panique / huge Goto Github PK

Is it possible to have Facebook login and register implemented ? I was looking at this my self but not much success ... I'm trying to make some kind of social website this script is simple and good, but i would like to connect it with Facebook. Also uploading/grabbing avatars from Facebook would be nice as well if its possible.

The attached picture should sum everything up. Acts the same on an iPad. The only modifications I have made is to the background picture in /views/img

maybe also change the hashing to the most advanced, currently useable password hashing technique !?

As per title.

hi, thanks for the very beautiful works u have done and shared.
but i am stuck at some parts, bcoz i am also new at this languange, i could learn from your abt mysql and php connection but, can you make a page or giving and example for updating user information and delete user? thanks you

While users on the same system (Mac OS X) have no problems in firefox or any other browser.

Great script - thanks

1 quaestion - whats the url if you want to login directly? i.e. http://www.mysite.com/index.php?user_name=xxxx&user_password=pword

thanks

instant auto-login after creation of new account

check

error shown when I uploaded the login script to the live server. It worked beautifully on local server.
the errors are:
Warning: require(classes/mysqli.class.php) [function.require]: failed to open stream: No such file or directory in /path/index.php on line 18

Warning: require(classes/mysqli.class.php) [function.require]: failed to open stream: No such file or directory in /path/index.php on line 18

Fatal error: require() [function.require]: Failed opening required 'classes/mysqli.class.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /path/index.php on line 18

Is there any way to send generated messages and errors to another page?
Let say I have registration page and when I click save that opens main page and if there are any errors or messages should be displayed on top.

The title says it all :)

Just a suggestion.

As only few people need stuff like PDO, Themes, AJAX, "fileless session" for cloud usage, gravatar support etc, it might be useful to split this project into a minimal version (just few lines of code, simple login without any css) and full version with theming/css, javascript, PDO and all the nice features...

but: bcrypt is PHP 5.3+ only... hmm...

After install login system I wanted to try to do register ,when I type my own email adress i receive : "Your email adress is not in a valid email format". Any idea how to fix that???

I am getting this error message when attempting to sign up as a new user: "Sorry, your registration failed. Please go back and try again"

Here is the PHP error: "Trying to get property of non-object in C:\wamp\www\Experiments\Login\v1\classes\Login.class.php on line 235"

This line: "if($query_check_user_name->num_rows == 1) {"

Any ideas?

do i have something wrong with my php configuration ?
i get this error:

Parse error: syntax error, unexpected T_FUNCTION, expecting ')' in C:\Documents and Settings\1\Sites\test\phpclasses.org\simple-login-script-2012-07-19\index.php on line 14

For example, 0 and 00. Strict equality would help there.

P.S. Why is the repeated password being stored as a property if it’s supposed to be the same as the first one?

Is there an easy way to add some sort of User approval process. I have read your intention to add email verification, and this pleases me. My big issue is people registering without my desire. Is there a way to separate the registration from the login so that I can protect or hide the register page? Or ideally there would be an admin page, or a method for a super user or server admin to Approve or Deny registration. let me know if this is possible. GREAT work btw! Thanks!

The errors[] array in the Login class will only contain the message "Username field was empty" if the username is '0'.

The quick fix I used was:
if (!empty($_POST['user_name']) && ($_POST['user_name']!=='Username') && !empty($_POST['user_password'])) {

                $this->loginWithPostData();

            } elseif ((empty($_POST['user_name'])) || ($_POST['user_name']==='Username')) {

                $this->errors[] = "Username field was empty.";

            } 

But this still has an error by allowing a user to register with an account that has the username of 'Username'. This person would never be able to log in.

As a side note, the script also prevents a username of '0' from existing due to the call empty() to verify post data.

I'm currently using your code and I like a lot as is nice and simple but have few questions and suggestions:

1. What the email is for in the registration?
2. There should be another password field in registration to confirm that is typed correctly.
3. There should be email confirmation with login address and details.

This work here is beautiful. I'd been away from PHP for some time and found the way you handled the $db connection an excellent and elegant method.

One thing I'm not quite understanding is how the login_form.php is getting called.

I don't see it in the index.php, and the header and footer surround the loginwrapper, so if you could help me understand, how does the login_form get presented to the user?

The reason I ask is that I need to make some modifications and I'd like to use something other than login_form, so I don't have to overwrite it during testing.

Also, this is a learning experience for me so while this may be simple for you I think it's magic.

This is probably a stupid question, but when I go to create a database I'm forced to name the database username_login, instead of just login. Then I would go into the database and import the sql file to create the tables. What in the code do I need to change if the db is named username_login versus just login? Thanks for the help

Hi
It's a really lame question but could anyone tell me how to add more secured pages.
The only way i found that works for me is to create one page eg. users.php containing the base structure like in index.pxp an then there point to user2.php by using
[...
if ($login->isUserLoggedIn()) {
include("vusers2.php");
...]

This is great script but this should be explained on the first page in simple way for peoples that just start adventure with php.
Maybe you could add one more secure page and place simple menu in logged_in.php page.
Thank you,
mihas

Please just use parametrized queries. Ignoring registration for the moment, what if someone logs in with this username?

blahblah' UNION ALL SELECT 'admin' AS user_name, '[email protected]' AS user_email, '$1$$/PWPe740uvaQxKzRH.Zxj1' AS user_password_hash --

Impersonate any user, yay. (The password is hello, by the way.)

Seems to be a very technique for recognization of stolen passwords: http://arstechnica.com/security/2013/05/amid-a-barrage-of-password-breaches-honeywords-to-the-rescue/

Hi,
I'm pretty a newbie of login scripts and I found me stuck in this kind of error.

when i register as a user through the registration form everything goes smooth, but when login is attempted the script always gives me the "wrong password" error. So to clear things up i printed the crypt() function and the associated hash on the db. This was the output for the user_name/password tuple zerrossetto/asd:

$6$rounds=5000$Bm82K7izI0KsiYFx$k.w6S8c8vxCi57mOEPiwONBcMqHaz0ewZZ5jt4h2nJH6NRoDd2qeKyIptG0DVvu4OAhx0apV3akG6jIiJo1xC/
$6$rounds=5000$Bm82K7izI0KsiYFx$k.w6S8c8vxCi57mOEPiwONBcMqHa

The two hashes coincide through the db-stored hash, does this mean that the comparison should be made using substr_compare() and not the "==" operator? Sorry disturbing you for this kind of problem but I'm genuinely curious since this is my first time on login scripts.

Thankyou.

You can register user without filling "Register" form.
Just click on register button.

Im using you login script with my own modifications. But instead of a Gravatar, I want to assign a Avatar to each new user when they create an account. Done and Done. But when I try to show that Avatar im having a little trouble executing the query in another php file that login.class.
What is the best way of going when executing querys outside of the login.class in you PHP-Login? :)

Please add support för SQLite to keep it superduper easy to install, maintain and move from on server to another. Not having to rely on mySQL for really small projects that just require login is wonderful.

Hi Panique!

first thing first, great script buddy! Appreciate you sharing it!

Now I got this issue which is driving me insane. I basically structured my site by using includes in my index page. When user click on the menu say "Home", a variable "page" will be set to "Home" in URL Basically:

if ($page == "home")
include("includes/home.php");

elseif ($page == "magazine")
include("includes/magazine.php");

etc..

Now I want to show a menu for logged in users only. So once a user is logged in, he/she will be able to see another menu besides the regular one. Like this:

• A
• B
• C
• D
• E

So all this works just perfect only on that first page where user get logged in to. So if credentials are ok and he/she log in to home, the new menu shows up, good!

but if redirect to another page from there, like "Magazine"..the new menu disappears??

It should remain, since it is in the index page..seems as the session is gone?

Help me out will ya?

Thanks
/B

SHA256 is known to be weak. Please change to use crypt (specifically the latest adopted bcrypt) and user-specific salts that get regenerated from time to time. Then this will be a great class to use!

Sorry to bug you about this. Wondering if you could comment on the release date?
I really just need email verification.

Would like to donate and help test if at all possible, if you could contact me at blake [at] alertustech.com so we could discuss offline would appreciate it.

I mean, why bother?

Just to say what a great little piece of code this is.

Really like it, not an issue but an enhancement request.

Wouldn't it be great to add email confirmation to the registration process?

Is there any possibility of adding nonce? It would be really cool if you could.
I love your work. Thanks so much.