[align=center]Create a BASIC login System without MySQL. Includes Security![/align]

Hi everyone,

Notes

My first PHP tutorial so I don't know how this will go

Aims
This is just for people starting out with PHP like I was last year. This is just a simple Tutorial to show you how to create a simple login system using the following:

• $_POST for your forms
  
• md5() to encrypt your passwords
  
• A simple 'IF, ELSE IF, ELSE' system
  

Please note this is not meant for actual use. It is just to help get your head around MD5 hashing and forms with PHP. I wouldn't suggest using it in your actual sites because it uses arrays as a substitute for MySQL.

Tutorial
Okay first we start with our first page. Lets name it 'Login.php.' Input a simple form like this (I am assuming you know this. This tutorial is PHP only):

    

<form action="members.php" method="post">

username <input type="text" name="username" />

pass: <input type="text" name="pass" />

<input type="submit" />

</form>

This is your login form. It will let the user type in their Username's and passwords to gain access to the members area. As you can see with 'Action=members.php' we will need to create our members.php area!

In members.php we will start off by defining our variables:

    

	$_salt = '123'; // OUR SALT FOR MD5 SECURITY PURPOSES

	$tried = $_POST['pass']; // WE WANT TO ENCRYPT THIS

	$_tried = md5(md5($_salt . md5($tried . $_salt) . $_salt));

The first varible:

    $_salt = '123';

Is for our MD5 salt. This will add extra layers for security in order to try and prevent crackers, cracking users passwords.
The second:

    $tried = $_POST['pass'];

is the good part. This is the password from the previous page that the user typed it. It fetches the data and stores it in:

    $tried

The next part is our encrypted password:

    $_tried = md5(md5($_salt . md5($tried . $_salt) . $_salt));

This is encrypting the password submitted with our salt into an MD5 hash. This is so we can match it with the already encrypted passwords in our database or in this case: Array. MD5's can not be reversed and decrypted like other encryption methods. Once they are hashed they can never come back. So when the user signs up it will hash their password using the method and salt above and store it in the array. The code above then checks if the MD5 hash for the password the user typed in on our 'Login.php' page is the same as the one they submitted when they first signed up without actually giving the password away at all.

So now we have our variables and encrypted password we now need our array. The array stores the peoples usernames and passwords. As the password's are sensitive they are encrypted with the same salt and method used above. All the passwords are encrypted before hand to simulate the users having signed up to the actual site:

    

$array = array('sharon' => 'b4259c316cc81e473f8f928c0df40bf8', //TEST

				   'jimmy' => '01db1f6b582049144d17c81bdcf67c70', //TEST2

				   'harry' => 'f185cfc98d858171cc6c9ab2abc7fde7'; //TEST3

As you can see we have all the encrypted passwords for these people before hand. The next piece of code will call these people up one by one and see if both the username and password match what is in the array:

    if($_tried==$array['sharon']&&$_POST['fname']=='sharon' {

		echo 'welcome sharon';

	} else if($_tried==$array['jimmy']&&$_POST['fname']=='jimmy'{

		echo 'welcome jimmy';

	} else if($_tried==$array['harry']&&$_POST['fname']=='harry'{

		echo 'welcome harry';

	} else {

		echo 'incorrect login';

	}

This is a very sloppy way of doing it and I would stress not to use this way for a real login system because of the amount of time it takes to add a new user. It is just to get your head around how MD5 hashing works.

So now as you can see it cycles through trying to match '$_tried' with the encrypted password of the users.

The finished code for login.php is:

    

<?php

//DEFIND ANY VARIABLES

	$_salt = '123';

	$tried = $_POST['pass']; // WE WANT TO ENCRYPT THIS

	$_tried = md5(md5($_salt . md5($tried . $_salt) . $_salt));

	$code = 'b4259c316cc81e473f8f928c0df40bf8';

	////////////////////////////////////////////////

	

	$array = array('sharon' => 'b4259c316cc81e473f8f928c0df40bf8', //TEST

				   'jimmy' => '01db1f6b582049144d17c81bdcf67c70', //TEST2

				   'harry' => 'f185cfc98d858171cc6c9ab2abc7fde7'; //TEST3

				   

	if($_tried==$array['sharon']&&$_POST['fname']=='sharon' {

		echo 'welcome sharon';

	} else if($_tried==$array['jimmy']&&$_POST['fname']=='jimmy'{

		echo 'welcome jimmy';

	} else if($_tried==$array['harry']&&$_POST['fname']=='harry'{

		echo 'welcome harry';

	} else {

		echo 'incorrect login';

	}

?>

Sorry for the sloppiness of this tutorial. Was a bit rushed for time. Should you have any questions just post in the comment section BELLLOWWWW. :smile:.

-Poppins