PHP Developers Network

PHP Register/Login
Page 1 of 1

Author:  spencerdemo [ Fri Dec 26, 2014 1:00 am ]
Post subject:  PHP Register/Login

Hey guys so I spent some time creating a Register/Login script, and I want you guys to come check it out! Its probably one of the easiest register login script you'll use, its clean coding and easy to adjust to your website. All you have to do is insert that .sql into your database and edit the database configurations, and its all in 1 file!. I made a small simple website for you guys to download it, if you guys turn out to enjoy it I am looking forward to extending it. Please give me feedback on what you think of the script and some ideas of how to improve it, thanks!

Here is the website to download it:

Author:  requinix [ Fri Dec 26, 2014 2:00 am ]
Post subject:  Re: PHP Register/Login

The two most significant problems are
1. SQL injection in all your queries
2. Storing passwords in plaintext

Author:  Christopher [ Sat Dec 27, 2014 2:05 pm ]
Post subject:  Re: PHP Register/Login

Those two are probably the biggest. I would recommend not only saving hashed passwords; I would recommend having the browser has the password using Javascript and sending only the hashed form. Then compare that with the hash stored in the database to confirm the second credential.

After that, a bunch of little things. Here are a few:

- Move the database code into a separate file with its own class with connect(), find() and insert() methods. Then if someone wanted to use a different database adapter they could easily.

- Separate the display stuff from the actual login code. Maybe put the login code in a class to namespace it.

- Style your login form with CSS classes to make it easier to customize. Wrap fields in <div> to improve customzation. Maybe put messages in variables to make it easy to customize.

- Clean up your if() logic to make it easier to read. You also might want to check whether the form was submitted with GET or POST.

- Redirect after success to eliminate resubmissions.

- Remove closing ?> as it is not needed

Author:  spencerdemo [ Sun Dec 28, 2014 12:40 am ]
Post subject:  Re: PHP Register/Login

I'v update the script, added md5 for the password, some validations to some things, and Password Reset form. Please go check it out!

Author:  Benjamin [ Sun Dec 28, 2014 11:25 am ]
Post subject:  Re: PHP Register/Login

Author:  Celauran [ Mon Dec 29, 2014 2:25 pm ]
Post subject:  Re: PHP Register/Login

Author:  Christopher [ Mon Dec 29, 2014 4:11 pm ]
Post subject:  Re: PHP Register/Login

Agreed. Even SHA1 is not enough these days. ... ipt+bcrypt

The code is still not very clean or customizable. Switching to Mysqli is better, but still does not abstract the DB so it can be replaced easily. And use the PHP filter functions instead of rolling your own email check.

Page 1 of 1 All times are UTC - 5 hours
Powered by phpBB® Forum Software © phpBB Group