Login

Montana" · 11-21-2012, 09:19 AM

I am fairly new at php and just wrote this login script. Please rate, suggest and comment.
For any questions about the script you can send me a pm or comment.
I am from the Netherlands by the way. Thanks for commenting! Blackhat

Login form

PHP Code:
<?php session_start();?>
<html>
<head>
<title>Inlog</title>
</head>
<body>
<form id='loginform' name='frm' method='POST' action='?action=login'>
                <table id='logintable' cellpadding='0' cellspacing='10' border='0'>
                <tr><td>Email:</td><td><input type='text' name='email' size='20'></td></tr>
                <tr><td>Password:</td><td><input type='password' name='password' size='20'></td></tr>
                <tr><td style="border-bottom: 1px solid #000"></td><td><input type='submit' value='Login' name='login'></td></tr>
                <tr><td>Als je nog geen account hebt,<td><a href="registratie.php">registreer een account.</a></tr>
</form>
<?php
include("include/sanitize.php");
include("connect.php");
$email = sanitize($_POST['email']);
$password = sanitize($_POST['password']);
$sql = ("SELECT * FROM `members` WHERE `email` = ('".$email."')");
$ophalen = mysql_query($sql) or die(mysql_error());
$aantal = mysql_num_rows($ophalen);
if ($_GET["action"] == "login")
{
    if(($aantal == 0))
        {
        echo"<p>Niet alle gegevens zijn goed ingevuld. Vul de gegevens opnieuw in.</p>";
        }
    else{
        while($record = mysql_fetch_object($ophalen))
            {
            $password_db = $record->password;
            $id = $record->Id_nummer;
            }
        require ("PassHash.php");
        if (PassHash::check_password($password_db, $password))
            {
            ?><meta http-equiv="refresh" content="0;url=beheer.php" /><?php;
            $_SESSION['id-nummer'] = "$id";
            }
        else
            {
            echo"<p>Niet alle gegevens zijn goed ingevuld. Vul de gegevens opnieuw in.</p>";
            }
        }
}
?>
</body>
</html> 

PassHash

PHP Code:
<?php
    class PassHash {
  private static $algo = '$2a';  
  private static $cost = '$10';   
  public static function unique_salt() {  
    return substr(sha1(mt_rand()),0,22);  
  }  
  public static function hash($password) {  
    return crypt($password,  
    self::$algo .  
    self::$cost .  
    '$' . self::unique_salt());  
  }  
  public static function check_password($hash, $password) {  
    $full_salt = substr($hash, 0, 29);  
    $new_hash = crypt($password, $full_salt);  
    return ($hash == $new_hash);  
  }  
    }
?>

Registration page

PHP Code:
<title>Registratie</title>
</head>
<body>
<?php
$code="cryptografie";
$codewoord=$_POST["codewoord"];
if($_POST['submit']){
    if($code==$codewoord)
    {
    include("connect.php");
    include("include/sanitize.php");
    $naam = sanitize($_POST['naam']);
    $email = sanitize($_POST['email']);
    $password0 = sanitize($_POST['password0']);
    $password1 = sanitize($_POST['password1']);
        if ($password0 !== $password1){
        echo "De wachtwoorden zijn niet aan elkaar gelijk. Probeer het opnieuw.";
        }
        else{
            require ("PassHash.php");
            $pass_hash = PassHash::hash($_POST['password0']);
            $sql_aanmelding = ("INSERT INTO `862697_test`.`members` (`naam`, `email`, `password`, `datum`) VALUES ('" . $naam . "', '". $email . "', '". $pass_hash . "', NOW())");
            $verzenden = mysql_query($sql_aanmelding);
            echo"Beste ".$naam.", je aanmelding is goed doorgekomen, je kunt nu inloggen. <br />";
            echo'Klik <a href="/">hier</a> om terug naar de loginpagina te gaan.';
        }
    }
    else{
  echo "Codewoord klopt niet. <br />";
  echo'Klik <a href="registratie.php">hier</a> om terug naar de registratiepagina te gaan.';
    }
}

else{
?>
<form name='loginform' action="registratie.php" method="post">
<table id='logintable' cellpadding='0' cellspacing='10' border='0'>
<TR><TD>Naam: <TD><input type="text" name="naam">
<TR><TD>E-mail: <TD><input type="text" name="email">
<TR><TD>Wachtwoord: <TD><input type="password" name="password0">
<TR><TD>Wachtwoord herhalen: <TD><input type="password" name="password1">
<TR><TD>Codewoord: <TD><input type="password" name="codewoord">
<TR><TD><TD><input type='submit' value='Submit' name='submit'>
</form>
<?php
}
?>
</body>
</html> 

Password verification page

PHP Code:
<?php
    session_start();
    if ($_GET["action"] == "logout") {
        unset($_SESSION["id-nummer"]);
        session_unset();
        header("Location: /");
        }
    if (isset($_SESSION['id-nummer'])){
        include("connect.php");
        $via = $_GET["Dropmenu"];
        $naam_sql = "SELECT * FROM `862697_test`.`members` WHERE `Id_nummer` = '".$_SESSION['id-nummer']."' ";
        $naam = mysql_query($naam_sql);
        while($record = mysql_fetch_object($naam)){
        echo'Welkom ' .$record->naam. ', fijn dat je er weer bent. <a href="?action=logout">Uitloggen</a>';
    }
echo "logged in"
    }
    else{
echo "not logged in"
        }
?>

Login
Username:
Password:	Lost Password?
	Remember me

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Don't need to login	Strafeness	5	1,824	01-21-2012, 08:28 AM Last Post: AceInfinity
	Creating a simple PHP/MySQL login script	ndee	16	9,531	05-14-2011, 02:18 AM Last Post: ﾓrainee
	Simple secure login script.	Frank Yates	2	1,546	03-08-2011, 10:11 AM Last Post: lil-wayneee
	Members Area (login) Script?	Danny	6	2,897	12-12-2010, 07:19 PM Last Post: Saint Michael
	php form script with upload script help	andrewjs18	4	2,873	10-07-2010, 11:46 AM Last Post: JMK940