PHP Login Script

Created: July 25, 2013
Last Modified: April 18, 2017
Subscribe to Internet Tips and Tools Feed

Login

Features:

  • Complete PHP and MySQL Login Script with Register and stay logged in cookie
  • Auto activate account or choose to do email verification
  • If you have header.php and footer.php then login.php, register.php and activate.php will display these.
  • Passwords are secured with SHA1 encryption and salt
  1. dlc_b

    Download

    Downloaded 0 times.
    Please make a donation to reveal the download link.
  2. Open settings.php and edit the following variables:

    	$title = "Sea Breeze Login Script"; // Title of your website
    	$logo = "sea2.gif"; // Used as the logo in emails and on some pages
    	$folder = "images/"; // the images folder (including logo)
    	$email_activation = 1; // 1 = yes; 0 = no email activation.  Just activate and log them in immediately
    	$from_email = "Your Name <name@email.com>"; // $from_email is only used if $email_activation is set to 1
    	$notify_email = ""; // Enter your email if you wish to be notified every time a user logs in
    	
    	$db_username="abc_user"; // Name of your sql database user
    	$db_pw="password"; // password for your sql database
    	$server="localhost"; // Usually keep this as local host
    	$database="abc_login"; // The sql database you created
    	
    	/* Salt is text that is added to passwords so that it is more difficult to decrypt them.
    	  Change salt to any random text and numbers and make sure no one else knows it */
    	$salt = "random123"; 
    	

    The file settings.php is called by every other file included with this script. It will automatically create a table called users in the mysql database.

  3. Add the following code to the very top of your index page and every other page that will be interacting with the user:

    	<?PHP session_start(); 
    	$_SESSION['return_page'] = $_SERVER['REQUEST_URI'];	
    	?>
    
  4. To add a login button to your index page and to have your page display when the user is logged in with a logout button then add the following code to your header or menu section:

    	<?PHP
    	if (isset($_SESSION['user_id']))
    	{
    		echo "<font color='green'>Logged in as ".$_SESSION['display_name']."</font>".
    				' - <a href="logout.php">Logout</a>';
    	}
    	else
    		echo '<a href="login.php">Login</a>';
    	?>
    

    Note: login.php includes a link to register for a new account. The very first user to register is created as an administrator and the rest are created as users. So make sure that you are the first user to register.

  5. After a user logs in you will have the following PHP session variables as set in log.php available to your web pages:
    $_SESSION['last_login'] = SQL DATETIME of users last login
    $_SESSION['last_activity'] = SQL DATETIME of users last activity
    $_SESSION['user_id'] = Users id (Row in users table)
    $_SESSION['email'] = Users email address
    $_SESSION['display_name'] = Users display name
    $_SESSION['type'] = User type (User, Moderator or Administrator)
    $_SESSION['timezone'] = Timezone of user as set by javascript

History

10/10/2014 - ver 1.0d - Previously the stay logged in cookie was created using salt and email address. With that method a hacker that stole the database and the salt would then be able to instantly login as any user by creating fake cookies. Changed to store a version of the password that is stored in new 'cookie' column in MySql.

10/03/2014 - ver 1.0c - Changed $_SESSION['refer'] to $_SESSION['referer'] in log.php

07/28/2013 - ver 1.0b - Fixed security bug in cookie.php

07/26/2013 - ver 1.0 - Created PHP Login Script and realsed to public

Back to www.seabreezecomputers.com
Subscribe to Internet Tips and Tools Feed        

User Comments

There are 5 comments.

Displaying first 50 comments.

1. Posted By: Simone - - March 15, 2014, 7:39 am
It's actually very difficult in this full of activity life to listen news on Television, thus I only use internet for that purpose, and get the most up-to-date news.

2. Posted By: Jen Gettler - - March 29, 2014, 2:35 am
No database file in zip so no good unless someone goes threw the files and works it out for them selves.... unless I'm missing something?!

3. Posted By: Jeff - - March 31, 2014, 12:34 pm
Jen,

The very bottom of settings.php starting at line 109 builds the users table if it does not exist. Every other php file includes settings.php at the top. So the first time any file is run on the server the users table is created.

Jeff
www.seabreezecomputers.com/

4. Posted By: Camile - - November 12, 2014, 7:36 am
How is it that when I'm trying to log on, it's not showing that i'm logged in and going back to my main page, where the button "login is " ?
examserver51.dk/kim/index.php


5. Posted By: Jeff - - November 13, 2014, 12:41 pm
Hello Camile,

In order for the login button to change to logout and say that you are logged in you must put the following code at the very top of your page before <!DOCTYPE html>:

<?PHP session_start();
$_SESSION['return_page']=$_SERVER['REQUEST_URI'];
?>

Then the login button code should look something like this:

<?PHP
if (isset($_SESSION['user_id']))
{
echo "<font color='green'>Logged in as ".$_SESSION['display_name']."</font>".
' - <a href="logout.php">Logout</a>';
}
else
echo '<a href="login.php">Login</a>';
?>

Most pages usually return to the main page after login but with some extra stuff that can be done with a logged in user. If you would rather go to a different page after login then edit line 82 of log.php and change $location to go to a different page. Or change $_SESSION['return_page'] in the code above to go to a different page.

Jeff
www.seabreezecomputers.com/