eMoneySpace
Welcome, Guest. Please login or register.
Did you miss your activation email?
News: Welcome to eMoneySpace! Sep 29, 2022 12:04 am




[Tutorial] How to make secured login system
Print
Author Topic: [Tutorial] How to make secured login system  (Read 1705 times)
JustClick
Reputation: (+60)
*

Offline

Posts: 5800
Referrals: 1


View Profile WWW
Sep 18, 2016 12:04 pm

Usually i am writing tutorials specially for Noobs. But this time i like to make a Tutorial for Average Coders. I am not professional coder So if someone having better knowledge can add more light in my system. Anyways lets start :-

Step 1 :- A Register page which usually all coders can make. But i am still adding one.

Code:
<form action="" method="post">
<table>
<tr>
<td>Username :</td><td><input type="text" name="username" required="required" /></td>
</tr>
<tr>
<td>Password :</td><td><input type="password" name="password" required="required" /></td>
</tr>
<tr>
<td>Re-Password :</td><td><input type="password" name="repassword" required="required" /></td>
</tr>
<tr>
<td>Email :</td><td><input type="text" name="email" required="required" /></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="Register"></td>
</tr>
</table>
</form>

Step 2 :- How to take this registration and submit it into Database.

function.php file is having one function randomNum();
Code:
<?php
$machine 
'localhost';
$dbuser 'root';
$dbpass '';
$dbname 'usystem';
$con = new mysqli($machine,$dbuser,$dbpass,$dbname);

// FOR RANDOM NUMBER FOR IMAGE
function randomNum()
{
$date date('h:i:s d-M-Y');
$encnum rand(111111,999999);
$enccnum md5($encnum.$date);
$newcode substr($enccnum,2,10);
$rimage $newcode;
return $rimage;
}
?>


I am using this randomNum(); function to make salt never repeat itself ever , bcoz whatever time every second will never come back again in life. So every second there is different time and for that different time the md5 encryption will remain different. So our randomnum will generate unique all the time.

Code:
<?php 
if(!empty($_POST)){
require 
'function.php';

$username trim($_POST['username']); // More security is required i am just putting it normally.
$password trim($_POST['password']); // More filtering is required i am just putting it normally.
$repassword  trim($_POST['repassword']);
$email trim($_POST['email']);

if(empty(
$username) OR empty($password) OR empty($email)){
   echo 
'All the required fields are empty';
}
else if(
$password != $repassword) {
  echo 
'Both passwords are not same ';
}
else if(!
filter_var($emailFILTER_VALIDATE_EMAIL)) {
  echo 
'Invalid Email Address. Please write email in proper format ';
}
else{
  
$salt randomNum(); // this function is written in function.php file.
  
$password md5($password.$salt);
  
$sql "INSERT into members (username,password,salt,email) VALUES ('$username','$password','$salt','$email')";
  
$result $con -> query($sql);
      
if(!empty($result))

echo 'Successfully Registred';
}
else
{
echo 'Problem in Registration';
}
}
}
?>



Step 3 :- Registration work is over. Now time to login to panel. To we need a login panel.

Code:
<form action="" method="post">
<table>
<tr>
<td>Username :</td><td><input type="text" name="username" required="required" /></td>
</tr>
<tr>
<td>Password :</td><td><input type="password" name="password" required="required" /></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="Login"></td>
</tr>
</table>
</form>

Step 4 :- Now after this time to verify login from Database.
Code:
<?php
if(!empty($_POST))
{
require 
'function.php';
  
$username trim($_POST['username']);
  
$password trim($_POST['password']);
  if(empty(
$username) OR empty($password)){
   echo 
'Username and Password fields are empty';
  }
  else {
    
/* GET VALUES OF SALT AND PASSWORD FROM MEMBERS TABLE  */
  
$memcheck " SELECT salt,password FROM members WHERE username = '$username' LIMIT 1";
  
$memresult $con -> query($memcheck);
  
$memrow $memresult -> fetch_assoc();
  
$saltvalue $memrow['salt'];
  
$passvalue $memrow['password'];
  
$memresult -> free();
   
/* GET THE PASSWORD CHECK IF IT MATCHES WITH THE COMBINATION OF SALT OR NOT */
  
$verifypassword md5($password.$saltvalue);
    if(
$passvalue == $verifypassword) {
        
/* ACTION AFTER VERIFICATION  REDIRECT TO DASHBOARD */
header('location: dashboard.php');
    }
   else
   {
         echo 
'Login authentication failed';
    }
  }
}
?>



*** This system will never reveal hackers what is password even if two or more users have same password. Bcoz after combination of Random Salt it will become Different in encryption.

Example : if we do only plane md5 of password 123456 , it will become  e10adc3949ba59abbe56e057f20f883e even if you do md5 on any machine this encryption will remain as it is and gives same values. So if hacker are noobs too they can easily understand.

But with the above concept , 123456 if matched with a random salt and when got md5 it will never give same encryption. Bcoz as i mentioned above .. One user registration at the time will never give same salt to another user at the time of registration. So even both have 123456 as password will give different encrypted code.


I hope this helps someone to make a secured Registration and Login system.

DOWNLOAD THE ABOVE SAID SYSTEM :- http://websitecoder.in/download/usersystem.zip


** To Stay logged in on the page after login verification , username , password need to be cached either by session or cookie. This is not total system but a concept.
« Last Edit: Sep 18, 2016 12:51 pm by JustClick » Logged

DevCristian
Reputation: (+2)
*

Offline

Gender: Male
Posts: 55
Referrals: 0


PHP Developer & Web Designer

View Profile WWW
Reply #1: Sep 19, 2016 03:05 am

Nice tutorial but
Code:
md5()
its to old to be used better use
Code:
password_hash($passwordFromUser, PASSWORD_DEFAULT)
and to check password
Code:
password_verify($passwordFromUser, $passwordFromDB)
Logged
CodeBeast
Reputation: (+13)
*

Offline

Gender: Male
Posts: 816
Referrals: 0


What doesn't kill you breaks you mentally.

View Profile
Reply #2: Sep 19, 2016 06:59 am

Nice tutorial but
Code:
md5()
its to old to be used better use
Code:
password_hash($passwordFromUser, PASSWORD_DEFAULT)
and to check password
Code:
password_verify($passwordFromUser, $passwordFromDB)

I agree with you.

Nice tutorial as well!
Logged
JustClick
Reputation: (+60)
*

Offline

Posts: 5800
Referrals: 1


View Profile WWW
Reply #3: Sep 19, 2016 07:54 am

Nice tutorial but
Code:
md5()
its to old to be used better use
Code:
password_hash($passwordFromUser, PASSWORD_DEFAULT)
and to check password
Code:
password_verify($passwordFromUser, $passwordFromDB)

Still MD5 which is salted will not get decrypted. Am i right ?
Logged

DevCristian
Reputation: (+2)
*

Offline

Gender: Male
Posts: 55
Referrals: 0


PHP Developer & Web Designer

View Profile WWW
Reply #4: Sep 19, 2016 08:46 am

yes but is much easy using the password_hash you dont need to add to db any salts or generate
Logged
JustClick
Reputation: (+60)
*

Offline

Posts: 5800
Referrals: 1


View Profile WWW
Reply #5: Dec 17, 2016 05:25 am

Tut Bomb !  big grin
Logged

JustClick
Reputation: (+60)
*

Offline

Posts: 5800
Referrals: 1


View Profile WWW
Reply #6: Mar 04, 2017 10:49 pm

Monthly Bump !
Logged

Print
 
Jump to:  
Copyright © 2008-2022 eMoneySpace. All rights reserved.