|
General Details
|
|
PHP (Hypertext Preprocess...
|
|
Posted 3.13 Years Ago
|
|
882 Views
|
|
Received 2 Ratings
|
|
PHP/MySql User System (Basic, Secure)
Description
This is a simple and somewhat secure user system. Here are some features:
-(Registering)-
-Secure
-Blocks special characters (customizable, but is probably a bad idea)
-Blocks quotes
-Eliminates white space in front/end of the username/password/email.
-Username/password must be less than 30 characters (customizable)
-Fully customizable validation email on registration
-Auto-logs IP in database of each user
-Report link to report false sign-ups (sent to random email, for the victim)
-Random hash for validation is sent, with username at the beginning
-Automatically sets the user group (validated or not) to '0' (1/0, 1 = valid, 0 = not valid))
-All information entered into Sql database (including validation code)
-Supplies 'Contact' link in email (customizable)
-(Logging In)-
-Secure
-Checks for blocked (special) characters and blocks quotes
-Checks for cookies/sessions before logging in
-If logged in (session), log-in form is not displayed (customize the display)
-If 'Remember' is (cookies), loads Username only (no password for security)
-Checks validation of user account (if 1, log-in - if 0, display error (no log=in))
-Checks if user exists
-If all information is correct, proceed with log-in
-Sets a session so the user can remain logged in (after log-in)
-Sets cookies if 'Remember' is checked (after log-in) (customizable)
-(Logging Out)-
-Checks for the user system session
-If the session is set (isset), then the session is destroyed
-If the session was never set (no log-in), error message is displayed and PHP is closed
-(Connect)-
-Connects to the server (must change)
-Connects to database (must change)
-(Report)-
-IP is checked from URL (URL format is ?ip=IP:xx.xx.xx.xx)
-IP is checked in database
-If IP is not in database, error message and exits PHP
-If IP is found, a message is sent to the owner's email containing the IP and a message (customizable)
-(Validate)-
-Checks the validation code found in URL
-Checks for validation code in Sql database
-If the code doesn't exist, error message and exits PHP
-If the code is already validated (validated set to 1), error message and exits PHP
-If the code hasn't been validated, validate the account (sets validated from 0 to 1)
-(AJAX)-
-Register/Login use AJAX that can run on Internet Explorer and Firefox (etc)
-JS file should remain the same unless you edit the PHP or the forms
-The only reason it uses AJAX is to be like Newgrounds, because I'm a fanboy
-(Sql)-
-Stores all information
-Code to create the table is supplied
-(Extra Notes)-
-I am fairly new to 'security', so be careful (review PHP string functions to customize)
-A lot of little things are customizable in the full code, a few are mentioned above
-All I am providing is the user system basic set-up, you have to do the rest on your own (i.e. userpages, forum access, portal submitting, etc etc)
-Credit in form of HTML on your page, or comments in your source, would be nice :)
Technical
Requires PHP and MySql Access
Source Code
|
Download Source Code
usersystem.zip ( 0.01Mb )
|
NEVER open a .exe, .bat, .cmd, or other executable file since that is where viruses are likely to live. Please virus scan all files you download.
|
Comments
| Please login to post comments. |
|
|
An example of white listing is to only allow specific character like a-z and nothing
else... black listing would be to remove all bad characters you know of - the problem
being there could be some you have missed ;-)
|
|
|
Very nice!
One thing you might want to consider doing is using classes with something like
this. It comes in very handy, especially when porting this type of code around.
Also, on your validations, I would use Regular Expressions, and use white listing,
to validate against inputs to the exact characters you want. White listing is better
than black listing. Check my article on this out:
http://www.coderprofile.com/networks/articles/10/true-security
|
More "PHP (Hypertext Preprocessor)" Source Codes By This Author
Recently Posted "PHP (Hypertext Preprocessor)" Source Codes
Recently Rated "PHP (Hypertext Preprocessor)" Source Codes
|
