Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Creating A Log-in Page With Xampp And Php


  • Please log in to reply
23 replies to this topic

#1 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:55 PM

Posted 01 July 2008 - 08:00 PM

Another frequently asked question by budding web-developers revolves around creating a log-in page for their websites. Creating a straight log-in page is pretty easy, but what happens after that tends to be a mystery. I’ll show you how easy it really is using XAMPP, PHP, and a few simple text files. If you do not know any PHP or HTML, that is okay. You can simply use the files I provide for you. I’ll explain what we are doing as we go.

For starters, I will assume that you have already downloaded and installed XAMPP, and it is working properly. Here is the link: XAMPP download. I am also going to assume that you are using XAMPP for Windows, although it does not really matter which version you are using. It is pretty much the same. When you have it installed, open your browser and type localhost in the address bar. If everything is working properly, you should see the XAMPP main page. If not, refer to the XAMPP docs to figure out how to start XAMPP. You can close your browser for now.
The first thing we need to do is to create a folder for our project. Open Window’s explorer, and drill down to wherever you installed XAMPP (on Windows it will be installed in your C: drive). Open the subfolder called htdocs and create a new folder called password_test. This becomes our project folder. Next, we are going to create the first of three files that will be placed in this folder. For starters, create a text file called password.txt, and type in the following line:

qwerty:123456

Save the file and close it. That is the file we will use to check our username and password combinations. The next file we want to create is the index page, which is the page that PHP defaults to when a project is run. Use the following code. Before any html purists jump down my throat, I fully realize that I omitted the doctype declaration. For this exercise it is not necessary, and only detracts from the lesson. So create a page called index.php, and make sure to save it in the password_test folder. Place the following code in it:
<html>
  <head>
	<title>Password test</title>
  <head>

  <body>
	<h1>This is a test</h1>
  </body>
</html>

Save it. Open your browser again (with XAMPP running), and type in the following: localhost/password_test. If everything is working correctly, you should see a plain web page that displays ‘This is a test’ in large letters. If not, back up and make sure that XAMPP is running, and that you followed the instructions to this point. An important note here, unless you want to mess with the XAMPP configuration files, the name of the file must be index.php, otherwise Apache will not know what to do.
Some of you may have noticed that, so far, this looks suspiciously like HTML. It is. Apache (the ‘A’ in XAMPP) can be used to serve up plain HTML, even when disguised as a PHP file. Without worrying about the nuts and bolts behind how all that works, let’s go ahead and create a form that will accept a username and password combination. Using a form I borrowed from HTML Code Tutorial dot com, I modified the index.php file to look like the following:
<html>
  <head>
	<title>Password test</title>
  <head>

  <body>
	<FORM ACTION=process_form.php METHOD=POST>
	   name: <INPUT TYPE=TEXT NAME="realname"><BR>
	   password: <INPUT TYPE=PASSWORD NAME="mypassword">
	  <P><INPUT TYPE=SUBMIT VALUE="submit">
	</FORM>
  </body>
</html>

Save it, and run your project again (open your browser and type in localhost/password_test. If you hit the submit button, you should get an error message since we have not created a file called process_form.php yet, which is the next step. So let’s go ahead and create that file now, which is simply a text file. This is where it starts to get a bit tricky, so we will go step-by-step. Paste in the following code:
<html>
  <head>
	<title>Password test, page 2</title>
  <head>


  <body>

	<?php 
		 $name  = $_POST['realname'];
		 $pass  = $_POST['mypassword']; 
		 echo $name;
	  ?>

	  <br>

	  <?php
		 echo $pass;
	  ?>	<br>
  
  </body>
</html>

Save the code, and then run your project. If all is working properly, you should see your username and password displayed on the screen. If not, back up and make sure that you followed all of the steps. Now for a quick explanation of what is happening with the code. Quite simply, the majority of it is HTML, but you will notice some sections that start with <?php, and end with ?>. This tells Apache that whatever comes between those sections is PHP, and it must be handled differently. All we are doing at this point is making sure that our username and password combination is being properly handed to the .php file that is going to do the actual work (process_form.php). These two lines get the information from the form:

$name = $_POST['realname'];
$pass = $_POST['mypassword'];

If you go back to the index.php page, you will see in our form that the field where we type in our name has a parameter called ‘Name’, and the value assigned to it is ‘realname’. Likewise, the password field also has a parameter called ‘Name’, and it is assigned a value of ‘mypassword’. You should also notice that the password field has a parameter called ‘TYPE’, and it is assigned a value of ‘PASSWORD’. The next two lines just echo the output to the browser, and are only used to make sure that we have no errors so far. Coding this way is a good practice; do a little code and then test it. It is easier to find an error in four lines of code than it is to find the error in four hundred, or four thousand, lines of code.

At this point, if everything is working properly, we are going to alter our code a bit:
<html>
  <head>
	<title>Password test, page 2</title>
  <head>

  <body>
	<?php 
		 $name  = $_POST['realname'];
		 $pass  = $_POST['mypassword']; 

  
	  ?>	
		<br>
  
  </body>
</html>

Since we know our password and user name are making it through, then we can drop those two lines of code. Now we need to read our password and user combination from our password text file. Let’s add the following code. I added comments throughout to explain what is happening, so hopefully that is enough:
<html>
  <head>
	<title>Password test, page 2</title>
  <head>

  <body>
	<?php 
		 $name  = $_POST['realname'];
		 $pass  = $_POST['mypassword']; 

		 //read the contents of our password file.
		 $myFile = "password.txt";
		 $fh = fopen($myFile, 'r');
		 $data = fgets($fh);
		 fclose($fh);

		 //echo the data from the text file
		 echo $data;

		 //print out an HTML line break
		 print "<br>";

		 //now we need to split our line of data from the text
		 //file so that we can do the comparison.

		 //split the text into an array
		 $text = explode(":",$data);

 
		 //echo the split user name
		 echo $text[0];
	 
		 //print out an HTML line break
		 print "<br>";

		 //echo the split password
		 echo $text[1];

		 //assign the data to variables
		 $good_name = $text[0];
		 $good_pass = $text[1];

		 //print out an HTML line break
		 print "<br>";

		 //compare the strings
		 if( $name === $good_name && $pass === $good_pass){
			echo "That is the correct log-in information";
		 }else{
			echo "That is not the correct log-in information.";
		 }
	  ?>	
		<br>
  
  </body>
</html>

So now for a quick summary of the entire project; First, we created a text file that holds our username and password combination. Then we created a simple html form to accept our user name and password combination. Finally, we created a ‘controller’ that took the password and user name combination from the form, read in the user name and password combination from the password.txt file, and then compared them to see if they were the same. A message was then displayed, which depended on whether or not the combinations matched.

That’s really all there is to it. In the real world, passwords would likely be stored in a database, and there would be more than one valid username/password combination, but this provides a quick start. If the password and username matched, one would also set a cookie on the user’s computer so that the server could keep track of which users were logged in, and which users were not.

BC AdBot (Login to Remove)

 


m

#2 KamakaZ

KamakaZ

  • Members
  • 739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:02:55 PM

Posted 15 February 2009 - 07:41 PM

If your web server supports mySQL, i would also suggest giving this one a go... works fine for me.

PHP, mySQL login form/database

Note: you will need to be able to either create tables in the database or do it via command line (explained in the link)

There's no place like 127.0.0.1
There are 10 types of people in the world, those that can read binary, and those who can't.


#3 Stofzuiger

Stofzuiger

  • Members
  • 332 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The inside
  • Local time:04:55 AM

Posted 30 April 2009 - 05:30 AM

u make a tiny typo i think:

for starters, create a text file called pass.txt

and later on:

Now we need to read our password and user combination from our password text file.

and in the code you also refer to password.txt:

//read the contents of our password file.
$myFile = "password.txt";


the problem is that we have an "pass.txt" which should be named "password.txt"?
If i'm missing something, please say so :thumbsup:


Note: i first didnt got the localhost-start-page working, i found out that windows was blocking it.

Every one goes fun fun fun


Who is this doin' this synthetic type of alpha beta psychedelic bleepin'? ~Chemical Brothers - Elektrobank


#4 groovicus

groovicus
  • Topic Starter

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:55 PM

Posted 30 April 2009 - 12:18 PM

That was a typo. I'll fix it.

#5 Lee Painting

Lee Painting

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 20 February 2010 - 02:48 PM

I appreciate all the input.
what I would like to do is:
When someone comes to our website I would like to have them leave their email address before they can continue to view our site.No password involved.
They will enter their email than hit enter.If I can accomplish this,does that mean I have to some how verify their e mail address?Maybe asking to much.I am trying to prevent someone from from putting in a invalid email address(like someone else's)
I am open tp any ideas and please let me know if it' is too much.
Thanks,
Lee

#6 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,240 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:07:55 PM

Posted 30 March 2010 - 04:18 AM

I appreciate all the input.
what I would like to do is:
When someone comes to our website I would like to have them leave their email address before they can continue to view our site.No password involved.
They will enter their email than hit enter.If I can accomplish this,does that mean I have to some how verify their e mail address?Maybe asking to much.I am trying to prevent someone from from putting in a invalid email address(like someone else's)
I am open tp any ideas and please let me know if it' is too much.
Thanks,
Lee


I would classify that as a rather bad idea. If I were to come across a page that asked for my e-mail address out of the blue, I'd either leave, lie, or use a disposable address. It's generally considered bad practice to impede people from viewing your site in a manner such as you suggest, and what about search engines? Unless your site is giving away free chocolate-covered Ferrari's, the vast majority of people won't bother with entering anything at all and will just leave.

#7 God Mode

God Mode

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:55 PM

Posted 26 September 2010 - 03:34 PM

This may be a rather stupid question, but I'm curious so I'll ask anyway.

Is it possible to do anything like this on free website host (like freewebs)?



I've thought about attempting a social networking site (although theres lots of those out there) and I can't afford to pay for an actual service... if that makes sense. =/



I havent tried any of this out yet... if that makes a difference.

#8 groovicus

groovicus
  • Topic Starter

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:55 PM

Posted 26 September 2010 - 04:28 PM

As long as the host supports PHP (or something like it), then uyes it is possible.

#9 God Mode

God Mode

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:55 PM

Posted 26 September 2010 - 05:46 PM

Here's another seemingly silly question...

Uhm.. With the XAMPP... does the PHP automatically get installed with it, or does that have to be done separately?
And if so, where/how would i go about doing that?

#10 groovicus

groovicus
  • Topic Starter

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:55 PM

Posted 26 September 2010 - 10:39 PM

Everything gets installed automatically. Most people use Xampp to develop on their own personal system. Once everything works, then the files can be moved to the server. It makes it much easier to do development. If your host does not handle PHP, then you need to find other options for hosting.

#11 CrimsonSpider

CrimsonSpider

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Matrix
  • Local time:03:55 AM

Posted 06 December 2010 - 01:26 PM

Wow, I can't believe it took me this long to figure out that there was a pinned thread here! Haha.

It's fantastic though. Will test it out soon and post if there any problems! :)

CrimsonSpider
"Dont worry if it doesnt work right. If everything did, youd be out of a job."
(Moshers Law of Software Engineering)

#12 JUICYboy

JUICYboy

  • Members
  • 537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Anaheim, Ca
  • Local time:11:55 PM

Posted 27 March 2011 - 08:29 PM

Im stuck :workout:

I have:
1.Xampp controll installed & turned it on
2.created a folder in htdocs called password_test
3.Created the index.php
4.Created the process_form.php and saved it in the password_test folder
5. Created the password_test.html

I get confused on how to open the file.
Do I type localhost/password_test ??
or do I go inside the password_test folder and open up the password_test.html?
If I open up the folder then open password_test.html it gives a error that it can't find the process_form.php
Yet It is in the same folder. (Its spelled correctly to) :tophat:

Edited by JUICYboy, 27 March 2011 - 08:30 PM.


#13 groovicus

groovicus
  • Topic Starter

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:55 PM

Posted 28 March 2011 - 07:06 AM

Do you have xampp running> You did read the instructions for installing and making sure it was running, right?

#14 JUICYboy

JUICYboy

  • Members
  • 537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Anaheim, Ca
  • Local time:11:55 PM

Posted 28 March 2011 - 08:45 PM

Yes :thumbup2:

I installed exam control a while ago.

I turn it on, and type local host in my browser as per instructions and then
it takes me to a page that states:

"Congratulations:
You successfully installed XAMPP on this system!"

#15 groovicus

groovicus
  • Topic Starter

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:55 PM

Posted 29 March 2011 - 07:38 AM

If xampp is running, then you should be able to do localhost/nameofyourfile.php




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users