Results 1 to 2 of 2

Thread: Secure PHP login without database (Make login page in php no database)

  1. #1
    Administrator Jennifer's Avatar
    Join Date
    Jul 2010
    Posts
    99

    My Social Networking

    Add Jennifer on Facebook

    Thumbs up Secure PHP login without database (Make login page in php no database)

    Although not recommended but maybe for some reason you need to create a PHP login without the use of any database (SQL). For some reason you maybe scared to approach, but here I made a script that is fairly secure without utilizing any database at all. It allows users to login and stay logged in. If you are one of those people then here's the script for you.
    Now this script does not use any external files to store user names and password as it opens up more security flaws for hackers, so everything is managed in an array within the PHP. If somebody was able to get a hold of your PHP file this will compromise things but the chances of that happening is fairly close to utilizing a database.
    Features

    • Utilizes cookies to give users ability to stay logged in across multiple pages
    • Secure login algorithm mitigates hacking attempts

    Drawbacks
    Now by not utilizing a database there are some drawbacks and they are:

    • Users cannot change password and user names manually
    • Users can attempt login as many times as they want

    With that said, it means that usernames and passwords must be managed by an admin. If this is still something for you. If this is not for you wait around because I will convert this script into a database version in the future.
    Less Talk More Script

    Installation:
    Just download all the necessary files which includes:

    • _login.php
    • _login_page.php
    • _login_class.php
    • _login_users.php
    • login.php
    • logout.php

    Once you put these in your root folder you need to edit the users and settings. Open up _login_users.php and you'll see:




    PHP Code:
     <?php //My Login Script
    //Attach this to any page that requires Login
      //Users and Settings
    $domain_code 'website';       //Alpha Numeric and no space
    $random_num_1 20;             //Pick a random number between 1 to 500
    $random_num_2 565;            //Pick a random number between 500 to 1000
    $random_num_3 3;              //Pick a random number between 1 to 3
     //Usernames can contain alphabets, numbers, hyphens and underscore only
    //Set users below  Just add " => " with the first " being
    //the username and the second " after the => being the password.
    //Its an array so add an , after every password except for the
    //last one in the list. As shown below
    //Eg. $users = array(
    //              'user1' => 'password',
    //              'user2' => 'password'
    //      );
     
    $users = array(
                    
    'user1' => 'password',
                    
    'user2' => 'password'
            
    );
      
    ?>

    Modify the domain code and three random numbers. The three random numbers is the key that makes login secure and unique to your website only. Then at the bottom you can create all of your users.
    Now in every page that you require the user to login just add the following code to the very top of the page, exactly on line 1.


    PHP Code:
    <?php require('_login.php'); ?>
    That's pretty much all you need to do to install the secure login script. The only other thing if you want is you can edit _login_page.php. That's the page people see when they need to login.
    Login and Logout
    You can lead users to login and logout with links to login.php and logout.php as such.


    PHP Code:
    <a href="login.php">Login</a> | <a href="logout.php">Logout</a
    Displaying Macors
    In this case the only macro you can call up is the username after they have logged in. You can call it in a welcome back message like this (placed in your HTML).


    PHP Code:
    Welcome back <?php echo $login->username?>
    Attached Files Attached Files

  2. #2
    Junior Member
    Join Date
    Nov 2011
    Posts
    1

    Smile

    Hi! Thank you Jennifer for posting this useful tutorial. I have some improvements.

    In each page that you want protect put these lines:

    PHP Code:
      session_start();
      
    header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); #Date in the past
      
    header("Last-Modified: " gmdate("D, d M Y H:i:s") . " GMT"); #Always modified
      
    header("Cache-Control: no-store, no-cache, must-revalidate"); #HTTP/1.1
      
    header("Cache-Control: post-check=0, pre-check=0"false);
      
    header("Pragma: no-cache"); #HTTP/1.0
      
    require_once('_login.php');
      if (!
    $login->verify_login($key_uid$key_cid)) {
        
    header("Location: login.php");
        exit();
      } 
    In this way if another user goes back with the browser, the first five headers make impossible to read again the previous page and back logged again, the "if" section verify if the user is logged in and if the user isn't logged in shows the login page. The exit(); blocks the rest of execution of the php code that you may have into your page.

    I hope this trick results useful for secure improvements.
    Last edited by Ak71; 12-11-2011 at 08:47 AM. Reason: Fixed some headers... added comments to the headers

Similar Threads

  1. Hiding your wordpress login screen
    By AP admin in forum CMS Administration
    Replies: 1
    Last Post: 10-21-2010, 08:48 AM
  2. Howto: Changing Linux Login Shell
    By Meer in forum Web Hosting Control Panels
    Replies: 0
    Last Post: 10-05-2010, 07:46 PM
  3. Linux Login as Superuser ( root user )
    By Meer in forum Web Hosting Control Panels
    Replies: 0
    Last Post: 10-05-2010, 07:32 PM
  4. Howto: Changing Linux Login Shell
    By Meer in forum Server Administration
    Replies: 0
    Last Post: 10-04-2010, 07:16 PM
  5. E-mail Alert on Root SSH Login
    By AP admin in forum Server Security
    Replies: 0
    Last Post: 07-28-2010, 07:48 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •