks on 2 password boxes matching or minimum length or anything, but it gives you an idea of what it might look like.
Logging in is much easier.
<?php $con = new mysqli("", "", "", ""); // connect to the db session_start(); // you need to have this function on all of your pages if (isset($_SESSION["usrnm"])) { // if the user is already logged in header("Location: http://www.google.com/"); // your site's homepage or whatever exit(); } if (isset($_POST["usrnm"])) { // if the user has submitted their information $escusrnm = $con->real_escape_string($_POST["usrnm"]); // prepare username for SQL query $userdata = $con->query("SELECT * FROM users WHERE username='{$escusrnm}'"); // select user if($userdata->num_rows() == 0) { // user doesn't exist! echo "Username or password incorrect."; } else { // user DOES exist $userdata = $userdata->fetch_assoc(); // get first row with correct username if (hash("sha256", $_POST["pass"].$userdata["salt"]) == $userdata["pass"]) { // password is correct $_SESSION["usrnm"] = $_POST["usrnm"]; // log the user in header("Location: http://www.google.com/"); // your site's homepage or whatever exit(); } else { // password is WRONG! echo "Username or password incorrect."; } } } ?> <form method="post"> <input name="usrnm" placeholder="Username..." /><br /> <input type="password" placeholder="Password..." /><br /> <input type="submit" value="Submit" /> </form>
These scripts are off the top of my head; I can't guarantee their functionality.
EDIT: Whoops, forgot a logoff page!
<?php session_start(); unset($_SESSION["usrnm"]); header("Location: http://www.google.com/"); // your site's homepage or whatever ?>
Last edited by gravtest (Dec. 12, 2013 13:21:54)
- Magnie
-
Scratcher
100+ posts
Login Code
For gravtest's code above, you can just add another field to the database called “allowed” or “accepted” that starts out as False. Then have the login page check if that is True. You would also have a page (the cpanel page) that has a list of users that aren't accepted (yet) and just tick a checkbox or something next to it and when submitted it switches those accounts' “accepted” field to True.
- ssss
-
Scratcher
500+ posts
Login Code
I tried gravtests scripts ended up with an error on http://experiment.comeze.com/ there
- gravtest
-
Scratcher
100+ posts
Login Code
I tried gravtests scripts ended up with an error on http://experiment.comeze.com/ thereDo you have the database set up correctly and connected to properly?
- ssss
-
Scratcher
500+ posts
Login Code
Yes?I tried gravtests scripts ended up with an error on http://experiment.comeze.com/ thereDo you have the database set up correctly and connected to properly?
- gravtest
-
Scratcher
100+ posts
Login Code
That error happens when MySQLi returns an error when it queries.Yes?I tried gravtests scripts ended up with an error on http://experiment.comeze.com/ thereDo you have the database set up correctly and connected to properly?
- QuillzToxic
-
Scratcher
1000+ posts
Login Code
For gravtest's code above, you can just add another field to the database called “allowed” or “accepted” that starts out as False. Then have the login page check if that is True. You would also have a page (the cpanel page) that has a list of users that aren't accepted (yet) and just tick a checkbox or something next to it and when submitted it switches those accounts' “accepted” field to True.How to do :p
- gravtest
-
Scratcher
100+ posts
Login Code
*sigh* xDFor gravtest's code above, you can just add another field to the database called “allowed” or “accepted” that starts out as False. Then have the login page check if that is True. You would also have a page (the cpanel page) that has a list of users that aren't accepted (yet) and just tick a checkbox or something next to it and when submitted it switches those accounts' “accepted” field to True.How to do :p
New register:
<?php $con = new mysqli("", "", "", ""); // connect to the db session_start(); // you need to have this function on all of your pages if (isset($_SESSION["usrnm"])) { // if the user is already logged in header("Location: http://www.google.com/"); // your site's homepage or whatever exit(); } if (isset($_POST["usrnm"])) { // if the user has submitted their information $newSalt = substr(str_shuffle(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ),0, 1) . substr(str_shuffle(aBcEeFgHiJkLmNoPqRstUvWxYz0123456789),0, 31); // generates a salt $escusrnm = $con->real_escape_string($_POST["usrnm"]); // prepare the username to be inserted $escpass = hash("sha256", $_POST["pass"].$newSalt); // hash pass with salt $escpass = $con->real_escape_string($escpass); // just to be safe! $con->query("INSERT INTO users (username, pass, salt, verif, isAdmin) VALUES ('{$uscusrnm}', '{$escpass}', '{$newSalt}', 0, 0)"); // insert into DB $_SESSION["usrnm"] = $_POST["usrnm"]; // log the user in header("Location: http://www.google.com/"); // your site's homepage or whatever exit(); } ?> <form method="post"> <input name="usrnm" placeholder="Username..." /><br /> <input type="password" placeholder="Password..." /><br /> <input type="submit" value="Submit" /> </form>
New login:
<?php $con = new mysqli("", "", "", ""); // connect to the db session_start(); // you need to have this function on all of your pages if (isset($_SESSION["usrnm"])) { // if the user is already logged in header("Location: http://www.google.com/"); // your site's homepage or whatever exit(); } if (isset($_POST["usrnm"])) { // if the user has submitted their information $escusrnm = $con->real_escape_string($_POST["usrnm"]); // prepare username for SQL query $userdata = $con->query("SELECT * FROM users WHERE username='{$escusrnm}'"); // select user if($userdata->num_rows() == 0) { // user doesn't exist! echo "Username or password incorrect."; } else { // user DOES exist $userdata = $userdata->fetch_assoc(); // get first row with correct username if (hash("sha256", $_POST["pass"].$userdata["salt"]) == $userdata["pass"]) { // password is correct if ($userdata["verif"] == 1) { // user has been approved $_SESSION["usrnm"] = $_POST["usrnm"]; // log the user in header("Location: http://www.google.com/"); // your site's homepage or whatever exit(); } else { // user has NOT been approved echo "You haven't been approved yet."; } } else { // password is WRONG! echo "Username or password incorrect."; } } } ?> <form method="post"> <input name="usrnm" placeholder="Username..." /><br /> <input type="password" placeholder="Password..." /><br /> <input type="submit" value="Submit" /> </form>
Page that lets you approve users:
<?php $con = new mysqli("", "", "", ""); // connect to the db session_start(); // you need to have this function on all of your pages if (isset($_SESSION["usrnm"])) { // if the user is logged in $escusrnm = $con->real_escape_string($_SESSION["usrnm"]); $userdata = $con->query("SELECT * FROM users WHERE username='{$escusrnm}'"); // get info about user if ($userdata["isAdmin"] == 1) { // user is allowed to see this page if (isset($_POST["id"])) { // we're trying to approve a user $con->query("UPDATE users SET verif=1 WHERE id={$_POST["id"]}"); // approve user header("Location: http://www.google.com/"); // your site's homepage or whatever exit(); } else { echo "<table>\n"; $nonverifusers = $con->query("SELECT * FROM users WHERE verif=0"); // get info about all unapproved users while ($cnvu = $nonverifusers->fetch_assoc()) { // repeat for each of the users echo " <tr>\n <th>Username</th>\n <th>Approve?</th>\n"; echo " <td>{$cnvu["username"]}</td>\n"; echo " <td>\n" echo " <form method=\"post\">\n"; echo " <input type=\"hidden\" name=\"id\" value=\"{$cnvu["id"]}\" />\n"; echo " <input type=\"submit\" />\n"; echo " </form>\n"; echo " </td>\n"; echo " </tr>\n"; } echo "</table>\n"; } } else { // oh no, an intruder header("Location: http://www.google.com/"); // your site's homepage or whatever exit(); } } else { // user is NOT logged in header("Location: http://www.google.com/"); // your site's homepage or whatever exit(); } ?>
Again, off the top of my head. xD
- Magnie
-
Scratcher
100+ posts
Login Code
For learning PHP and MySQL, I suggest downloading an Adoptables site base (whatever you use, make sure it's the free version) then modify it and learn from it. Most don't come with shops and money and similar things, this is where you come in and code them yourself. That's how I learned.For gravtest's code above, you can just add another field to the database called “allowed” or “accepted” that starts out as False. Then have the login page check if that is True. You would also have a page (the cpanel page) that has a list of users that aren't accepted (yet) and just tick a checkbox or something next to it and when submitted it switches those accounts' “accepted” field to True.How to do :p
- gravtest
-
Scratcher
100+ posts
Login Code
This code is MySQL or something else?The code I posted is *AMP (Apache, MySQL, PHP), and Quillz later told me off-site that that was the stack he wanted the code for. So yeah, it's PHP with a MySQL database.
- Discussion Forums
- » Advanced Topics
-
» Login Code