Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[help] Improve login script
#1
I am fairly new at php and just wrote this login script. Please rate, suggest and comment.
For any questions about the script you can send me a pm or comment.
I am from the Netherlands by the way. Thanks for commenting!Blackhat

Login form
PHP Code:
<?php session_start();?>
<html>
<head>
<title>Inlog</title>
</head>
<body>
<form id='loginform' name='frm' method='POST' action='?action=login'>
                <table id='logintable' cellpadding='0' cellspacing='10' border='0'>
                <tr><td>Email:</td><td><input type='text' name='email' size='20'></td></tr>
                <tr><td>Password:</td><td><input type='password' name='password' size='20'></td></tr>
                <tr><td style="border-bottom: 1px solid #000"></td><td><input type='submit' value='Login' name='login'></td></tr>
                <tr><td>Als je nog geen account hebt,<td><a href="registratie.php">registreer een account.</a></tr>
</form>
<?php
include("include/sanitize.php");
include(
"connect.php");
$email sanitize($_POST['email']);
$password sanitize($_POST['password']);
$sql = ("SELECT * FROM `members` WHERE `email` = ('".$email."')");
$ophalen mysql_query($sql) or die(mysql_error());
$aantal mysql_num_rows($ophalen);
if (
$_GET["action"] == "login")
{
    if((
$aantal == 0))
        {
        echo
"<p>Niet alle gegevens zijn goed ingevuld. Vul de gegevens opnieuw in.</p>";
        }
    else{
        while(
$record mysql_fetch_object($ophalen))
            {
            
$password_db $record->password;
            
$id $record->Id_nummer;
            }
        require (
"PassHash.php");
        if (
PassHash::check_password($password_db$password))
            {
            
?><meta http-equiv="refresh" content="0;url=beheer.php" /><?php;
            
$_SESSION['id-nummer'] = "$id";
            }
        else
            {
            echo
"<p>Niet alle gegevens zijn goed ingevuld. Vul de gegevens opnieuw in.</p>";
            }
        }
}
?>
</body>
</html> 

PassHash
PHP Code:
<?php
    
class PassHash {
  private static 
$algo '$2a';  
  private static 
$cost '$10';   
  public static function 
unique_salt() {  
    return 
substr(sha1(mt_rand()),0,22);  
  }  
  public static function 
hash($password) {  
    return 
crypt($password,  
    
self::$algo .  
    
self::$cost .  
    
'$' self::unique_salt());  
  }  
  public static function 
check_password($hash$password) {  
    
$full_salt substr($hash029);  
    
$new_hash crypt($password$full_salt);  
    return (
$hash == $new_hash);  
  }  
    }
?>

Registration page
PHP Code:
<title>Registratie</title>
</
head>
<
body>
<?
php
$code
="cryptografie";
$codewoord=$_POST["codewoord"];
if(
$_POST['submit']){
    if(
$code==$codewoord)
    {
    include(
"connect.php");
    include(
"include/sanitize.php");
    
$naam sanitize($_POST['naam']);
    
$email sanitize($_POST['email']);
    
$password0 sanitize($_POST['password0']);
    
$password1 sanitize($_POST['password1']);
        if (
$password0 !== $password1){
        echo 
"De wachtwoorden zijn niet aan elkaar gelijk. Probeer het opnieuw.";
        }
        else{
            require (
"PassHash.php");
            
$pass_hash PassHash::hash($_POST['password0']);
            
$sql_aanmelding = ("INSERT INTO `862697_test`.`members` (`naam`, `email`, `password`, `datum`) VALUES ('" $naam "', '"$email "', '"$pass_hash "', NOW())");
            
$verzenden mysql_query($sql_aanmelding);
            echo
"Beste ".$naam.", je aanmelding is goed doorgekomen, je kunt nu inloggen. <br />";
            echo
'Klik <a href="/">hier</a> om terug naar de loginpagina te gaan.';
        }
    }
    else{
  echo 
"Codewoord klopt niet. <br />";
  echo
'Klik <a href="registratie.php">hier</a> om terug naar de registratiepagina te gaan.';
    }
}

else{
?>
<form name='loginform' action="registratie.php" method="post">
<table id='logintable' cellpadding='0' cellspacing='10' border='0'>
<TR><TD>Naam: <TD><input type="text" name="naam">
<TR><TD>E-mail: <TD><input type="text" name="email">
<TR><TD>Wachtwoord: <TD><input type="password" name="password0">
<TR><TD>Wachtwoord herhalen: <TD><input type="password" name="password1">
<TR><TD>Codewoord: <TD><input type="password" name="codewoord">
<TR><TD><TD><input type='submit' value='Submit' name='submit'>
</form>
<?php
}
?>
</body>
</html> 

Password verification page
PHP Code:
<?php
    session_start
();
    if (
$_GET["action"] == "logout") {
        unset(
$_SESSION["id-nummer"]);
        
session_unset();
        
header("Location: /");
        }
    if (isset(
$_SESSION['id-nummer'])){
        include(
"connect.php");
        
$via $_GET["Dropmenu"];
        
$naam_sql "SELECT * FROM `862697_test`.`members` WHERE `Id_nummer` = '".$_SESSION['id-nummer']."' ";
        
$naam mysql_query($naam_sql);
        while(
$record mysql_fetch_object($naam)){
        echo
'Welkom ' .$record->naam', fijn dat je er weer bent. <a href="?action=logout">Uitloggen</a>';
    }
echo 
"logged in"
    
}
    else{
echo 
"not logged in"
        
}
?>
Reply


Messages In This Thread
[help] Improve login script - by Montana&quot; - 11-21-2012, 09:19 AM
RE: [help] Improve login script - by Haxalot - 03-18-2013, 12:59 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
  Don't need to login Strafeness 5 1,873 01-21-2012, 08:28 AM
Last Post: AceInfinity
  Creating a simple PHP/MySQL login script ndee 16 9,771 05-14-2011, 02:18 AM
Last Post: モrainee
  Simple secure login script. Frank Yates 2 1,581 03-08-2011, 10:11 AM
Last Post: lil-wayneee
  Members Area (login) Script? Danny 6 2,949 12-12-2010, 07:19 PM
Last Post: Saint Michael
  php form script with upload script help andrewjs18 4 3,077 10-07-2010, 11:46 AM
Last Post: JMK940

Forum Jump:


Users browsing this thread: 1 Guest(s)