Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2008
    Posts
    244
    Rep Power
    12

    Beginner - Login Password etc


    I am looking to create a website that allows a user to:
    1. Register and create an account
    2. Login with that account or existing account
    3. Once logged on see specific data from a simple table.

    I am trying to put my brain around the whole thing...
    I assume I need some sort of back end db, SQL server express?
    Once they login how to I control what they see? Does the login create a user in the db and assign to a role?
    How are the permissions assigned and handled?
    How do you control who see what.
    Permissions are huge here..

    Are there any code/template examples out there?
    Leaning tutorials that explain this?

    What I ultimately want to do is show secure information for that user once they have entered their user name and password. Security is essential...

    Hope that makes sense......Any help would is apprecaited.
    Thanks
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2008
    Posts
    244
    Rep Power
    12
    I have experience with c++, vb.net, asp, javascript, html, xaml etc...not an expert but understand enough to get started.

    Just trying to conceptually understand this and want to get a very very simple example working....

    Thanks
  4. #3
  5. Code Monkey V. 0.9
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2005
    Location
    A Land Down Under
    Posts
    2,127
    Rep Power
    1990
    How to program a basic but secure login system using PHP and MySQL

    The 6 worst sins of security

    This is probably going to sound more harsh then it's meant to be, but if you don't have an understanding of the concepts that are needed for programming this, you are never going to be able to do it right. I'd suggest that you do a few trial runs before you do a final version to see just what you can do, and what you need to learn before you get to far into it.
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2008
    Posts
    244
    Rep Power
    12
    Not completely harsh, but would say that at one point you did not understand and here you are....but to insinuate that I am not capable of learning is a bit harsh...

    I can follow the code in that example fine...its a starting point...
    Thanks for your input.
  8. #5
  9. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    I don't think Catacaustic meant that you're not capable of learning. He said that it makes no sense to start with a security feature when you're not yet familiar with the techniques you need for it.

    Web security isn't trivial. The internet is full of failed attempts to implement secure user management, because there are many problems you have to consider. You really need a very solid concept of how HTTP, sessions, cookies etc. work, and you need to keep up to date.

    And last but not least: You need experience. What Catacaustic said about trial runs is very true. As a web programmer, you'll create many, many bad and unsecure websites before you'll finally have the proper "tool kit" to write (more or less) good code.

    So starting with a website which contains critical information and must be secure really isn't a good idea.
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2008
    Posts
    244
    Rep Power
    12
    what are my options then....go through a web hosting site?
    How does all that work..do they take care of the login part/security? or are they more taking care of SSL, certificates etc.
    Whats the story there....
    what are viable options?
    Keeping in mind that I still want to write the content of my website and have it cross Android and Ios...

    My main issue is getting something up that will allow a user to login and see their content. If web hosting helps with this then great...if not what are my other options....

    Thanks for all your help and input
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2008
    Posts
    244
    Rep Power
    12
    Showing my true green nature...and hope that I am not shunned for trying to learn here...you have to start somewhere and sometime...maybe my initial goals are not reachable but at least getting a basic site up and running is a start

    I have a few basic questions...that is actually using the code in your example...I see the code in your example and it makes sense to me...I can follow it fine....
    1. I created all the php files and am now trying to create the website in IIS....having issues.
    2. Having a hard time getting started. I have all these php pages, which I understand are there holding the code so its not accessible....
    3. So I assume that I would have to create an html page that calls them? and passes the values to these php pages?
    4. I created an index.html page and pasted the below code in it...when I click login or register ir beings me to that php pages and displays all the php code

    Not running in IIS...simply right clicking the html file and opening in CHROME

    Any simple example?
    really appreciate your help with this....know that I have a TON to learn but willing.....

    Code:
    <!DOCTYPE html>
    <html lang="en">
    
    <head>
            <meta charset="utf-8">
            <title>Hello World</title>
        </head>
        <body>
    		<h1>Login</h1> 
    		<form action="login.php" method="post"> 
    			Username:<br /> 
    			<input type="text" name="username" value="<?php echo $submitted_username; ?>" /> 
    			<br /><br /> 
    			Password:<br /> 
    			<input type="password" name="password" value="" /> 
    			<br /><br /> 
    			<input type="submit" value="Login" /> 
    		</form> 
    		<a href="register.php">Register</a>
        </body>
    </html>
    Last edited by jaykappy; February 1st, 2013 at 08:51 AM.
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2008
    Posts
    244
    Rep Power
    12
    was mentioned that PHP is not installed/enabled on your httpd server...
    trying that
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2008
    Posts
    244
    Rep Power
    12
    If using SQL Server and not MySQL is this how I change the common.php

    //MY SQL
    $options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8');

    $db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password, $options);

    // SQL SERVER
    $options = array(PDO::MSSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8');

    $db = new PDO ("mssql:host={$host};dbname={$dbname};charset=utf8","$username","$password", $options);
    Last edited by jaykappy; February 1st, 2013 at 03:47 PM.
  18. #10
  19. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2008
    Posts
    244
    Rep Power
    12
    Finally got it all working...

    Had to install MySQL, or change your SQL statements.
    Had issues with Users in MySQL...simply deleted all and added another and it worked...
    Had to install PHP on my local machine (MySQL is there as well)
    Activate and modify in IIS (PHP manager)
  20. #11
  21. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    do not use "SET NAMES" to specificy the connection encoding:
    PDO pitfalls

    There's also a big warning in the manual:
    http://www.php.net/manual/en/pdo.quote.php
  22. #12
  23. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2008
    Posts
    244
    Rep Power
    12
    Jacques1...what are you referring too?

    Thanks
  24. #13
  25. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2008
    Posts
    244
    Rep Power
    12
    you saying to make this a PREPARE and then EXECUTE???

    $db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password, $options);
  26. #14
  27. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Originally Posted by jaykappy
    Jacques1...what are you referring too?
    Your reply from February 1st:
    Originally Posted by jaykappy
    $options = array(PDO::MSSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8');
    Using SET NAMES is wrong, because it will "silently" change the encoding without the PDO object knowing it. This can break the escaping functions.

    Only use "charset=utf8" in the DSN string, remove that ATTR_INIT_COMMAND stuff. Also check the linked thread ("PDO pitfalls") on how to turn off "fake" prepared statements -- though I'm not sure if the MSSQL driver is affected by that.
  28. #15
  29. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2008
    Posts
    244
    Rep Power
    12
    I am not using SQL Server right now....rather MySQL....
    This is coming from an example

    $options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8');

    What would I use in its place? THis?

    Code:
     $db_options = array( 
        PDO::ATTR_EMULATE_PREPARES => false                     // important! use actual prepared statements (default: emulate prepared statements) 
        , PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION           // throw exceptions on errors (default: stay silent) 
        , PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC      // fetch associative arrays (default: mixed arrays) 
    ); 
    $database = new PDO('mysql:host=localhost;dbname=YOURDB;charset=utf8', 'YOURUSER', 'YOURPW', $db_options);    // important! specify the character encoding in the DSN string, don't use SET NAMES
    Last edited by jaykappy; February 5th, 2013 at 09:56 AM.
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo