PHP Login Script

Login

Features:

• Complete PHP and MySQL Login Script with Register and stay logged in cookie
• Auto activate account or choose to do email verification
• If you have header.php and footer.php then login.php, register.php and activate.php will display these.
• Passwords are secured with SHA1 encryption and salt

1. dlc_b

   Download

   Download
   login.zip
   Downloaded 0 times.
   Please make a donation to reveal the download link.

2. Open settings.php and edit the following variables:

   	$title = "Sea Breeze Login Script"; // Title of your website
   	$logo = "sea2.gif"; // Used as the logo in emails and on some pages
   	$folder = "images/"; // the images folder (including logo)
   	$email_activation = 1; // 1 = yes; 0 = no email activation.  Just activate and log them in immediately
   	$from_email = "Your Name <name@email.com>"; // $from_email is only used if $email_activation is set to 1
   	$notify_email = ""; // Enter your email if you wish to be notified every time a user logs in
   	
   	$db_username="abc_user"; // Name of your sql database user
   	$db_pw="password"; // password for your sql database
   	$server="localhost"; // Usually keep this as local host
   	$database="abc_login"; // The sql database you created
   	
   	/* Salt is text that is added to passwords so that it is more difficult to decrypt them.
   	  Change salt to any random text and numbers and make sure no one else knows it */
   	$salt = "random123"; 
   	

   The file settings.php is called by every other file included with this script. It will automatically create a table called users in the mysql database.

3. Add the following code to the very top of your index page and every other page that will be interacting with the user:

   	<?PHP session_start(); 
   	$_SESSION['return_page'] = $_SERVER['REQUEST_URI'];	
   	?>
   

4. To add a login button to your index page and to have your page display when the user is logged in with a logout button then add the following code to your header or menu section:

   	<?PHP
   	if (isset($_SESSION['user_id']))
   	{
   		echo "<font color='green'>Logged in as ".$_SESSION['display_name']."</font>".
   				' - <a href="logout.php">Logout</a>';
   	}
   	else
   		echo '<a href="login.php">Login</a>';
   	?>
   

   Note: login.php includes a link to register for a new account. The very first user to register is created as an administrator and the rest are created as users. So make sure that you are the first user to register.

5. After a user logs in you will have the following PHP session variables as set in log.php available to your web pages:
   $_SESSION['last_login'] = SQL DATETIME of users last login
   $_SESSION['last_activity'] = SQL DATETIME of users last activity
   $_SESSION['user_id'] = Users id (Row in users table)
   $_SESSION['email'] = Users email address
   $_SESSION['display_name'] = Users display name
   $_SESSION['type'] = User type (User, Moderator or Administrator)
   $_SESSION['timezone'] = Timezone of user as set by javascript
   

History

10/10/2014 - ver 1.0d - Previously the stay logged in cookie was created using salt and email address. With that method a hacker that stole the database and the salt would then be able to instantly login as any user by creating fake cookies. Changed to store a version of the password that is stored in new 'cookie' column in MySql.

10/03/2014 - ver 1.0c - Changed $_SESSION['refer'] to $_SESSION['referer'] in log.php

07/28/2013 - ver 1.0b - Fixed security bug in cookie.php

07/26/2013 - ver 1.0 - Created PHP Login Script and realsed to public