Free PHP Login Script

[pbu]

i am posting here a simple login script which i coded few months ago. i am releasing it free of charge. the code can be used for both commercial or personal purpose.

Note: make sure you use captcha if you want to protect your login system from spam.

** MOVED HERE WITH FREE DOWNLOAD **

How it works

- User gives email and password and the script searches for that email and password in the database and if found it redirects to myaccount.php

- The password is stored in md5 format. When the user enters his password, the script converts to md5 string and then compares this to the md5 of the password stored in the database.

- This script once logged in registers 2 session variables user_id and user_level (like 1,2,3) which is available on all pages. Make sure that you put session_start() on top on all the pages where you want to login protect.

MySQL Table Structure

Table Users

id INT(20) AUTO_INCREMENT PRIMARY
user_id VARCHAR(100)
user_email VARCHAR(100)
user_level int(2)
pwd VARCHAR(100)
activated INT(0)
date (date)
country varchar(100)

Login.php

PHP Code:

<?php 
include 'dbc.php';

$user_email = mysql_real_escape_string($_POST['email']);

if ($_POST['Submit']=='Login')
{
$md5pass = md5($_POST['pwd']);
$sql = "SELECT id,user_name,user_level FROM users WHERE 
            email = '$user_email' AND 
            pwd = '$md5pass' AND activated='1'"; 
            
$result = mysql_query($sql) or die (mysql_error()); 
$num = mysql_num_rows($result);

    if ( $num != 0 ) { 

        // A matching row was found - the user is authenticated. 
       session_start(); 
       list($user_id,$user_name,$user_level) = mysql_fetch_row($result);
        // this sets variables in the session 
        
        $_SESSION['user_name']= $user_name;  
        $_SESSION['user_level'] = $user_level;
            
        if (isset($_GET['ret']) && !empty($_GET['ret']))
        {
        header("Location: $_GET[ret]");
        } else
        {
        header("Location: myaccount.php");
        }
        //echo "Logged in...";
        exit();
    } 

header("Location: login.php?msg=Invalid Login");
//echo "Error:";
exit();        
}

How to protect pages with login script

Once the user logs in, all you have to do is just put the following code on top of pages you want to protect (only available to logged users) like myaccount.php, page1.php, page2.php etc... It should be on very top of every php page

PHP Code:

<?php 
session_start();

if (!isset($_SESSION['user_name']))
{
header("Location: login.php");
}
<<other page content goes here>>
?>

Logout script

Just create a page logout.php and put the following code in it. All user need to do is access this page to logout from the system.

PHP Code:

<?php
session_start(); 
unset($_SESSION['user_name']);
unset($_SESSION['user_level']);
header("Location: login.php");
?>

User Registration

Register.php

This script gets the password from users and stores it as md5 string. When you retreive this password to check for login make sure that you convert the given user password to md5 and then compare what is stored in the database.

PHP Code:

<?php 

include ('dbc.php'); 

if ($_POST['Submit'] == 'Register')
        {
        
    $rs_duplicates = mysql_query("select id from users where email='$_POST[email]'");
    $duplicates = mysql_num_rows($rs_duplicates);
    
    if ($duplicates > 0)
    {    
    //die ("ERROR: User account already exists.");
    header("Location: register.php?msg=ERROR: User account already exists..");
    exit();
    }
    
    $rs_user_id = mysql_query("select id from users where user_name='$_POST[user_name]'");
    $duplicate_user_id = mysql_num_rows($rs_user_id);
    
    if ($duplicate_user_id > 0)
    {    
    //die ("ERROR: User account already exists.");
    header("Location: register.php?msg=ERROR: User name already exists..");
    exit();
    }
    
        
    if ($_POST['pass1'] != $_POST['pass2'])
    { 
    //die ("Password does not match");
    header("Location: register.php?msg=ERROR: Password does not match..");
    exit();
    }    
    
    $md5pass = md5($_POST['pass2']);
    $activ_code = rand(1000,9999);
    
    mysql_query("INSERT INTO users
                  (`name`,`email`,`pwd`,`country`,`joined`,`activation_code`,`user_name`)
                  VALUES
                  ('$_POST[name]','$_POST[email]','$md5pass','$_POST[country]',now(),'$activ_code','$_POST[user_name]')") or die(mysql_error());
    
    $message = 
"Thank you for registering an account <put your content here>. Put here also link for activation";

    mail($_POST['email'], "Login Activation", $message,
    "From: \"Domain\" <put_from_email_here>\r\n" .
     "X-Mailer: PHP/" . phpversion());
    
    header("Location: register.php?done=1&msg=Registration Successful! An activation code has been sent to your email address...");    
    exit;
    }    

?>

Forgot Password Script

Incase the user forgets the password, this script will reset the password and sends the user his new password to his email. This script first checks whether the user has account registered and then resets the password.

PHP Code:

if ($_POST['Submit']=='Send')
{

$rs_search = mysql_query("select email from users where email='$_POST[email]'");
$user_count = mysql_num_rows($rs_search);

if ($user_count != 0)
{
$newpwd = rand(1000,9999);
$newmd5pwd = md5($newpwd);
mysql_query("UPDATE users set pwd='$newmd5pwd' where email='$_POST[email]'");
$message = 
"Here are the login details...\n\n
User Name: $_POST[email] \n
Password: $newpwd \n
____________________________________________
Thank you. This is an automated response. PLEASE DO NOT REPLY.
";

    mail($_POST['email'], "New Login Details", $message,
    "From: \"Domain\" <from_email_address>\r\n" .
     "X-Mailer: PHP/" . phpversion());
     
die("Thank you. New Login details has been sent to your email address");
} else die("Account with given email does not exist");

}
?> 


[Apoztel]

Hi, thanks for the scripts, but how do I manipulate them for my needs/ Here is my MySQL code DROP DATABASE IF EXISTS dbjoinourteam;

CREATE DATABASE dbjoinourteam;

USE dbjoinourteam;

CREATE TABLE admin (
adminid tinyint(3) unsigned NOT NULL auto_increment,
adminusername varchar(15) NOT NULL,
adminpassword varchar(15) NOT NULL,
PRIMARY KEY (adminid)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

INSERT INTO admin (adminid, adminusername, adminpassword)
VALUES (1,'Smooby','#1Sm00bie#1');

CREATE TABLE jobopenings (
jobid int(10) unsigned NOT NULL auto_increment,
jobname varchar(30) NOT NULL,
PRIMARY KEY USING BTREE (jobid)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

CREATE TABLE applicantinfo (
applicantid int(10) unsigned NOT NULL auto_increment,
lastname varchar(255) NOT NULL,
middleinitial varchar(1) NULL,
firstname varchar(255) NOT NULL,
email varchar(100) NOT NULL,
emailapproved enum('n','y') NOT NULL default 'n',
cellphone varchar(14) NULL,
workphone varchar(14) NULL,
homephone varchar(14) NULL,
resume varchar(64000) NOT NULL,
applicationdate timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
PRIMARY KEY (applicantid)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

CREATE TABLE jobapplyingfor (
jobid int(10) unsigned NOT NULL,
applicantid int(10) unsigned NOT NULL,
KEY FK_jobapplyingfor_1 USING BTREE (jobid),
CONSTRAINT FK_jopapplyingfor_1 FOREIGN KEY (jobid) REFERENCES jobopenings (jobid) ON DELETE CASCADE ON UPDATE CASCADE,
KEY FK_jobapplyingfor_2 USING BTREE (applicantid),
CONSTRAINT FK_jobapplyingfor_2 FOREIGN KEY (applicantid) REFERENCES applicantinfo (applicantid) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

[admin]

All you need is two fields for the applicants to login with user name and password.

CREATE TABLE applicantinfo (
applicantid int(10) unsigned NOT NULL auto_increment,
applicant_userid VARCHAR(100),
applicant_passwd VARCHAR(100),
lastname varchar(255) NOT NULL,
middleinitial varchar(1) NULL,
firstname varchar(255) NOT NULL,
email varchar(100) NOT NULL,
emailapproved enum('n','y') NOT NULL default 'n',
cellphone varchar(14) NULL,
workphone varchar(14) NULL,
homephone varchar(14) NULL,
resume varchar(64000) NOT NULL,
applicationdate timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
PRIMARY KEY (applicantid)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

[webdesigner706]

Thanks for the Script....It does exactly what I needed. I have been in design a while but just getting started with PHP. So, not only does it work for the log in I needed, it gives me a nice script to study.
Thanks again.

[kino]

please help me out, am getting this error below. other scripts are running ok however the Register.php script cant even show the image. Is it because am using windows?


<br />
<b>Fatal error</b>: Call to undefined function: imagepng() in <b>c:\program files\easyphp1-8\www\rottery\pngimg.php</b> on line <b>8</b><br />

[kino]

the Login scripts are cool! but i cant see the image on the Register.php script.
is it that am using windows please help.

<br />
<b>Fatal error</b>: Call to undefined function: imagepng() in <b>c:\program files\easyphp1-8\www\rottery\pngimg.php</b> on line <b>8</b><br />

[pbu]

Thats because you dont have PHP GD library with PNG support is installed.

[surbjit]

I get another error when i uploaded it to my webhost:

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'root'@'10.50.0.15' (using password: NO) in /home/a8271294/public_html/dbc.php on line 3

Im also using a free webhost and i cant make the username guest can someone tell me how to edit the database details to the username on my webhost and the password on my webhost??

thanks

surbjit

[stuart2301]

open up your dbc.php for editing and change line 3 to read your username@your hostname with password i think.

All these should be placed in between the " ' " little quotes at the minute you have no password inbetween the last set

good luck

[surbjit]

Right ive got another problem everything works but the email validation is not being sent ? Please help me sorry for being such a pain but im a complete newbie to this all!
Thanks,
surbjit