PHP Login System Reloaded v1.1

Here’s an updated version of the PHP Login System. You can check the old version here. The following was added: 1. Registration fields: email confirmation password confirmation country recaptcha Email […]


PHP Login System

Here’s an updated version of the PHP Login System. You can check the old version here.

The following was added:

1. Registration fields:

  • email confirmation
  • password confirmation
  • country
  • recaptcha

Email confirmation and password confirmation are configurable fields. By default they are shown, but if you wish to remove one or both of them you have to set it in the file constants.php:

define("REPEAT_EMAIL",true);
define("REPEAT_PASSWORD",true);

2. Table fields:

  • the user ip,
  • number of logins of a user,
  • flag is_admin
  • flag is_blocked
  • new table – Country table

3. dbcontroller class sanitizes user input data

4. Edit Account Area

5. Admin Area – incomplete (for next version)

For now just the list of users is shown and a world map indicating where the users come from.  You can delete Users and set them as Admins. If there are no users to list, no map is shown. Also the User seeing the panel is not shown.
Note that in the demo you will not be able to see the admin part – for admin reasons 🙂

6. New CSS

7. Some other small details in the php code.

For the next version I am planning to :

  • add all admin functions
  • improve and improve ….

To use the recaptcha you need to get a public/private key here . Then you need to define them in constants.php:

define("PUBLICKEY","XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
define("PRIVATEKEY","XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");

In order to use the demo for those who have registered in the previous version’s demo, you need to register again (in the demo login system), since I had to set up another database for it.

Hope you like it. Any suggestions or improvements are welcome!

DEMO

Download the source code here

Tagged with:

chadking

Chadking is an absolute geek that rarely leaves the comfort of his 3-screen desk. He is a self taught programmer and is addicted to all possible legal drugs.

Stay up to date with the latest web design and development news and relevant updates from Codrops.

Feedback 287

Comments are closed.
  1. hey this script work great…
    but when i register a new user i
    cannot receive the activation e-mail or the forgot password email can somebody help with this?

  2. Fatal error: Call to undefined function mysqli_connect() in H:\inetpub\vhosts\unikdesigners.com\httpdocs\php\dbcontroller.php on line 15

    Getting this error can you help meâ?¦.

    define(â??DB_SERVERâ??,â??localhostâ??);
    define(â??DB_USERâ??,â??loginâ??);
    define(â??DB_PASSâ??,â??biotronicsâ??);
    define(â??DB_NAMEâ??,â??najmuddin_loginâ??);

    This is the database setting
    Can Any one help on this

  3. im having a problem that seems to be un answered so far from other sites i have asked this…but on your public_index.php file your version of jp’s main.php in the original he said that was a example of a main page…how can i add that to my html pages so that it will work… where it says if session is logged and right under where it has the link for edit account i added the code include(“whatever.php”); and after i logged in it sent me to that page and showed the links for edit account and log out but it messed my layout of the page up…is there any way to do it so it doesnt mess the layout up???? thank you in andvanced

  4. Chad,

    Thanks much! I am an Emergency Physician (very amateur programmer) and have no complaints only gratitude to you and the others. Installed your files on a 1and1 virtual server–all features work great! Appreciate your efforts.

    Open Source Rocks!

    -JO, Doc from Colorado

  5. I tried to change
    $objCore->getSessionInfo()->getUserInfo(‘email’)
    for
    $objCore->getSessionInfo()->getUserInfo(‘flname’)

    and db controller line 230 to

    $q = “SELECT pk_user,email,usr_userid,flname FROM users WHERE pk_user = ‘$username’”;

    with a blank page as result
    what did I do wrong? Please help because I want to use the “flname on different pages.
    thanks in advance

  6. in the recaptchalib.php file where it says “For security reasons, you must pass the remote ip to reCAPTCHA” what is it talking about??? what am i supposed to put there??

  7. Is it possible to specify a basis for the email administrator? the email that will be used by default to send the registration validation link to the user.

  8. same problem as HTF
    (March 4th, 2010 at 20:37)

    Got an issue where I get an “an error occurred bla bla bla” popup whenever I try and register.

    PLEASE HELP

    Thanks.

  9. Also believe its a javascript problem. with register.js

    maybe line 192 – //} needs removing?

    tried this, no luck.

    But am not sure what is causing data.results to = -2 not =1.

    Anyone with any ideas/solutions?

    Thanks.

  10. Ok now sorted, error in MYSQL database table.

    Now error with

    Warning: mysqli_free_result() expects parameter 1 to be mysqli_result, boolean given in ******/loginsystem/php/dbcontroller.php on line 433

    any ideas

  11. What a great script even me without knowledge of php have it working. Thank you very much.

    I found my mistake and I have now the “flname” on the login page.

    I like to know or it is possible to put this “flname” also in other html pages..

    Thanks in advance
    Raymond

  12. does anyone know how to add additional levels to the script???? as in right now it has 2 levels being a member and a admin…..wanting to add other levels or ranks however you want to say it thanks in adanced

  13. i have a question,
    i have upload it on my website,
    but in the index.php display this error,what can i do?
    Thx

    Warning: require_once(../php/core.php) [function.require-once]: failed to open stream: No such file or directory in /home/dreascom/domains/dreamz-bbs.com/public_html/php2/public_index.php on line 2

    Fatal error: require_once() [function.require]: Failed opening required ‘../php/core.php’ (include_path=’.:/usr/local/lib/php’) in /home/dreascom/domains/dreamz-bbs.com/public_html/php2/public_index.php on line 2

  14. I have everything working with the login script except one little issue.
    When I try and register all of my information the the scrolling ajax image just scrolls forever and I can not insert data into my database or send emails.
    I have inserted the information in manually to the database and I can log in.
    Thanks ChadKing

  15. Hi,i have a problem. I can’t run it on my localhost. When I try and register all of my information the the scrolling ajax image just scrolls forever,it can not send emails.But I can insert data into my database.
    i am using xampp software, is anything i should set it?
    can you help me?

  16. Hi Chad,
    Thanks for this script.
    I have tried this script on localhost and two different web hosting.
    first time using this script, I got some problems, such as sending email. but now everything works 100%. 🙂

  17. hi Yason ,
    can you tell me how to solve the e-mail problem in localhost?
    thank you!

  18. It took an quick look at your demo and it seems that the country select list is not showing even though I have typed enough words in the form. Maybe you can take an look at it when you have some time, I’m using Mozilla Firefox 3.6.3 on Windows 7 , take care \m/

  19. Hi Chadking,

    thx for great script! Simple question – if you are thinking about new version of login reloaded when we can expect it ?

  20. Hello Chadking,

    I’m using your product and I think it’s a very useful application for security, thanks a lot for let us prove it.

    I’d like to know if it’s possible to:

    1. Trace the date and time when users logged in the login system.
    2. Define or limit the users concurrent connections in the application.

    Thanks a lot for your time.

    Regards,

    Alejandro.

  21. Hello Chadking,

    I’m using your product and I think it’s a very useful application for security, thanks a lot for let us prove it. I’d like to know if it’s possible to:

    1. Trace the date and time when users logged in the login system.
    2. Define or limit the users concurrent connections in the application.

    Thanks a lot for your time.

    Regards,
    Alejandro.

  22. Parse error: syntax error, unexpected ‘}’ in D:\xampp\htdocs\login1\register\index.php on line 100

    please help,im also a newb with phpmysql

  23. Great job CHADKING, love this reloaded system, I am going to give it a very good use.

    BTW, when are you planning on releasing the next version?

  24. Could anybody give me a hand with these next things:

    1. I want to add a phone number field
    2. I want to use this login system, as a event registration form and adding a pay module (very important), remove the password utility, use the admin functions to see the users that payed/joined/etc..

  25. Hi chad

    if you dont mind could you please let me know which files to use if i wanted to use this login system to work together with my other system lets say an inbox, blog, or chat, that is if i want to use the same username althrough, how do i name the sessions and which files do i use for this to be integrated? or anybodyelse who has an idea. pls help thanks.

  26. important remark concerning utf-8, there is a bug in the dbcontroller.php that causes reading ???? instead of the name coded in a strange language,
    to overcome it add the following

    mysqli_query($this->link,”SET NAMES ‘utf8′”);

    after

    public function dbgetUserAccountDetails($userkey){

    $q = “SELECT U.*,C.country_name FROM users U,Country C WHERE U.pk_user = ‘$userkey’ AND C.country_code = U.country_code”;

    enjoy and thanks for this great script!

  27. Hey, first sorry for my bad english :).

    My question:

    Can i deactivate the email confirm ?

    also when the users register, then they can after registering , log in?

    Greeting 0grish

  28. I love this script, I would like to get some help in regards to the Email verification, some how its not happening for me. Thank you and please keep up the good work in the name of those of us here trying to learn.

  29. I have created another field in the users database called ‘userid1? and set it to autoincrument.

    I would like to make this available to when the session starts so that I can track my users.

    how can I do that so it is available for me to see like their user name.

    cheers and thanks for your great work

  30. Hi Chad & All the others who got the script working !!!

    Please help….And since the day i came across this page and the DEMO Im in love with the script , But the sad part is its NOT working for me…

    Im facing a few probs here and there when i tried to use the script.
    (Through Xamp & on my webhost)

    And heres what i get mainly as an error when i load “public_index.php”

    “”Warning: require_once(//localhost/loginsystem11/php/core.php) [function.require-once]: failed to open stream: No such file or directory in C:\xampp\htdocs\loginsystem11\public_index.php on line 2

    Fatal error: require_once() [function.require]: Failed opening required ‘//localhost/loginsystem11/php/core.php’ (include_path=’.;
    C:\xampp\php\PEAR’) in C:\xampp\htdocs\loginsystem11\public_index.php on line 2 “”

    And to my suprise the “password_forget.php ” seems to work fine.

    Also pls take note of the below as well :

    * Ive already replaced all the <? tags with <?php

    ** Database USER / PWD /LOCATIONS / USER PRIVILEGES are configured properly.

  31. CHADKING
    i wante help i dont know why but my recaptcha pic is not showing pls take a look and how can i login in as the admin
    THANKS

  32. hi,
    i would like to know the name of this “frame” on the login page. since i would like to customize it. i cant locate where its name is specified. somebody tell me how i can increase/reduce/edit its width. thks.

  33. Well i’ve figured out pretty much all of this – apart from the email has verification. As it seems chad has somehow disappeared feel free to email me and ask questions on this awesome script. My email is:

    michaelsite12@gmail.com

  34. nice script, but when i try to run it i get the following message:

    Fatal error: Call to undefined function mb_internal_encoding() in C:\Users\Wesley Sneijers\Desktop\netserver\www\loginsystem2\php\dbcontroller.php on line 13

  35. Great job, but there is a problem with country code, it will not display any drop down menu and I tried all the possible countries, nothing works
    Thanks for te support

  36. Hi,I’ll repeat Robert’s question which it already set at a forum.
    “If a user forgets his password and wants to request a new one, he will receive an email with a link (containing the hash key) to reset the password.
    He then clicks on the link, and is able to reset his password, which is great!
    But the url (which contains the hash key) can be accessed at a later time, allowing an unexpected user to change the password…
    Would it be possible to change the code so that this cannot happen ?”
    I have changed in core.php :
    public function confirmResetPasswordData($email,$hash){
    $email = urldecode($email);
    $retval = $this->dbcontroller->dbconfirmResetPasswordHash($email,$hash);
    We add some lines to update hashkey:
    $time = time();
    $hashupdt = sha1($email.supersecret_hash_padding.supersecret_hash_padding_2.$time);
    $this->dbcontroller->updateUserFieldEmail($email,”usr_resetpassword_hash”,$hashupdt);
    return $retval;
    }
    It works, but you can make better 🙂
    Good luck !

  37. Vlad

    I’m not entirely sure what difference your solution makes to the original one in core.php. I’ll admit I’m somewhat of a noob when it comes to php (which is why having this script set and support forum is so helpful), but my understanding of your statement is that the hash created for the reset function is amended with the current time. But it is still static: it will sit in the user table until the next time the user resets the password (unless the user is deleted in the meantime)

    If that is the case (and please tell me if I am wrong), then is there any need to amend the hash in the first place? Wouldn’t it be better to record the date and time the reset password hash was last changed and set up a routine to go through the user table and overwrite any reset hash that is more than 72 hours old?

    Next question, as a noob, how would I do that? I’m trying to set up the activation and reset emails so that the email recipient is told what time the request was made and is given 72 hours to either activate the account or change the password (ideally, I’d also like to include the IP address that the request was made from too)

    Plus of course I’d like to add my thanks to Chad for all his efforts in getting v1.1 as far as it goes

  38. OK, so I gave my own problem a bit of thought (quite a bit of thought, the IP and registration date issue took a good couple of days to get the d*mn thing working) and came up with a couple of solutions (please excuse the length of this post, I thought it might be useful to other readers attempting something similar.

    For the activation email, I put the following code in mailer.php:
    $connect = new mysqli(DB_SERVER, DB_USER, DB_PASS,DB_NAME);
    $i = “SELECT usr_ip,DATE_FORMAT(`usr_signup_date`,\’%W %d %M %Y %T\’) AS showdate FROM users WHERE email = ‘$email'”;
    $res = $connect->query($i);
    $usrproc = $res->fetch_array(MYSQLI_ASSOC);

    with references to $usrproc[‘usr_ip’] and $usrproc[‘showdate’] in the email text

    and in admin.php and dbcontroller.php copied the code to get and display user data and amended it to show 2 tables: one for registered users and one for unconfirmed users. With an extra line or two of code to show the current server date as a comparison, this serves to allow the admin user the option to delete any unconfirmed user who hasn’t activated their registration within 72 hours or so.

    So far as the password reset hash is concerned, I think it is likely that this will be best achieved by creating another table in MySQL (I’m calling it usr_activity), linked to the user table by usr_userid – so EVERY user activity (login, logout, change user details, request a password reset hash etc) is logged and timestamped. OK, this is more data intensive (and will inevitably require regular clear-outs and backups by the admin user, depending on how active the login area is and how big your hosting provider will allow MySQL databases to be), but this will provide more of an audit trail – and should enable site admins to comply with any data protection and privacy policies or laws which may apply to them.

    By using a usr_activity table, it doesn’t matter if the password reset hash has expired, as it should now be possible to match the reset hash against the date it was generated and if that was too long ago, then bounce the user back to either the login page or the forgot password page in order to request a new one.

  39. Hi,

    I’m still learning the ropes of php and all.. I’ve corrected a couple of errors i saw mentioned here, but when I go to register, the page just sits there and does nothing..

  40. In all pages, I am getting the folling error: “Parse error: syntax error, unexpected T_OBJECT_OPERATOR…” and it usually occurs on the top of the php file around line 9 or line 22 depending on the file.

    For setup, I changed the 6 lines as noted in http://tympanus.net/codrops/2009/09/03/php-login-system-reloaded/. Also, I sucessfully create the table using the mySql. I am not sure what I am doing wrong. Can someone advise?

  41. When can we expect an update of this login system? Really looking forward to the admin functions. Also the guest function would be great (give every guest a temp ID, so we can count them too.

    How are the pw saved in the db? Are they incrypted? And how?

    Kind regards