Tutorial on how to do a simple PHP/Mysql LOGIN script?

[dcpsoguy]

I want a SIMPLE php login script where the username and password are in a database(dont know how to do that either), and you get taken to a login page. If you are not logged in, you get taken to a login screen. If you are logged in, you go to the actual content.

Is there a tutorial for this?

BTW I'm very new at PHP

 

[dcpsoguy]

Bump

 

[FoolishMcNasty]

try here...

 

[jjones]

This simple script uses a cookie that has been set to verify if a user is logged in. Cookie name is LogIn, the value is LoggedIn.

<?php

$access = $HTTP_COOKIE_VARS["LogIn"];

if ($access == "LoggedIn") {

header("Location: home.php");

exit;

} else {

header("Location: login.php");

exit;

?>

This is your index.php page.

home.php is your content page (does not have to be php, can be plain html or whatever) and the user will be directed there if the LogIn cookie has been set previously on thier computer; login.php is the login form (again, does not have to be php) where the user is directed if they are not logged in.

You will need to create login.php and then a page that you can send the form variables to such as check_login.php that will verify the user name and password with the database, set the cookie LogIn, and bring them to the home.php page.

You will also need a page that users can set up a new account if you do not want to enter new accounts manually into the database.

Here's a great site for more help: PHP Builder

 

[Barnaby W. Füi]

You should use $_COOKIE now, not HTTP_COOKIE_VARS.

The script above does no actual authentication, it just forwards you to another page. If you went to that page manually, it would work just the same. If you want to protect some pages, I would make a script that checks for a cookie, if it's not set, then send them to a login page. Include this script at the very beginning of any pages you want to protect. Learning how to use a database is not a super-quick thing, and neither is php (I don't know how much php you know). You should take some care to actually *learn* both before using them for anything remotely important. I wouldn't really trust other peoples' scripts and stuff that you find on hotscripts.com, etc either.

BTW, this stuff *isn't* all that simple, no matter what. webpages + security = PITA

 

[KahunaHube]

Originally posted by: BingBongWongFooey
You should use $_COOKIE now, not HTTP_COOKIE_VARS.

The script above does no actual authentication, it just forwards you to another page. If you went to that page manually, it would work just the same. If you want to protect some pages, I would make a script that checks for a cookie, if it's not set, then send them to a login page. Include this script at the very beginning of any pages you want to protect. Learning how to use a database is not a super-quick thing, and neither is php (I don't know how much php you know). You should take some care to actually *learn* both before using them for anything remotely important. I wouldn't really trust other peoples' scripts and stuff that you find on hotscripts.com, etc either.

BTW, this stuff *isn't* all that simple, no matter what. webpages + security = PITA

what's the difference between $_COOKIE and HTTP_COOKIE_VARS ? Don't they both work fine?

 

[Barnaby W. Füi]

Originally posted by: KahunaHube

Originally posted by: BingBongWongFooey
You should use $_COOKIE now, not HTTP_COOKIE_VARS.

The script above does no actual authentication, it just forwards you to another page. If you went to that page manually, it would work just the same. If you want to protect some pages, I would make a script that checks for a cookie, if it's not set, then send them to a login page. Include this script at the very beginning of any pages you want to protect. Learning how to use a database is not a super-quick thing, and neither is php (I don't know how much php you know). You should take some care to actually *learn* both before using them for anything remotely important. I wouldn't really trust other peoples' scripts and stuff that you find on hotscripts.com, etc either.

BTW, this stuff *isn't* all that simple, no matter what. webpages + security = PITA

what's the difference between $_COOKIE and HTTP_COOKIE_VARS ? Don't they both work fine?

They do right now, but the HTTP_*_VARS are going to go away eventually, $_COOKIE, $_GET, $_POST, $_SERVER, $_ENV, etc etc are what you should use.

http://www.php.net/variables.predefined

BTW, if you aren't able to keep up with all of the changes in php, you should probably use something else, like perl, python, or asp, something that won't change quite so quickly. PHP is still pretty immature and changes often, sometimes for security reasons. If you aren't willing to keep up with it - and keep your code up to date - you are asking for trouble. Look at sites running old versions of php-nuke for an example

 

[kt]

Or you can use session instead of cookie.

 

[KahunaHube]

Originally posted by: BingBongWongFooey

Originally posted by: KahunaHube

Originally posted by: BingBongWongFooey
You should use $_COOKIE now, not HTTP_COOKIE_VARS.

The script above does no actual authentication, it just forwards you to another page. If you went to that page manually, it would work just the same. If you want to protect some pages, I would make a script that checks for a cookie, if it's not set, then send them to a login page. Include this script at the very beginning of any pages you want to protect. Learning how to use a database is not a super-quick thing, and neither is php (I don't know how much php you know). You should take some care to actually *learn* both before using them for anything remotely important. I wouldn't really trust other peoples' scripts and stuff that you find on hotscripts.com, etc either.

BTW, this stuff *isn't* all that simple, no matter what. webpages + security = PITA

They do right now, but the HTTP_*_VARS are going to go away eventually, $_COOKIE, $_GET, $_POST, $_SERVER, $_ENV, etc etc are what you should use.

http://www.php.net/variables.predefined

BTW, if you aren't able to keep up with all of the changes in php, you should probably use something else, like perl, python, or asp, something that won't change quite so quickly. PHP is still pretty immature and changes often, sometimes for security reasons. If you aren't willing to keep up with it - and keep your code up to date - you are asking for trouble. Look at sites running old versions of php-nuke for an example

sweet thanks! Is this why big companies don't use php rather asp?
what's the difference between $_COOKIE and HTTP_COOKIE_VARS ? Don't they both work fine?