Login Script?

  • Thread starter ={ Advocated }=
  • Start date
A

={ Advocated }=

Hey there,
Im after a login script i can run from my page

I want to have a username and password field and then a button on the one
page

Thing is i dont know php, asp or anything like that, so how can i go about
making/getting a secure script?

TIA
 
A

Adrienne

Hey there,
Im after a login script i can run from my page

I want to have a username and password field and then a button on the
one page

Thing is i dont know php, asp or anything like that, so how can i go
about making/getting a secure script?

TIA
Click to expand...

You'll have to do something server side. HTML cannot do it alone, and
although you can do something client side with javascript, it is not
reliable.
 
A

={ Advocated }=

Adrienne said:
You'll have to do something server side. HTML cannot do it alone, and
although you can do something client side with javascript, it is not
reliable.
Click to expand...

Any idea for any server side scripts then, that are very easy to use; as i
dont know any
 
A

Adrienne

Any idea for any server side scripts then, that are very easy to use;
as i dont know any
Click to expand...

You'll have to find out what your scripting language your host supports
first. No sense getting a lovely ASP script when your host provides Perl
and PHP, or vice versa.
 
A

={ Advocated }=

Adrienne said:
You'll have to find out what your scripting language your host supports
first. No sense getting a lovely ASP script when your host provides Perl
and PHP, or vice versa.
Click to expand...

Well my hosters offer
MySQL Databases,PostgreSQL Databases,SSI,cgi,asp,php
 
A

Adrienne

Well my hosters offer
MySQL Databases,PostgreSQL Databases,SSI,cgi,asp,php
Click to expand...

I'm probably going to get hit on the head for saying this, but, personally
I find ASP a lot easier to deal with the PHP.

If I were you, I would google around for tutorials in those languages and
see what you feel most comfortable with. Login scripts are really pretty
easy:
1. Set up a form to get the user name and password.
2. Use a script to go to a table and verify the user name and password.
3. Depending on if the login was correct or not, redirect to either a
Invalid Login page, or where ever you want them to go.

BTW, please remove signatures when replying.
 
N

Nico Schuyt

={ Advocated }= said:
Im after a login script i can run from my page
I want to have a username and password field and then a button on the
one page
Thing is i dont know php, asp or anything like that, so how can i go
about making/getting a secure script?
Click to expand...

Ask your host to protect your site with a password.
As a test I did it on http://www.nicoschuyt.nl/test/secure
Cheers, Nico
 
T

Toby A Inkster

={ Advocated }= said:
Yea, i can do that already, but ive got a form, with 2 text areas for
login/pass so i still need a script
Click to expand...

Firstly, I'll point out that it is *much* easier to use HTTP
authentication. It means that you don't get a nice custom login screen,
but it is very easy and very reliable.

If you *do* feel the need for a non-HTTP authentication system the idea is
not to difficult.

The page that receieves the data submitted by the login form should
call the following function. If it returns true, then serve up the
protected page. Otherwise, serve up a page saying something like "you
entered the wrong user name or password"

function checkpwd_and_set_cookie()
{
$username = get_value_from_http_post_data('username');
$password = get_value_from_http_post_data('password');

$correctpassword = get_password_from_database($username);

if ( not ($password == $correctpassword) )
{
return false;
}

else
{
$salt = random_string_of_text();
$ticket = md5sum($username . $salt . $password);

set_cookie('username', $username);
set_cookie('salt', $salt);
set_cookie('password', $password);

return true;
}

}

For every other page that is protected, the script should call the below
function checkpwd(). If the function returns true, then serve up the page.
Otherwise, serve up a page saying something like "please login to view
this page".

function checkpwd()
{

$username = get_value_from_cookie('username');
$salt = get_value_from_cookie('salt');
$ticket = get_value_from_cookie('ticket');

$password = get_password_from_database($username);

$validticket = md5sum($username . $salt . $password);

if ($validticket == $ticket)
{
return true;
}
else
{
return false;
}
}

It should be reasonably obvious what the functions get_password_from_database,
get_value_from_cookie, get_value_from_http_post_data, set_cookie and md5sum do.
The '.' operator is for concatenation.

It should be quite secure, in that the password isn't kept in the cookie. Do it
over HTTPS for better security though.

Let me know if you have trouble figuring out how this works.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DJForm Login Help! 1
Mailbox form automation 0
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
How to login using PDO 3
Login form no longer working 2
Script works fine on test server but not on production server 3
mysqldump warning in bash script 3
Play mp3 on body load call. 1

Members online

No members online now.
Total: 296 (members: 1, guests: 295)
Robots: 443

Forum statistics

Threads
474,431
Messages
2,571,678
Members
48,796
Latest member
Greg L.

Latest Threads

Top