Post: Simple PHP Authentication System (MySQL not required)
03-09-2016, 07:33 PM #1
JB
[i]Remember, no Russian.[/i]
(adsbygoogle = window.adsbygoogle || []).push({}); So as people seem to have been struggling to write an authentication/login system in PHP, I've written a super simple PHP authentication script that doesn't make use of MySQL (I did say it was simple, after all).

All you need to do is edit the $config array to set "loginUsername" and "loginPassword" to the values you require, and replace "Access granted" at the bottom of the script with your web app source code (or just include it). Note that ideally you should only use this to learn the basics of authentication and code standards, and probably shouldn't use this on a live system (it'll protect it, but it only supports a single login and the password is plaintext in the source). It can be easily modified to work with a MySQL database, but I'll let you all have a play with it.

    <?php

session_start();

$config = [
'loginUsername' => 'JB',
'loginPassword' => 'jb da bes'
];

$message = '';

if (
(
! isset($_POST['loginUsername']) ||
! isset($_POST['loginPassword'])
) &&
isset($_POST['loginSubmit'])
) {
$message = 'Invalid Request';
}

if (
(
(
$_POST['loginUsername'] !== $config['loginUsername'] ||
$_POST['loginPassword'] !== $config['loginPassword']
) ||
(
$_SESSION['loginUsername'] !== $config['loginUsername'] ||
$_SESSION['loginPassword'] !== $config['loginPassword']
)
) &&
isset ($_POST['loginSubmit'])
) {
$message = 'Invalid Credentials';
}

if (
(
$_SESSION['loginUsername'] !== $config['loginUsername'] ||
$_SESSION['loginPassword'] !== $config['loginPassword']
) &&
(
$_POST['loginUsername'] !== $config['loginUsername'] ||
$_POST['loginPassword'] !== $config['loginPassword']
)
) {
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">

<title>Authentication Required</title>

<!-- Bootstrap CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">

<!-- Bootstrap JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js" integrity="sha384-0mSbJDEHialfmuBBQP6A4Qrprq5OVfW37PRR3j5ELqxss1yVqOtnepnHVP9aJ7xS" crossorigin="anonymous"></script>

<!-- Custom styles for this template -->
<style type="text/css">
body {
padding-top: 40px;
padding-bottom: 40px;
background-color: #eee;
}

.form-signin {
max-width: 330px;
padding: 15px;
margin: 0 auto;
}
.form-signin .form-signin-heading,
.form-signin .checkbox {
margin-bottom: 10px;
}
.form-signin .checkbox {
font-weight: normal;
}
.form-signin .form-control {
position: relative;
height: auto;
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
padding: 10px;
font-size: 16px;
}
.form-signin .form-control:focus {
z-index: 2;
}
.form-signin input[type="email"] {
margin-bottom: -1px;
border-bottom-right-radius: 0;
border-bottom-left-radius: 0;
}
.form-signin input[type="password"] {
margin-bottom: 10px;
border-top-left-radius: 0;
border-top-right-radius: 0;
}
</style>

<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div class="container">
<form class="form-signin" method="post">
<h2 class="form-signin-heading">Please sign in</h2>
<?php if ($message !== ''Winky Winky { ?>
<div class="alert alert-danger"><?=$message?></div>
<?php } ?>
<label for="loginUsername" class="sr-only">Username</label>
<input type="text" id="loginUsername" name="loginUsername" class="form-control" placeholder="Username" required autofocus>
<label for="loginPassword" class="sr-only">Password</label>
<input type="password" id="loginPassword" name="loginPassword" class="form-control" placeholder="Password" required>
<input type="submit" class="btn btn-lg btn-primary btn-block" name="loginSubmit" value="Sign in">
</form>
</div> <!-- /container -->
</body>
</html>
<?php
exit;
}

if (
(
$_SESSION['loginUsername'] !== $config['loginUsername'] ||
$_SESSION['loginPassword'] !== $config['password']
)
) {
$_SESSION['loginUsername'] = $config['loginUsername'];
$_SESSION['loginPassword'] = $config['loginPassword'];
}

?>

Access granted

The following 2 users say thank you to JB for this useful post:

CyberNomadic, Specter
03-09-2016, 08:05 PM #2
CyberNomadic
Web Developer
Verry simple JB :fa:
Good work.., for second there I was like "WTF!?!?? NO SANITIZATION!?" Then I remember its SQLess.. haha, noice m8.

*A word of advice*
this is ment for 'simple' environments as JB has said. Don't go crazy with it.

The following user thanked CyberNomadic for this useful post:

JB
04-22-2016, 10:23 AM #3
Danny
Hurah!
Originally posted by JB View Post
So as people seem to have been struggling to write an authentication/login system in PHP, I've written a super simple PHP authentication script that doesn't make use of MySQL (I did say it was simple, after all).

All you need to do is edit the $config array to set "loginUsername" and "loginPassword" to the values you require, and replace "Access granted" at the bottom of the script with your web app source code (or just include it). Note that ideally you should only use this to learn the basics of authentication and code standards, and probably shouldn't use this on a live system (it'll protect it, but it only supports a single login and the password is plaintext in the source). It can be easily modified to work with a MySQL database, but I'll let you all have a play with it.

    <?php

session_start();

$config = [
'loginUsername' => 'JB',
'loginPassword' => 'jb da bes'
];

$message = '';

if (
(
! isset($_POST['loginUsername']) ||
! isset($_POST['loginPassword'])
) &&
isset($_POST['loginSubmit'])
) {
$message = 'Invalid Request';
}

if (
(
(
$_POST['loginUsername'] !== $config['loginUsername'] ||
$_POST['loginPassword'] !== $config['loginPassword']
) ||
(
$_SESSION['loginUsername'] !== $config['loginUsername'] ||
$_SESSION['loginPassword'] !== $config['loginPassword']
)
) &&
isset ($_POST['loginSubmit'])
) {
$message = 'Invalid Credentials';
}

if (
(
$_SESSION['loginUsername'] !== $config['loginUsername'] ||
$_SESSION['loginPassword'] !== $config['loginPassword']
) &&
(
$_POST['loginUsername'] !== $config['loginUsername'] ||
$_POST['loginPassword'] !== $config['loginPassword']
)
) {
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">

<title>Authentication Required</title>

<!-- Bootstrap CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">

<!-- Bootstrap JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js" integrity="sha384-0mSbJDEHialfmuBBQP6A4Qrprq5OVfW37PRR3j5ELqxss1yVqOtnepnHVP9aJ7xS" crossorigin="anonymous"></script>

<!-- Custom styles for this template -->
<style type="text/css">
body {
padding-top: 40px;
padding-bottom: 40px;
background-color: #eee;
}

.form-signin {
max-width: 330px;
padding: 15px;
margin: 0 auto;
}
.form-signin .form-signin-heading,
.form-signin .checkbox {
margin-bottom: 10px;
}
.form-signin .checkbox {
font-weight: normal;
}
.form-signin .form-control {
position: relative;
height: auto;
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
padding: 10px;
font-size: 16px;
}
.form-signin .form-control:focus {
z-index: 2;
}
.form-signin input[type="email"] {
margin-bottom: -1px;
border-bottom-right-radius: 0;
border-bottom-left-radius: 0;
}
.form-signin input[type="password"] {
margin-bottom: 10px;
border-top-left-radius: 0;
border-top-right-radius: 0;
}
</style>

<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div class="container">
<form class="form-signin" method="post">
<h2 class="form-signin-heading">Please sign in</h2>
<?php if ($message !== ''Winky Winky { ?>
<div class="alert alert-danger"><?=$message?></div>
<?php } ?>
<label for="loginUsername" class="sr-only">Username</label>
<input type="text" id="loginUsername" name="loginUsername" class="form-control" placeholder="Username" required autofocus>
<label for="loginPassword" class="sr-only">Password</label>
<input type="password" id="loginPassword" name="loginPassword" class="form-control" placeholder="Password" required>
<input type="submit" class="btn btn-lg btn-primary btn-block" name="loginSubmit" value="Sign in">
</form>
</div> <!-- /container -->
</body>
</html>
<?php
exit;
}

if (
(
$_SESSION['loginUsername'] !== $config['loginUsername'] ||
$_SESSION['loginPassword'] !== $config['password']
)
) {
$_SESSION['loginUsername'] = $config['loginUsername'];
$_SESSION['loginPassword'] = $config['loginPassword'];
}

?>

Access granted


Cheers dude Smile

The following user thanked Danny for this useful post:

JB

Copyright © 2024, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo