Dodona gives you answers

P.U.L.S.

with 75 comments


UPDATE: P.U.L.S. is no lomger under active development. Instead I am working on Spike, a Content Management System. Spike is a flexible CMS with a bite. For webdesigners and their clients. Designers get total freedom, clients an intuitive interface with no chance to mess up. Subscribe to our mailinglist and be one of the the first to try it when it’s released.


P.U.L.S means PHP User Login Script and is a PHP scritp I wrote which enables users to register and then login to a website or -page. I tried to make it secure, user friendly and developer friendly.

Features

  • Secure: passwords are sent to the server encrypted using javascript
  • Secure: passwords are stored encrypted on the server so the original password can never be found
  • Secure: registration page is protected with Captcha (optional, can be switched on or off in the config file)
  • Secure: All input is checked and filtered using the PHP FILTER_SANITIZE_STRING filter
  • User friendly: users can reset their password using e-mail in case they forgot their password (optional, can be switched on or off in the config file)
  • User friendly: users can change their settings
  • User friendly: remember me feature remembers user when he/she returns to the website
  • Developer friendly: you can leave the P.U.L.S. files in their puls directory and protect any php page on your server with it.
  • Developer friendly: all HTML files are in a separate directory (called “html”); no need to change the programming code in order to change the design
  • Developer friendly: separate language files for text wich is not in the HTML pages; make your own translation easily
  • Developer friendly: all configuration in one file (located in “includes”, called “config.php”)
  • Developer friendly: open source!

Requirements

  • Knowledge of installing PHP scripts and MySQL tables (I won’t help you!)
  • Apache web-server running Linux (might work on other servers as well, but didn’t test it)
  • PHP >= 5
  • Captcha functionality requires for GD library (greater than gd-1.6) and FreeType library to be installed with PHP
  • MySQL

Dowload P.U.L.S. (80 KB)

Try the demo

To be able to log in to the demo, you have to create an account first using the “join” link below the log-in form.

(Users in the demo are deleted from the database on a irregular basis)

Please rate P.U.L.S. at Hotscripts.com

Possible future additions

P.U.L.S. is no longer under active development. I am now working on a new Content Management System called Spike. Subscribe to our mailinglist and be one of the the first to try it when it’s released.

P.U.L.S. is based on a script I found on evolt.org by jpmaster77 (http://evolt.org/php_login_script_with_remember_me_feature).
The script also contains code by Paul Johnston (http://pajhome.org.uk/crypt/md5) and http://www.finalwebsites.com/snippets.php?id=39

P.U.L.S. is released under the GNU General Public License

Written by lutsen

September 9, 2008 at 12:46 pm

75 Responses

Subscribe to comments with RSS.

  1. Hi,
    This is the most comprehensive and easy to set up login system available on the net. Congrats !

    I wanted to know if its possible to incorporate
    user logs in some way as possible with process.php part
    of the evolt.org solution. To log user visits based on their username/password and perhaps time of visit.

    would appreciate your help on this,
    Thanks,
    gaurav

    gaurav

    November 8, 2008 at 3:12 am

  2. Thank you – P.U.L.S. seems very elegant and I look forward to digging in to the code. Thanks again.

    Travis

    November 13, 2008 at 11:32 pm

  3. Hi. I’ve installed your puls script and it works just fine, great script. But after a couple of mods, it doesn’t work with explorer 7. I’m unable to login or register. Any idea?

    Thanks

    francois

    November 14, 2008 at 1:04 am

  4. Hi Francois. I’m a Mac user myself, but have used the script for (PC using) clients as well, and I haven’t heard of the problem yet. One thing I can think of is that you changed the $encryption_string in the config.php file after installing? (You shouldn’t do that)

    lutsen

    November 14, 2008 at 9:37 am

  5. Hi Gaurav, nice to hear you like PULS.
    At this moment the last time someone logs in is already logged in the lastdate column of the users table. Only for some strange reason I can’t remeber these dates are in the Unix timestamp format which is not very human-readable… I should change that some time.
    It would ofcourse be possible to log all visits by adding some code and a datbase table, but I’m rather busy right now so I’m afraid I won’t have time to add that feature soon. Maybe you can give it a try😉 ?

    UPDATE: I changed the dates in the database to a human readable format.

    lutsen

    November 14, 2008 at 3:00 pm

  6. I’ve been leafing through PULS all morning and so far, I think it’s wonderful. I have one question – why use Javascript encryption instead of PHP encryption? It seems like non-js users are shut out, while savvy users could alter the js data using Firebug or a similar tool.

    Travis

    November 14, 2008 at 4:45 pm

  7. Hi Travis. The Javascript is used for the client-side encryption. The password you type when you log in is encrypted in your browser using Javascript before it is sent to the server. Only using PHP for encryption would mean the password would be sent to the server unencrypted and therefore would be less secure.
    An alternative would be to use SSL (https), but I wanted to make a secure login script while using a “normal” http connection.

    lutsen

    November 15, 2008 at 6:41 pm

  8. Cool script! Is there an admin section to manage and administer users?

    Tim

    November 26, 2008 at 11:03 pm

  9. Hi Tim. No, there is no admin section (yet). If you want to mangage users, for now you have to do so directly in the database, for example by using phpMyAdmin (www.phpmyadmin.net).

    lutsen

    November 27, 2008 at 3:44 pm

  10. for some odd reason on mine it lets people log on even if they are not registered. You can type in any made up username and password to get in. Join works, mysql working fine.
    http://www.barflya.com/test

    Paul

    December 16, 2008 at 6:33 pm

    • Hi Paul, did you include the code in the README file needed to protect your page(s) in the top of every page you want to protect? I noticed I can acces the page the login form is pointing to without logging in at all, by just directly pasting the URL of this page in my browser.

      lutsen

      January 13, 2009 at 8:40 pm

  11. A very much needed script.
    A great feature for this would be to allow it to be used with existing databases.
    For example, how difficult would it be to remove the ‘registration’ feature, and change the log-in to use the existing database for PHPBB (Message board software). If the login failed, users could be re-directed to the PHPBB registration page.

    Pewe

    December 22, 2008 at 12:33 am

  12. Hi Pewe. Interesting idea. I will keep it in mind, and maybe look in to it if I have some time (which won’t be very soon I’m afraid…)

    lutsen

    December 22, 2008 at 9:23 am

  13. Hello Lutsen,

    Thank you for creating this script.

    I am currently installing on an Apache v2.2, PHP 5.x & MySQL 5.x box. When calling the index.php page, I get the following errors:

    Notice: Undefined variable: alertArr in C:\Inetpub\domain.com\html\puls\login.php on line 72

    Notice: Undefined index: pass_field in C:\Inetpub\domain.com\html\puls\login.php on line 74

    Do you have a forum or a FAQ that could answer why I am getting these errors?

    Thank you for your time.
    James.

    James Stoffel

    December 30, 2008 at 1:34 am

    • I confirm with Lutsen of the errors he is getting.
      My config win32
      – Apache 2.2.11
      – MySQL 5.1.36
      – PHP 5.3.0

      jay

      November 3, 2010 at 1:00 am

    • Modify php.ini

      in:
      error_reporting = E_ALL & ~E_NOTICE

      edisonverde

      May 7, 2015 at 7:19 pm

  14. Hi Lutsen, het script ziet er geweldig uit en ik wil het graag gaan gebruiken, maar er gaat iets mis. Ik heb de config ingevuld, en de mysql query gedraaid (twee tabellen gemaakt), maar het script zendt geen info naar de database. Ik weet dat je niet helpt bij install-sores, maar …😉
    vriendelijke groet
    Henk

    Henk Blanken

    January 6, 2009 at 11:21 pm

    • Hi Henk (yes I’m dutch too, but for more people to be able to understand this my reply is in english), can you be more specific about what’s happening? Does the mySQL user have enough rights? Do you get any error messages?

      And you’re right, I can’t help anybody who is having trouble installing the script, but if you post a comment it might be answered. But this might take some time, or it might not be answered at all. I’m a busy man you know😉

      But if anybody else knows an answer to someone’s problem, feel free to post a reply to!

      lutsen

      January 13, 2009 at 8:29 pm

  15. Hello Lutsen,

    Figured out the issue previously – had to do with the PHP.ini on the webhost server. Fixed with no error.

    However, after logging in via login.php, the page goes blank and the URL doesn’t change. I’ve checked the config file and the paths the URL and DB are correct. Any suggestions? Anybody?

    Thank you again, for your time and this script.
    James.

    James Stoffel

    January 13, 2009 at 4:55 pm

  16. Hi Lutsen, thnx for the reply. Right now I’m trying out anonther script that’s not as fancy as yours (no java, for instance), but seems to work. But I might be back. Ciao.

    Henk Blanken

    January 14, 2009 at 9:21 am

  17. Thanks a bunch for helping me cut down on development time!

    Jared

    January 30, 2009 at 8:24 pm

  18. Hi lutsen,

    Great script!
    Saved me alot of time.

    Thanks alot!

    Crazy Madness

    February 2, 2009 at 1:15 am

  19. Great script, works well.

    For those who are not able to secure your page, I suggest you check your path again.

    Ani

    March 5, 2009 at 4:16 pm

  20. Is it possible to redirect different users to different pages once they have logged with this script?

    Phil

    March 15, 2009 at 12:36 am

    • Hi Phil, no, this is not possible by default at the moment, but you could change the script to work like this using the user ID in the database.

      lutsen

      March 16, 2009 at 9:49 am

  21. Very nice script, I had to change all references to HTTP_SERVER_VARS to _SERVER. I’m no PHP guru, but on my fedora box HTTP_SERVER_VARS returned an empty string.

    Chris

    March 29, 2009 at 10:31 am

    • Hi Chris, you’re right! HTTP_SERVER_VARS is not supported in PHP 5. I will try to update this soon!

      UPDATE: I changed this. Script now uses $_SERVER instead of $HTTP_SERVER_VARS

      lutsen

      March 30, 2009 at 8:40 am

  22. Hi Lutsen,
    I’m having the same problem as Paul. My login page goes through no matter what username or password I type.

    I cannot see where the username and password is tested in login.php:

    // check for errors
    $alertArr = array();

    if(!$_POST[‘user’]) $alertArr[] = $ALERT[‘USER_NO’];
    if (!$_POST[‘pass_field’]) $alertArr[] = $ALERT[‘PASS_NO’];

    // clean up
    $_POST[‘user’] = cleanString($_POST[‘user’], 30);
    $_POST[‘pass_field’] = ”;
    $_POST[‘pass’] = cleanString($_POST[‘pass’], 40);
    $_POST[‘salt’] = ”;
    $_POST[‘key’] = ”;

    if (count($alertArr) == 0) {

    // Username and password correct, register session variables

    Can you please show me which function here verifies the username and password in the database?

    Thank you.

    Jason

    April 1, 2009 at 3:27 am

    • Hi Jason,
      You solution is probably the same as Pauls as well. The login.php does not check if your login is correct. It only registers the session variables, and redirects you to a protected page. On this page you are redirected to (and other protected pages) it is checked if you are actually a regitered user. If not, you are redirected back to the login.php page. This is how it should be set up (copied from the included readme file):

      You can leave the P.U.L.S files in the puls directory and protect any php page on your server with it.
      Copy this code to the top of every PHP page:

      // ### check login start ###
      session_start();
      session_regenerate_id(true); // Generate new session id and delete old (PHP >= 5 only)
      include_once(“includes/check.php”); // Change this to the right path
      // ### check login end ###

      “index.php” in the puls directory is an example of this.

      NOTE: Make sure to change the path to the check.php file to the right path, depending on the location of the page you want to protect.
      For example, if the page you want to protect is in the directory “pages” and the P.U.L.S. files are in the puls directory (and both the pages and puls directory are in the www root), the right path would be: include_once(“../puls/includes/check.php”);

      So check.php is the file that actually checks if you entered the right username and password. That’s why it should be included in every page you want to protect.

      lutsen

      August 19, 2009 at 3:03 pm

  23. it seems to log users out automatically pretty fast.

    any idea, how to keep the connection alive for more than an hour ?

    Thanks

    Jarod

    April 20, 2009 at 6:54 am

    • Hi Jarod,
      In the default PHP configuration, PHP sessions do not expire. This can be changed in the configuration settings using the session.cookie_lifetime variable. Maybe in your case this has been set to an hour? Also, if you quit your browser you are automaticly logged out, unless you selected the “Remember me next time” option when you log in.

      lutsen

      April 20, 2009 at 9:44 am

  24. Thanks so so much Lutsen for that very quick reply.
    Your script is awesome. still testing it out, and once it goes live, I will definitely make a donation.

    1 last question, Is there a way to authenticate the user ?

    For example, once he registers.
    He must go to his email , click on some validate link, and success.

    Thanks once again.

    Jarod

    April 20, 2009 at 3:03 pm

  25. This script seems so well done! Unfortunately I am having an issue getting it to work. Not sure if it matters, but I am using XAMPP on windows. I keep getting this error just after I installed the script:

    Warning: include_once(/your/server/path/to/puls/html/html_login.php) [function.include-once]: failed to open stream: No such file or directory in C:\Documents and Settings\admin\Desktop\Muttr Database\xampp\htdocs\puls\login.php on line 77

    Warning: include_once() [function.include]: Failed opening ‘/your/server/path/to/puls/html/html_login.php’ for inclusion (include_path=’.;C:\Documents and Settings\admin\Desktop\Muttr Database\xampp\php\pear\’) in C:\Documents and Settings\admin\Desktop\Muttr Database\xampp\htdocs\puls\login.php on line 77

    Any help would be greatly appreciated! I have not been able to find much help on this error, even via google.. lol.

    Nate

    April 28, 2009 at 9:26 am

    • Hi Nate,
      You should configure the HTML_PATH variable in the config.php file to match the path to the html folder in your puls installation.

      lutsen

      April 28, 2009 at 9:39 am

      • wow, i feel dumb😦 thanks for pointing the obvious out to me lol.. sorry its 4am here😛

        Nate

        April 28, 2009 at 9:43 am

      • Hi,
        Done this but still getting the following.

        Warning: include_once(www.vats.co.in/puls/html/html_refresh.php) [function.include-once]: failed to open stream: No such file or directory in C:\inetpub\vhosts\vats.co.in\httpdocs\puls\includes\check.php on line 85

        Warning: include_once() [function.include]: Failed opening ‘www.vats.co.in/puls/html/html_refresh.php’ for inclusion (include_path=’.;./includes;./pear’) in C:\inetpub\vhosts\vats.co.in\httpdocs\puls\includes\check.php on line 85

        Kinshuk Tyagi

        January 11, 2013 at 10:26 pm

  26. Love the script and am able to getting everything working except, when a user does not enter the correct username & password, there is no ALERT that is displayed. Any simple way of doing this?

    Thank you for the great work!

    Williams

    May 7, 2009 at 8:25 pm

    • i’m havin the same problem. for some reason login.php calls functions.php and functions gives back a 2, but then check.php calls functions again and this time functions gives a 0 which gives you clearance if you had the password correct.

      marin

      June 2, 2009 at 9:58 pm

      • Hi Marin and Williams,

        As you submit the login form, login.php is reloaded, and if the login is correct you are redirected to the “Success” page. Because the form works this way, it checks if the login is correct every time the page is loaded. So also the first time the page is loaded. The first time offcourse no correct login is submitted, thus the 2 errors. These are not displayed to not confuse the user (since he did not submit anything yet). So yes, this behaviour is intended, and yes, this makes it difficult to display an error message when the wrong password is submitted. But offcourse you’re free to change the code so it will be possible to display a “wrong password or username” message😉

        lutsen

        June 3, 2009 at 11:46 am

      • any suggestions for how to do this? it has been driving me crazy – i can’t seem to get it to work. I need an error message for the incorrect password.

        Gillian

        June 8, 2009 at 8:55 pm

  27. Hi, mi site is beeing construcced as we speak, but I need a user login and this script looks great…. one problem though…
    Nothing is inserted into the database, I know a little about php and everything seems ok with the check.php and the config.php the dbname dbuser dbserver, etc… after registration the screen goes white and database still empty. Don’t know why. check http://valterna.es/info.php for php’s info and puls’ is on valterna.es/puls

    thanks in advance

    pedro

    June 28, 2009 at 9:54 pm

    • Hi Pedro,

      You need to set up the MySQL datbase for the script to work. This can be done with phpmyadmin for example, or with the control panel on your webserver. Then you have to install two tables in the database you created. The code for this is in the “database.sql” file. Also make sure the right database information is in your “config.php” file in the “includes” folder.

      lutsen

      June 29, 2009 at 9:13 am

  28. all of that is already there, database is configured with the database.sql and the cofig.php is good as well, but don’t worry I’ll try to figure it out. Thanks.

    pedro

    June 29, 2009 at 3:42 pm

  29. On the main registration page, I keep getting “you did not fill in the right captcha code”, even though I did. Any ideas?

    Alison

    July 24, 2009 at 5:12 am

  30. Just want to know if this can be included on commercial scripts? I have a an commercial app developed for a social network script but wanted to make it stand alone, but need auth module for it.

    David

    August 14, 2009 at 8:54 am

    • Hi David,

      PULS is published under the GNU GENERAL PUBLIC LICENSE (http://www.gnu.org/licenses/licenses.html). Simply said, this means the software is free in the way that you can do with it whatever you want, as long as you provide other people with the same freedom you have relating the software. More specificly, this means you have tor release the source code of the script you created using PULS, just as I did with PULS. But the license does NOT mean you can’t charge any money for your script (more about this here). So yes, it can be included in commercial scripts, as long as you release the source-code of the scripts it’s included in.

      lutsen

      August 19, 2009 at 2:44 pm

  31. Fatal error: Call to undefined function filter_var() in /usr/home/forwho/web/includes/functions.php on line 67

    i can’t figure out whats wrong😦

    eman

    August 18, 2009 at 10:39 am

    • Hi Eman,

      The filter_var function is only available in PHP 5.2.0 and upwards. So it seems you need to upgrade your installation of PHP, or find/write an alternative function, or simply comment out line 67. But the last option will make the script less secure!

      define(’DB_PREFIX’, ”); defines a prefix for all the table names used by PULS. This is usefull if you can’t create a seperate table for PULS in your database. By defining a prefix all table names related to PULS start with this prefix. So if your prefix is ‘PULS_’, the ‘users’ table has to be named ‘PULS_users’ and the ‘forgot’ table should be named ‘PULS_forgot’, and you can have aonther table called users in your database which can be used by another application.

      lutsen

      August 19, 2009 at 2:20 pm

  32. and what i need to write in this area?

    define(‘DB_PREFIX’, ”);

    eman

    August 18, 2009 at 10:40 am

  33. Great code thanks.
    However, some possible security issues exist. I am not trying to impose or anything close to it in that matter.
    When INSERT (ing) into DB in both forgot.php and register.php files one should never use name of the database explicitly in the code, but rather use a variable and preferably $_GET[‘value’]. So instead of using “thisDB” use $thisDB and hide the variable value in the non-accessible hidden file.

    PR

    October 29, 2009 at 12:18 am

  34. Also, I forgot to mention. It is a HUGE security issue when storing passwords in the session cookie. Why would one want to do so? This code is unusable for some web sites where sensitive information might be used to hack. This needs to be modified.

    PR

    October 29, 2009 at 12:30 am

    • @PR: Thanx for the comments. I’ll have a look at your first comment in the next version of the code. About your second comment; only an encrypted version of the password is stored in the cookie, not the password itself. And the key with which the password is encrypted changes every session. Maybe I’ll add an option in the config file to disable the remember-me feature for people who think it’s a risk, but I think it’s pretty secure this way.

      lutsen

      October 29, 2009 at 9:33 am

      • Lutsen – thanks for your reply. However, I must disagree with you on that comment about encrypted password being stored in the cookie – it should not be stored anywhere but the DB with MD5 and HASH and SSL – if information stored is sensitive: i.e. personal info, addresses, card #’s, etc.

        PR

        October 29, 2009 at 11:22 pm

      • @PR: I agree it’s most safe to only store the password in the DB. But to use the remeber-me feature something has to be stored localy. It’s a choice between more security or a better user experience I guess. And its up to the developer to choose the method most appropriate for his/her website.

        lutsen

        November 2, 2009 at 10:19 am

  35. Please take my critiques as a helpful venue. But I have found a major problem with your whole software, which makes it obsolete for any level of DB access – it does not contain “mysql escape string.” Major problem that WILL BE a hacker’s paradise also called a – MYSQL injection. Please make a note of it.

    PR

    November 11, 2009 at 10:22 pm

    • PHP 5 does this by default unless you turn it off.🙂

      Chris

      February 1, 2010 at 8:18 am

  36. Hi Lusten,

    Thank you – this script saved me a lot of time.

    But somehow I did not like the comparison of password when registering. After changing variables “pass_1” and “pass_2” to “pass1” and “pass2” was all OK. These are files change.php, register.php and reset.php.
    This bug is also in the demo on this page.

    Nicol

    February 27, 2010 at 5:22 pm

    • Hi Lutsen, nice script… Five stars!! Thanks😉

      Hi Nicol, same bug here… on the P.U.L.S. registration page, does not work correctly the “Retype password”. Make a simple test by performing a new account, after typing any password, write other password (different from the first) on field “Retype password”. You will get the successful register, but the form not validate if the first password typed is equal to the second.

      Thanks again.

      Mark Wilson

      March 20, 2010 at 10:37 pm

  37. Hi,

    Thanks for this compact login script! Is there a way to call the script from a php file in such a way that it does not redirect to the login page but only checks whether login is correct. What I want is a page that is normally shown to anonymous users and shows additional items to users that are logged in, without automatically redirecting to the login page. Any ideas?

    Chris

    March 9, 2010 at 12:58 pm

  38. I have changed the scripts to work with ADOdb, interested?

    Richard Reijmers

    March 18, 2010 at 11:33 am

  39. Regarding password checking – The problem is that the passwords will always be equal so long as the length is the same – The code is checking a password field which if you echo it shows as a series of dashes – at present – it is the dashes that are being checked not the real submitted passorrd – this is why different legths don’t get through but different words of the same length do.

    Andy

    May 25, 2010 at 8:18 pm

    • Ooopsss… You are right. When registering the password is not properly checked. The dashes were put in for cosmetical reasons. If the password is encrypted using Javascript the password string will become longer and this (allthough correct), I think looks strange in the password field. To solve this in the Javascript function doRegister() I added a fake password to replace the encrypted string. The fake password is the same length as the original password, so this looks better. But what happens now is that both the first and second password are replaced by dashed and checked after that. This of course should happen before. And the second password doesn’t even have to be the same length. In fact it doesn’t even have to be filled in, because before checking it is replaced by the fake password, so it will allways check out right. I will try to fix this right away as soon as possible, but I don’t know when that will be I am afraid. I am rather busy right now.

      lutsen

      May 25, 2010 at 9:58 pm

  40. Great Script!!!! best, fastest, easist on the net!!!!
    I’m planning on digging in and creating a web app using your login script… thanks for the HUGE help😉 (Don’t have to right the part myself)

    God BLess,
    Jeremy

    Jeremy

    June 2, 2010 at 1:48 am

  41. I’m trying to install this on a local box for development before I upload & I’m getting the following errors:

    Notice: Undefined variable: alertArr in /var/www/test_site/puls/login.php on line 72

    Notice: Undefined index: pass_field in /var/www/test_site/puls/login.php on line 74

    Warning: include_once(html_login.php): failed to open stream: No such file or directory in /var/www/test_site/puls/login.php on line 77

    Warning: include_once(): Failed opening ‘html_login.php’ for inclusion (include_path=’.:/usr/share/php:/usr/share/pear’) in /var/www/test_site/puls/login.php on line 77

    Does anyone now why I’m getting these?

    Thanks

    Louis

    June 24, 2010 at 4:04 am

  42. I don’t want to use the md5 encryption because I am not transferring personal data, just a username and membership number. Is there a way to stop it using md5?

    Yehuda Brynin

    September 27, 2010 at 4:59 pm

    • Hi Yehuda, this option is not included by default, since it’s meant to be a secure script, but you’re free to modify the script to your likings😉

      lutsen

      September 27, 2010 at 5:06 pm

  43. Hi,

    I’m looking for a simple, free and open-source user management system for several web sites that I run. I’m looking at PULS, but I’ve got a general question:

    Can any system that relies on having a few lines of code added to each protected web page protect non-executable files, such as images, CSS files, files to be downloaded etc.? If so, how?

    If not, would it not be better to have a system that uses, maybe as well as the currently used techniques, the Apache htaccess method? This would have the additional benefit that every page and every other file in a whole directory sub-tree (everything beneath the directory containing the .htaccess file) would be automatically protected without making any changes to the files at all.

    I know there are things you can’t do with .htaccess, but for simple protection it seems a good way to go.

    What do you think?

    Rowan

    Rowan

    October 10, 2010 at 2:30 pm

  44. Is it possible to call the checkLogin() within another function?

    I have a menu and I only want guests to see 2 links, and registered users to see more.

    Is there a way I can do if(checkLogin() == 1) …

    Thanks!

    mike

    October 20, 2010 at 4:07 am

  45. Is it possible to protect all pages in a folder without having to put the code at the head of every page?

    Keith

    February 10, 2011 at 10:47 pm

  46. Hello
    Very nice script.

    I want to remove password encryption (no sha1, no md5) to get passwords in clear in the database.
    I try to modify the script but I dont suceed (too many parameters to remove the encryption).
    Could you make a version without encryption ? or tutorial

    Thank you very much

    Paul

    March 10, 2011 at 1:31 am

    • @Paul: Thanks for your appreciation!
      I won’t be making a version without encryption for the script, sorry. I have 2 reasons for that:
      – It is very unsafe not to encrypt the passwords and I wanted to create a safe script.
      – I have other priorities right now so I can’t spend any time on the script at the moment.

      lutsen

      March 10, 2011 at 9:43 am

  47. Hi, very nice script since i was looking for a secure, php/mySQL login script , i had to adjust the include_once since it gave me warnings all time, such as
    Warning: include_once() [function.include-once]: URL file-access is disabled in the server configuration in
    so i just used require_once($_SERVER[‘DOCUMENT_ROOT’].’/src/includes/check.php’); instead
    and it worked,
    I translated it to swedish language so if anyone interested just shout out.

    jari heiskanen

    August 2, 2011 at 8:59 am

  48. 10 bucks via Paypal to whoever helps me install this into my website, I’m a noob. piko[at]@mail386.com

    Matic Mqss

    August 9, 2011 at 11:31 am

  49. Has anyone added code to fix the matching password issue at registration? When I test it, it still allows mis-matching passwords and just takes the first one.

    Also, when you don’t login correctly it goes back to the login page but there’s no error message like “Userid or password incorrect” So it makes it look like the system is not working (people will blame the system before they blame themselves). Is there a way to add this if a login returns invalid? Specific details please, I’m still a novice at PHP. THANKS!

    KMF

    October 19, 2011 at 7:26 pm


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: