Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Username Password


  • Please log in to reply
18 replies to this topic

#1 xx66stangxx

xx66stangxx

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:O.C.
  • Local time:07:13 PM

Posted 27 July 2007 - 06:30 PM

how do I create a username/password login system, like on this site when you have to sign up then login to your account inorder to post messages ext., I want to do the same thing for my clothing company website that I am creating but I am not very sure on how to do that, any suggestions?

BC AdBot (Login to Remove)

 


#2 Nikas

Nikas

  • Members
  • 650 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:11:13 AM

Posted 27 July 2007 - 11:38 PM

From what you say, most likely you don't know any language? JSP/PHP/ASP and so on..

The easy way out is to search on the net for a free script that has what you want.

#3 xx66stangxx

xx66stangxx
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:O.C.
  • Local time:07:13 PM

Posted 28 July 2007 - 03:05 AM

well I know a little bit, of what I have taught myself, but thanks I will look into it thanks

#4 ussr1943

ussr1943

  • Members
  • 490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:13 PM

Posted 29 July 2007 - 08:23 PM

I actually just wrote a login system in php/mysql. They are both free to use/create/distrubute but you must make sure your host will support them. A big thing though, alot of peeople new to any web developement languages will make something and it will work fine, but don't have any security measures. So with w/e you end up using make sure you read up several articles about security, an example would be if you use mysql protecting against sql injections that could potentially whipe out your whole database!. Good luck, there are alot of websites dedicated to this sort of thing.

What you will need
A language
A database that can interface with the language
A host that supports your language and database
Free Time to expiriment and fix wrongs

I'm sure you might be able to get a login system pre built, but if your looking for some tutorials for mysql/php login system P.M. me and I can give you a few links.

Happy hunting.
"Ideas are far more powerful than guns."
"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards -- and even then I have my doubts." --Eugene H. Spafford
"One man's terrorist is another's freedom fighter"

#5 Nikas

Nikas

  • Members
  • 650 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Singapore
  • Local time:11:13 AM

Posted 30 July 2007 - 11:09 PM

Why not share the links here? So that everyone can benefit from it.

#6 xx66stangxx

xx66stangxx
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:O.C.
  • Local time:07:13 PM

Posted 04 September 2007 - 12:26 AM

ok so I finally think I have everything situated here is what I have created in php format: login, register, verify, admin, profiles, and a file called conn. I used a help forum to setup these files. Ok know where do I go? I uploaded the login and register php's in my index, and register pages on my website and they appear just fine. Now do I add all those other files to my index and subpages? and how do I get these on the database system so people can actually register?? I use godaddy.com for my hosting and they have mysql servers and ext. Sorry if I sound knieve but everything I have done so far on my website and ext. is just by messing around and haven't had any proper help. again any help would be greatly appreciated :-)

#7 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:13 PM

Posted 04 September 2007 - 10:23 PM

I need to back you up a bit.... First of all, why do you need a database? Passwords and such can be saved in a flat file, and is much easier than trying to learn SQL on top of what you are already trying to do. What is the file 'conn' supposed to do?

First thing's first though. What is the first page your users will see? A login page? Can you access the login page on GoDaddy's server?

There are several logical steps to follow. First, make sure that the login page shows up first. Then make sure that when a person logs in that the information is being submitted to the server properly. Then you can worry about SQL stuff.

So I guess my question is, what do you have that works so far?

#8 xx66stangxx

xx66stangxx
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:O.C.
  • Local time:07:13 PM

Posted 04 September 2007 - 11:04 PM

ok so far I have a login.php verify.php ext. the conn.php I don't know what it was for I got these files off another help forum. To breafly explain: My website is a clothing company that I am starting up I want the login to be for people who want to shop online, making it easier for me to track orders and ext. The login and registration.php, that I put on my index page show up fine, however they don't work yet because I don't know how to link them to the server, sorry if I sound knieve, I am very new at html css php ext. I am pretty much trying to teach all this stuff to myself.

#9 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:13 PM

Posted 05 September 2007 - 08:30 AM

Ok, at least I know where you stand. First off though, I am going to make a recommendation that will simplify your life a little. Google has a merchant's program where they provide an API for a shopping cart scenario. Users that want to purchase clothing from your web site use their google account, and Google handles all of the order tracking, order processing, and maybe most important, all of the security issues. E-Commerce websites are unique in that they need to appropriately handle sensitive personal and financial data, and as a novice user, you do not possess the skill set necessary to protect yourself or your customers. Google has a sandbox so that you can test your applications before making it go live.

Now with that out of the way, you need a php script on the server to get the form information. Here is an example of a form (http://www.w3schools.com/php/php_post.asp):
<form action="welcome.php" method="post">
Enter your name: <input type="text" name="name" />
Enter your age: <input type="text" name="age" />
<input type="submit" />
</form>

This uses a POST method to send data to a php page called Welcome.php. (I'll let you research the difference between using a POST and GET method).

On the server, your php script has to get the form data. PHP uses $_REQUEST["some_string_name"]; to get the form information. So for example:
Welcome <?php echo $_REQUEST["name"]; ?>.<br />
You are <?php echo $_REQUEST["age"]; ?> years old!

This code would be in the Welcome.php file. In your case, you would want to do something else with the strings, but this is a good test to see if you can pass the form data to the .php file. The Welcome.php file should be in the same directory as your login page.

#10 xx66stangxx

xx66stangxx
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:O.C.
  • Local time:07:13 PM

Posted 05 September 2007 - 11:28 AM

ok thanks!, I am doing homework right now haha but I will take you advice and examples into effect, thanks again I will post if not today in a couple days with my final results :-)

#11 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:08:13 PM

Posted 06 September 2007 - 07:00 AM

Take a look at this free and easy PHP script:

http://hypersilence.net/silentum_loginsys.php

#12 xx66stangxx

xx66stangxx
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:O.C.
  • Local time:07:13 PM

Posted 07 September 2007 - 12:15 AM

ok I am still having a little bit of trouble: I but a file on the database so the registered users and passwords appear and that works fine and I have this file:

<?/ * Constants.php / define("DB_SERVER", "10.8.11.162");define("DB_USER", "something");define("DB_PASS", "mypassword");define("DB_NAME", "something");define("TBL_USERS", "users");define("TBL_ACTIVE_USERS",  "active_users");define("TBL_ACTIVE_GUESTS", "active_guests");define("TBL_BANNED_USERS",  "banned_users");define("ADMIN_NAME", "admin");define("GUEST_NAME", "Guest");define("ADMIN_LEVEL", 9);define("USER_LEVEL",  1);define("GUEST_LEVEL", 0);define("TRACK_VISITORS", true);define("USER_TIMEOUT", 10);define("GUEST_TIMEOUT", 5);define("COOKIE_EXPIRE", 60*60*24*100);  //100 days by defaultdefine("COOKIE_PATH", "/");  //Avaible in whole domaindefine("EMAIL_FROM_NAME", "YourName");define("EMAIL_FROM_ADDR", "youremail@address.com");define("EMAIL_WELCOME", false);define("ALL_LOWERCASE", false);?>

and I uploaded all the other neccessary files now I tried typing in http://www.mywebsitepageeee/register.php and I get this message: Client does not support authentication protocol requested by server; consider upgrading MySQL client

what am I doing wrong??

#13 xx66stangxx

xx66stangxx
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:O.C.
  • Local time:07:13 PM

Posted 07 September 2007 - 12:18 AM

btw the website that I put mywebsitepageeee isn't really a website I didn't expect the text to be linked sorry :-)

#14 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:13 PM

Posted 07 September 2007 - 07:33 AM

Have you tried Googling the error message?

#15 xx66stangxx

xx66stangxx
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:O.C.
  • Local time:07:13 PM

Posted 11 September 2007 - 09:40 PM

Yes I did and the answer was to
mysql> UPDATE mysql.user SET Password = OLD_PASSWORD('newpwd')

	-> WHERE Host = 'some_host' AND User = 'some_user';

mysql> FLUSH PRIVILEGES;
and I have to put that in my Command line Interface, the only issue is that godaddy.com doesn't allow shell access to the sever. So that option is out any other suggestions?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users