ArcEmu: Tutorial [#4] Lookin' at Logins - ArcEmu

Jump to content

Toggle shoutbox Lastest Announcements

dfighter  : (07 December 2014 - 12:06 PM) Arcemu is in hibernation mode, please read http://arcemu.org/fo...showtopic=26903
dfighter  : (01 January 2013 - 05:56 PM) Arcemu wishes you all a happy new year!
Hasbro  : (12 September 2012 - 10:01 AM) Please excuse our outage from the web! Our web host had a major malfunction!
dfighter  : (01 September 2012 - 04:05 PM) Since the spam bots just don't want to stop, I've enabled admin verification when registering.
dfighter  : (23 January 2012 - 09:56 PM) Please note that from now on you will need to confirm your email on the wiki in order to edit it!
Hasbro  : (31 December 2011 - 12:50 PM) Happy New Years all!
Navid  : (26 December 2011 - 04:09 AM) Merry Christmas !!!!!! Happy holidays all :)
WAmadeus  : (24 December 2011 - 03:54 PM) Merry Christmas to all!
dfighter  : (24 December 2011 - 11:05 AM) The Arcemu team wishes y'all a Merry Christmukkah!
Hasbro  : (05 October 2011 - 12:53 PM) Looking for web designers for upcoming web related project. If you're interested in designing user interfaces contact me
dfighter  : (02 September 2011 - 03:47 PM) So who here wants vehicles in Arcemu? :P http://arcemu.org/fo...showtopic=25440
Hasbro  : (14 August 2011 - 03:25 PM) Join us on irc, grab an irc client and connect to irc.freenode.net join channel #arcemu /server irc.freenode.net:6667 /join #arcemu
jackpoz  : (03 August 2011 - 05:33 AM) to all Lua Engine (old one) users: please check http://arcemu.org/fo...showtopic=25274
Hasbro  : (20 May 2011 - 05:27 PM) Looking for people experienced with CMake configuration and setup! Contact me asap
Hasbro  : (15 May 2011 - 05:03 PM) ArcEmu is recruiting C++ programmers, contact Hasbro if interested.
paroxysm  : (03 May 2011 - 06:26 PM) Updated luabridge gossip example to describe the whole gossip creation process rather than just how to create menu. Gossip tutorial
paroxysm  : (23 April 2011 - 11:35 AM) Lua writers can refer to the Luabridge Tutorials section in the Wiki to learn how to write gossip code correctly.
Hasbro  : (20 April 2011 - 05:22 PM) Thank you for your continuous contribution of bug reports, we are working on them.
Hasbro  : (17 April 2011 - 03:20 AM) Please consider donating to support our bills. Donations can be sent using PayPal to donations@arcemu.org - Thank you for your support.
paroxysm  : (10 April 2011 - 12:43 AM) Refer to the Luabridge Tutorials section in the Wiki to learn the new syntax of luabridge.
Resize Shouts Area

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Tutorial [#4] Lookin' at Logins Learn how you can make a login check for your site!

#1 User is offline   Bob Herman 

  • Interested
  • PipPipPipPip
  • Group: Members
  • Posts: 452
  • Joined: 11-October 08
  • Gender:Male

Posted 16 September 2009 - 06:52 PM

Introduction

First I'd like a small foreword to thank some 'supporters'. ChimP you've been a real help checking my errors and actively responding to my tuts. And thanks to HalestormXV for pinning a new post with a link to all my Tuts. That should prolly increase their popularity by quite a lot! :unsure:

Anyways let's get into the subject. A good site will need a login screen. A good Player Tool section, Voting, Donation or Website Administration page should always be protected. So here I'm going to show you two ways to make a fully working login script. The first one will be a login that reads the username and password off a config file, extremely useful if you only want a handful of people to access the page. And the second one will be one that actually goes to the database and checks the account table for a matching Username and Password with the right permissions.

Let's get crackin' :o This script will be, by far, the biggest script (file wise) that we will be writing.

For this tutorial you will need to know everything from my previous tutorial, plus some basic HTML. If you're new with HTML you can find great guides at w3schools! You can get a full list of all my tutorials here

The Base

We're going to start by making a base for our login scripts from which we will branch off into the MySQL vs variables through a config file.

First let's make the index.php file that we will be protecting. But before I can do that I need to explain how config files work. Now pay attention because on the next tutorial that I write (on ACP's), understanding how the config file works will be crucial to understanding how the ACP works. Why? On the ACP you need to make sure that you can edit the Config AND read the config WHILE it's being edited. You'll see what I mean when I'll write it for you guys.

Anyways. Remember to do a variable you'd have to do something like...

<?php
$mah_variable="testest?";
?>


A config file is just a file where you have all your variables stashed together, and your site just reads them off. But how do you include in the variables so that the file reads them?

<?php include('config.php'); ?>


Then all the variables would be imported from the config file to the file you put the include. Make sure that you understand this and learn it! Play around with it if you need to, and see what you can do.

Let's get back on track. To see if someone is logged in or not, we create sessions. These are temporary 'passes' that let's the PHP know that the user was properly validated. We also need to explain how our session is going to work/be checked so we require the session to be with an external PHP file of our choice. In short this looks like:

<?php session_start(); require 'login/approve.php'; ?>


This would require the file approve.php found in the login folder. So let's make our index file that we want password protected.

<?php session_start(); require 'login/approve.php'; ?>
<html>
<head>
<title>Logged in!</title>
</head>.
<body>Congratz! You successfully logged in!<br><br><a href="logout.php">Logout!</a></body>
</html>


And that's it for our index.php file. Let's now make the approve.php file in the login folder.

Let's first start the session:

<?php
session_start();
?>


Then let's add in an IF statement to if the user is not logged in then they get redirected to the login.php. Now remember that since that this file is being imported to the index.php file, all the directories will be from the index's.

<?php
session_start();
if (!isset($_SESSION['phplogin'])
    || $_SESSION['phplogin'] !== true) {
    header('Location: login.php');
    exit;
}
?> 


The $_SESSION['phplogin'] will be defined later in the login.php file. This says, in short: If the user doesn't have the $_SESSION['phplogin'] OR (that's what the || mean) the $_SESSION['phplogin'] does not equal to true then redirect to the login.php file. We are now done with this file too. Close it and save it. Let's now do the let's skip the login.php (since that is where the via config/MySQL changes will occur) and go strait to the logout.php.

Since the login logs you in by setting the phplogin session we can simply end it by unset-ing it. We also want it to redirect the page to the index.php file when it's done. Using the approve.php and modifying it slightly we get...

<?php
session_start();
if (isset($_SESSION['phplogin'])) {
   unset($_SESSION['phplogin']);
}
header('Location: login.php');
exit;
?> 


Notice that the redirect is outside the IF statement. We want it to redirect to the login.php file, even if the user was never logged in to begin with.

Now let's start writing the login.php. I'm going to start with my form which will use the login.php file.

<html>
<head>
<title> Login </title>	
	</head>
<body>
	<center>
<h1>This Page is protected</h1>
Please login.<br><font size="1">Case Sensitive</font>
<br>
<td><h3>Login:</h3></td>
<td><form method="post" action="">
<input type="text" name="user">
<br><br>
<input type="password" name="pswd">
</td>
<td></td></tr>
<br>
<input type="submit" name="login" value="Login">
</form>
</center>
</body>
</html>


The only new thing is the input type: password. This is the exact same thing as text input, except that it turns all your characters and hides them as neat dots. Oh and you can see that

Great so now we're done with the base. I'm going to show you guys how to do Logins via a config file, since I already have a pre-made working version of that from a site I'm making right now (which will be released to you guys. I'm pretty sure I mentioned it before on another tutorial).

Logging in with a Config File

For this one we just need to add the PHP for the login.php form, and put in the data in the config file. So let's include the config.php file, and start our session.

<?php include('config.php');
session_start();
?>


Next we're going to set up another IF statement to see if the user submitted the form.

<?php include('config.php');
session_start();
if(isset($_POST['login']))
 {
 }
?>


Now I like to turn my from variables into much better looking variables so I throw in:

<?php include('config.php');
session_start();
if(isset($_POST['login']))
 {
 $password = $_POST['pswd'];
 $username = $_POST['user'];
 }
?>


Now I want to make the phplogin session true IF the username and password matches what's in the config file. And then, if it does work, I want it to redirect to the index.php file. So I plop on to the end:

<?php include('config.php');
session_start();
if(isset($_POST['login']))
 {
 $password = $_POST['pswd'];
 $username = $_POST['user'];
 if ( $password == $lang['adminwebpw'] && $username == $lang['adminwebuser']) 
  { 
    $_SESSION['phplogin'] = true;
    header('Location: index.php'); 
    exit;
  }
 }
?>


But then we want an error to show up with the username or password doesn't work. So we add the else statement.

<?php include('config.php');
session_start();
if(isset($_POST['login']))
 {
 $password = $_POST['pswd'];
 $username = $_POST['user'];
 if ( $password == $lang['adminwebpw'] && $username == $lang['adminwebuser']) 
  { 
    $_SESSION['phplogin'] = true;
    header('Location: index.php'); 
    exit;
  } 
  else
  {
//I close the PHP here because I like to make a Javascript error come up. ?>
<script type="text/javascript">
<!--
alert('Wrong Password, Please Try Again')
//-->
</script>
<?php //and here I restart the PHP so that I can finish the IF statement.
  }
}
?>


And that's it. Now let's add that to the login form.

<?php include('config.php');
session_start();
if(isset($_POST['login']))
 {
 $password = $_POST['pswd'];
 $username = $_POST['user'];
 if ( $password == $lang['adminwebpw'] && $username == $lang['adminwebuser']) 
  { 
    $_SESSION['phplogin'] = true;
    header('Location: index.php'); 
    exit;
  } 
  else
  {
//I close the PHP here because I like to make a Javascript error come up. ?>
<script type="text/javascript">
<!--
alert('Wrong Password, Please Try Again')
//-->
</script>
<?php //and here I restart the PHP so that I can finish the IF statement.
  }
}
?>
<html>
<head>
<title> Login </title>	
	</head>
<body>
	<center>
<h1>This Page is protected</h1>
Please login.<br><font size="1">Case Sensitive</font>
<br>
<td><h3>Login:</h3></td>
<td><form method="post" action="">
<input type="text" name="user">
<br><br>
<input type="password" name="pswd">
</td>
<td></td></tr>
<br>
<input type="submit" name="login" value="Login">
</form>
</center>
</body>
</html>


Now let's make the config file

<?php
$lang['adminwebuser']= "username";
$lang['adminwebpw']= "password";
?>


So now you can login using the username 'username' and the password 'password'.

Login with MySQL

To do this one, you actually don't have to learn anything new. In fact if you're up to a challenge try to make this by yourself using my previous tutorials (I'll give you a hint, item searcher!! :P )

Anyways let's start by turning off errors, create a connection to the database, and make all my variables.

<?php
error_reporting(0);

if(isset($_POST['login']))
 {
 $username = $_POST['user'];
 $password = $_POST['pswd']

 $con = mysql_connect("127.0.0.1":"3306","root","root") or die(mysql_error());
 mysql_select_db("login") or die(mysql_error());

 $username = mysql_real_escape_string(html_entity_decode(htmlentities($username)));
 $password = mysql_real_escape_string(html_entity_decode(htmlentities($password)));
?>


Now here's where's a slight difference from the item searcher. Since I need to make sure that the information matches completely, I'll need to slightly alter the format of the PHP.


<?php
error_reporting(0);

if(isset($_POST['login']))
 {
 $username = $_POST['user'];
 $password = $_POST['pswd']

 $con = mysql_connect("127.0.0.1":"3306","root","root") or die(mysql_error());
 mysql_select_db("login") or die(mysql_error());

 $username = mysql_real_escape_string(html_entity_decode(htmlentities($username)));
 $password = mysql_real_escape_string(html_entity_decode(htmlentities($password)));

 $result = mysql_query("SELECT * FROM accounts WHERE login=$username");
 $row = mysql_fetch_array($result))
?>


Now let's do the check for if everything matches, and if the user has AZ permissions


<?php
error_reporting(0);

if(isset($_POST['login']))
 {
 $username = $_POST['user'];
 $password = $_POST['pswd']

 $con = mysql_connect("127.0.0.1":"3306","root","root") or die(mysql_error());
 mysql_select_db("login") or die(mysql_error());

 $username = mysql_real_escape_string(html_entity_decode(htmlentities($username)));
 $password = mysql_real_escape_string(html_entity_decode(htmlentities($password)));

 $result = mysql_query("SELECT * FROM accounts WHERE login=$username");
 $row = mysql_fetch_array($result))

 if ( $password == $row['password'] && $username == $row['login'] && 'AZ' == $row['gm']) 
  { 
    $_SESSION['phplogin'] = true;
    header('Location: index.php'); 
    exit;
  } 
  else
  {
//I close the PHP here because I like to make a Javascript error come up. 
?>
<script type="text/javascript">
<!--
alert('Wrong Password, Please Try Again')
//-->
</script>
<?php 
//and here I restart the PHP so that I can finish the IF statement.
  }
}

?>


And there we go. All I used to make this was the Wiki to know the format of the accounts table. Wasn't that hard huh? Well let's put the login script back all together now...


<?php
error_reporting(0);

if(isset($_POST['login']))
 {
 $username = $_POST['user'];
 $password = $_POST['pswd']

 $con = mysql_connect("127.0.0.1":"3306","root","root") or die(mysql_error());
 mysql_select_db("login") or die(mysql_error());

 $username = mysql_real_escape_string(html_entity_decode(htmlentities($username)));
 $password = mysql_real_escape_string(html_entity_decode(htmlentities($password)));

 $result = mysql_query("SELECT * FROM accounts WHERE login=$username");
 $row = mysql_fetch_array($result))

 if ( $password == $row['password'] && $username == $row['login'] && 'AZ' == $row['gm']) 
  { 
    $_SESSION['phplogin'] = true;
    header('Location: index.php'); 
    exit;
  } 
  else
  {
//I close the PHP here because I like to make a Javascript error come up. 
?>
<script type="text/javascript">
<!--
alert('Wrong Password, Please Try Again')
//-->
</script>
<?php 
//and here I restart the PHP so that I can finish the IF statement.
  }
}
?>
<html>
<head>
<title> Login </title>  
        </head>
<body>
        <center>
<h1>This Page is protected</h1>
Please login.<br><font size="1">Case Sensitive</font>
<br>
<td><h3>Login:</h3></td>
<td><form method="post" action="">
<input type="text" name="user">
<br><br>
<input type="password" name="pswd">
</td>
<td></td></tr>
<br>
<input type="submit" name="login" value="Login">
</form>
</center>
</body>
</html>


There ya go! Now you can protect your pages to promote safety! :P

P.S.:

Q: What position did Bruce Wayne play on his little-league team?

A: He was the bat-boy.

None of the scripts here have been tested yet!
1

#2 User is offline   Bob Herman 

  • Interested
  • PipPipPipPip
  • Group: Members
  • Posts: 452
  • Joined: 11-October 08
  • Gender:Male

Posted 16 September 2009 - 09:27 PM

By the way, next up is Object Oriented Programming. For those of you that don't know what that is, it's basically PHP to da extreme :unsure:

And unlike most tutorials, I'm going to try to keep it real simple (even though it isn't).
1

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users