Beruflich Dokumente
Kultur Dokumente
CreateMySQLInjectionfreeSecureLoginSysteminPHPSubin'sBlog
Subin's Blog
A 16 Year Old Hacker
BLOG
PROJECTS
WEB
OS
ASK
SHORT POSTS
Subscribe
There were a lot of people who
Email Address
Subscribe
Follow Me
1/17
2/27/2016
CreateMySQLInjectionfreeSecureLoginSysteminPHPSubin'sBlog
Follow Me
DOWNLOAD
DEMO
UPDATE - logSys
There is a new, free, better Advanced
Login System which you can check
out here.
First of all create a file named
login.php, home.php, logout.php
Popular
Posts
1. PHP Secure,
Advanced
Login
System
2. How To
Create A
Simple Web
Crawler in
PHP
)ENGINE=MyISAMDEFAULTCHARSET=latin1AUTO_INCREMENT
PRIMARYKEY(`id`)
3. Create
MySQL
1. The column usernameis to
Injection
free Secure
Login
username.
System in
PHP
4. Record,
Play,
2/17
2/27/2016
CreateMySQLInjectionfreeSecureLoginSysteminPHPSubin'sBlog
Play,
Download
Microphone
using SHA256.
3. The column psaltcontains a
Sound With
HTML5
5. Implement
password is true.
Now we should add a user to the
5 Star
Rating
System
INSERTINTO`users`(
`id`,
Page
`username`,
7. Default TTL
(Time To
`password`,
`psalt`
NULL,
Live) Values
of Different
'subins2000@gmail.com',
OS
)VALUES(
'4f8ee01c497c8a7d6f44334dc15bd44fe5acea9aed07f67e34a22ec490cfced1'
8. Uploading
's*vl%/?s8b*b4}b/w%w4'
An Image
);
Using AJAX
In jQuery
With PHP
9. How To Set
following values:
Same
Cookie On
login.php
Different
Domains
10. Make A
Blank
Template /
<formmethod="POST"action="login.php"
HTML Page
In Blogger
<tablewidth="300"cellpadding="4"
<tr><td><tdcolspan="3"><strong>
<tr><tdwidth="78">EMail</td><td
<tr><td>Password</td><td>:</td><td><input
<tr><td></td><td></td><td><input
</table>
LoginSystemprovidedby<atarget
</form>
http://subinsb.com/phpsecureloginsystem
Pageviews
854,174
3/17
2/27/2016
CreateMySQLInjectionfreeSecureLoginSysteminPHPSubin'sBlog
</form>
Donate
A donation will
help me maintain
the site and all my
projects. So, please
help...
session_start();
if($_SESSION['user']!=''){header(
$dbh=newPDO('mysql:dbname=db;host=127.0.0.1'
$email=$_POST['mail'];
$password=$_POST['pass'];
if(isset($_POST)&&$email!=''&&
$sql=$dbh>prepare("SELECTid,password,psaltFROMusersWHEREusername=?"
$sql>execute(array($email));
while($r=$sql>fetch()){
$p=$r['password'];
$p_salt=$r['psalt'];
$id=$r['id'];
}
$site_salt="subinsblogsalt";/*CommonSaltusedforpasswordstoringonsite.
$salted_hash=hash('sha256',$password
if($p==$salted_hash){
$_SESSION['user']=$id;
header("Location:home.php");
}else{
echo"<h2>Username/PasswordisIncorrect.</h2>"
}
}
?>
home.php
<html><head></head>
<body>
http://subinsb.com/phpsecureloginsystem
4/17
2/27/2016
CreateMySQLInjectionfreeSecureLoginSysteminPHPSubin'sBlog
<?
session_start();
if($_SESSION['user']==''){
header("Location:login.php");
}else{
$dbh=newPDO('mysql:dbname=db;host=127.0.0.1'
$sql=$dbh>prepare("SELECT*FROMusersWHEREid=?"
$sql>execute(array($_SESSION['user'
while($r=$sql>fetch()){
echo"<center><h2>Hello,".$r['username'
}
}
?>
</body>
</html>
logout.php
This file is simple. Just add the
following :
<?
session_start();
session_destroy();
?>
http://subinsb.com/phpsecureloginsystem
5/17
2/27/2016
CreateMySQLInjectionfreeSecureLoginSysteminPHPSubin'sBlog
register.php
What's logging in without registering
? Here's a sample Registration page :
<?
session_start();
if($_SESSION['user']!=''){
header("Location:home.php");
}
?>
<!DOCTYPEhtml>
<html>
<head></head>
<body>
<formaction="register.php"method
<label>EMail<inputname="user"
<label>Password<inputname="pass"
<buttonname="submit">Register</button>
</form>
<?
if(isset($_POST['submit'])){
$musername="root";
$mpassword="backstreetboys";
$hostname="127.0.0.1";
$db="p";
$port=3306;
$dbh=newPDO('mysql:dbname='.$db
if(isset($_POST['user'])&&isset
$password=$_POST['pass'];
$sql=$dbh>prepare("SELECTCOUNT(*)FROM`users`WHERE`username`=?"
$sql>execute(array($_POST['user'
if($sql>fetchColumn()!=0){
die("UserExists");
}else{
functionrand_string($length
$str="";
$chars="subinsblogabcdefghijklmanopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXY
$size=strlen($chars);
for($i=0;$i<$length;$i++)
http://subinsb.com/phpsecureloginsystem
6/17
2/27/2016
CreateMySQLInjectionfreeSecureLoginSysteminPHPSubin'sBlog
for($i=0;$i<$length;$i++)
$str.=$chars[rand(0,$size
}
return$str;/*http://subinsb.com/phpgeneraterandomstring*/
}
$p_salt=rand_string(20);/*http://subinsb.com/phpgeneraterandomstri
$site_salt="subinsblogsalt";
$salted_hash=hash('sha256'
$sql=$dbh>prepare("INSERTINTO`users`(`id`,`username`,`password`,`p
$sql>execute(array($_POST['user'
echo"SuccessfullyRegistered."
}
}
}
?>
</body>
</html>
Previous Post
Better Google Chrome History Page
Next Post
Setting Iframe height to its content
http://subinsb.com/phpsecureloginsystem
7/17
2/27/2016
CreateMySQLInjectionfreeSecureLoginSysteminPHPSubin'sBlog
Comments
Community
1
Login
Share
Recommend
SortbyBest
Jointhediscussion
s.shivasurya
2yearsago
andwecouldusedifferent
usersformysqldb
connectiontoenhance
security!imeanproviding
properprivilideges!
4
Reply Share
Rassell 19daysago
Errordirectingtohomepage.
Hiaftersetting
session_start()tofalse,and
implementsession_start()
starttoallpages.Istillgetan
errorof:
Warning:Cannotmodify
headerinformationheaders
alreadysentby(output
startedat
/customers/2/a/e/muslimnikkah.co.uk/httpd.www/F...
in
/customers/2/a/e/muslimnikkah.co.uk/httpd.www/F...
online448Warning:Cannot
modifyheaderinformation
headersalreadysentby
http://subinsb.com/phpsecureloginsystem
8/17
2/27/2016
CreateMySQLInjectionfreeSecureLoginSysteminPHPSubin'sBlog
headersalreadysentby
(outputstartedat
/customers/2/a/e/muslimnikkah.co.uk/httpd.www/F...
in
/customers/2/a/e/muslimnikkah.co.uk/httpd.www/F...
online1060
Reply Share
SubinSiby
Author >Rassell
18daysago
TryenablingPHP
shorttags:
http://stackoverflow.com/quest...
Reply
Share
Rassell
>Subin
Siby
17
daysago
Ibelievethe
problemwas
thatineededto
addob_start()
atthetopof
thepage,
howevernowi
findwhenever
theuserenters
thetoken.
he/shewilljust
beredirected
tothelogin
pageandafter
theyclicklogin
itwilljustask
themtoenter
thetoken
again.
Reply
Share
Subin
Siby
Author
>
http://subinsb.com/phpsecureloginsystem
9/17
2/27/2016
CreateMySQLInjectionfreeSecureLoginSysteminPHPSubin'sBlog
>
Rassell
17
days
ago
Token
?What
token?
Reply
Share
Rassell
>
Subin
Siby
16
days
ago
Hi
Subin,
How
wouldi
go
about
the
user
getting
a
verification
linkvia
email?
Reply
Share
Subin
Siby
Author
>
Rassell
16
days
ago
http://subinsb.com/phpsecureloginsystem
Please
askthis
inthe
10/17
2/27/2016
CreateMySQLInjectionfreeSecureLoginSysteminPHPSubin'sBlog
inthe
comments
section
of
http://subinsb.com/php
logsys
I'llreply
toyou
there.
Reply
Share
Rassell
>
Subin
Siby
16
days
ago
There
does
not
seem
tobea
comment
section
onthe
page
Reply
Share
Subin
Siby
Author
>
Rassell
16
days
ago
Ihave
fixedit.
The
comments
now
http://subinsb.com/phpsecureloginsystem
11/17
2/27/2016
CreateMySQLInjectionfreeSecureLoginSysteminPHPSubin'sBlog
now
show
up.So,
Please
askthis
inthe
comments
section
of
http://subinsb.com/php
logsys
Reply
Share
ErkanDursun
3monthsago
$site_salt="subinsblogsalt"
hi,whatissite_salt?ididnt
understandthatwhatis
it...andidontknowwhati
changewithsite_salt?...And
thankyouforurthisbasic
loginscript...
Reply Share
SubinSiby
Author >Erkan
Dursun
3monthsago
http://subinsb.com/phpsecureloginsystem
Passwordis
encryptedbyusing
twosalts:
1.Acommonsitesalt
Asaltspecifictothe
website.Itshouldbe
uniqueandshouldn't
bechangedonceset
2.Randomly
GeneratedSaltA
saltisgeneratedby
usingrandomletters.
Thissaltissavedto
DBandisuniquefor
eachuser.
12/17
2/27/2016
CreateMySQLInjectionfreeSecureLoginSysteminPHPSubin'sBlog
eachuser.
Thedifference
betweenthe2saltsis
thatSiteSaltis
commonforallusers.
Reply
Share
Erkan
Dursun
>Subin
Siby
3
months
ago
thankyoufor
yourreply,i
worrythat
whichlogin
systemu
prefer?ihave
simpleweb
site,iwilldo
adminpanelfor
mysiteabout
insert,update,
deletecontents
fromadmin
panel...andi
wannauseur
login
system...u
preferthis
basiclogin
scriptorur
otherscript
thatlogsys...
Reply
Share
Subin
Siby
Author
>
Erkan
Dursun
3
months
ago
http://subinsb.com/phpsecureloginsystem
13/17
2/27/2016
CreateMySQLInjectionfreeSecureLoginSysteminPHPSubin'sBlog
I
recommend
using
logSys,
because
ithas
advan
ed
features,
more
better
security,
admin
panel
and
more...
This
postis
for
getting
intothe
rootof
a
MySQL
injection
free
login
system
andI
wouldn't
recommend
itona
professional
website.
Reply
Share
Agung 3monthsago
Hellothanksforhelp..ihave
problemtherethescreen
capture,mayyoutellmewhat
iswrong?thankyou
http://subinsb.com/phpsecureloginsystem
14/17
2/27/2016
CreateMySQLInjectionfreeSecureLoginSysteminPHPSubin'sBlog
iswrong?thankyou
nicetoknowyou
Reply Share
SubinSiby
Author >Agung
3monthsago
EnablePHPShort
Tag:
http://stackoverflow.com/quest...
Reply
Share
Logx 5monthsago
Ihaveaminiwebstore:D
onlyshowproducts...butI
wantasuperstronglogin
systemlikesuperman:Dand
Ifoundyoursolution
Reply Share
SubinSiby
Author >Logx
5monthsago
Thereisabetter,
advancedlogin
systemwithmany
features(Open
SharingisCaring
LongLiveFree&OpenSourceSoftwares
http://subinsb.com/phpsecureloginsystem
15/17
2/27/2016
CreateMySQLInjectionfreeSecureLoginSysteminPHPSubin'sBlog
Site Links
Me
About
Donate
@SubinSiby
Search
+SubinSiby
Sitemap
RSS
About.Me
Colophon
This blog is created, written and maintained by Subin Siby. It is built on
WordPress and hosted for free by OpenShift. This blog is continuing,
because of the support from you and the donations from others.
I'm not making any money by annoying Ads. So, Please be generous to
consider a donation if you found something helpful.
:-)
Recommended for you
http://subinsb.com/phpsecureloginsystem
16/17
2/27/2016
CreateMySQLInjectionfreeSecureLoginSysteminPHPSubin'sBlog
Uploading An Image
Using AJAX In jQuery
With PHP - Subin's Blog
Check If a Number is
Odd Or Even In PHP &
JavaScript - Subin's Blog
subinsb.com
subinsb.com
subinsb.com
AddThis
http://subinsb.com/phpsecureloginsystem
17/17