panique / php-login-minimal Goto Github PK

Hello. I've installed it just the way you told me to but as soon as i try to log in or register i get this message:
"Fatal error: Class 'mysqli' not found in C:\Users\pontus.jarl\PhpstormProjects\loginSystem\classes\Login.php on line 55"

It says the same thing on register but then it says :
"Fatal error: Class 'mysqli' not found in C:\Users\pontus.jarl\PhpstormProjects\loginSystem\classes\Registration.php on line 69"
I tried the advanced one and that one worked flawless until i came to the mail thing as i dont really know how to fix the mail thing as i've never worked with smtp before. Either way. Thank you in advance.

Hi
At first let me say thanks for your great codes.
I was looking around and saw this

 $sql = "SELECT * FROM users WHERE user_name = '" . $user_name . "' OR user_email = '" . $user_email . "';";
$query_check_user_name = $this->db_connection->query($sql);

                if ($query_check_user_name->num_rows == 1) {
                    $this->errors[] = "Sorry, that username / email address is already taken.";

line (91 to 95) of classes\Registration.php

What if the user and also the email where exist ? i suggest to use
if ($query_check_user_name->num_rows > 0) {

Let me know if its a good idea

Within the read me you mention a bug that makes mySQL5 a requirement due to PDO issues.

Within the scripts however you are using mySQLi. Ideally the proper PDO functions should be used. This would also allow for the script to work with other database engines such as postgres with minimal changes.

Hey, I was just wondering if this is still up to date because the last commit was over a year ago. Is this still secure and all of that or is it vulnerable? I am basically asking if I can use this as an example to learn from, to see how it should be done securely.

Seems like there is a error with the session_start(); when i insert the code:

if (!isset($_SESSION)) {
echo 'session not set';
} else {
echo print_r($_SESSION, true);
}

Aparently there is no session set, but when i insert session_start(); occurs another error :
A session had already been started - ignoring session_start()

Somebody please help me.

I was playing around with this code on a shared Dreamhost account and I got the error below.

Warning: session_start(): open(/tmp/sess_ayMdXoBWZJLulJ43Ha5sk3, O_RDWR) failed: Permission denied

/classes/Login.php on line 29

I fixed this by creating a tmp folder in my home directory. I'm not sure if this is secure, probably not, but it worked. Found more info here (http://stackoverflow.com/questions/6821532/php-warning-permission-denied-13-on-session-start)

session_save_path('path/to/my/home/directory/tmp');
// create/read session, absolutely necessary
session_start();

Would be really nice and awesome, if you added this package to composer/packagist. It would make it so much easier to intergrate into exsisting projects. I really like how tiny this version is compared to your huge one.

PDO is more secure can you add PDO to your php login repository or can i make an other repository for that?

Hello, liking this alot!

Is it possible to manually create users? I just don't know how to generate a password hash to store in the DB.

Also another question; how can I add more pages that you need to be logged in to see? <- figured that one out

hi,

I am totally new to PHP but with some effort I managed to get the php-minimal login page working. Thanks a lot for your efforts. Can I have a simple example as to how / which parts of the code do I need to use in other pages to check if the user has logged in?

I just have couple of days of experience with php so please forgive for the ignorant question. I assume this is the code that i have to use in all the pages? Btw do I need to put in the require statements as well?

// include the configs / constants for the database connection
require_once("config/db.php");

// load the login class
require_once("classes/Login.php");

// create a login object. when this object is created, it will do all login/logout stuff automatically
// so this single line handles the entire login process. in consequence, you can simply ...
$login = new Login();

// ... ask if we are logged in here:
if ($login->isUserLoggedIn() == true) {
    // the user is logged in. you can do whatever you want here.
    // for demonstration purposes, we simply show the "you are logged in" view.
    include("views/logged_in.php");

} else {
    // the user is not logged in. you can do whatever you want here.
    // for demonstration purposes, we simply show the "you are not logged in" view.
    include("views/not_logged_in.php");
}

Thanks a ton,
rw

First of all, let me thank you for giving this amazing php form. It is the first that actually worked for me!!!!

I only got one (stupid) question. I want to adjust the index.php file with css so it looks better., but when I open the index.php file in a text editor I cannot see any html tags but only php.

How can I view the html code of index.php? So I can add some css.

(I'm a noob I know)

thnx for your code

Cool project,
There are only some small security issues.

• There is no XSRF protection.
• There is no logon attempt limit
• Blowfish is kind of old, please upgrade to something like Argon2

That's all! Keep on the good work! ;)

Hello,

I was looking for simple register/login class already written and I stumbled on your repo, but what I found is wrong OOP, here is why:

• your classes are named poorly, you can't name a class Login, login is an action, login should be method, you should call the class 'User'. The exact same thing implies for the 'Registration' class
• checking for $_POST or $_GET in the class constructor is not good, why do you call registerNewUser method in the constructor of 'Registration' class, this should be called from the php file where the POST is sent
• class with one method is bad, not always, but in your case is
• registerNewUser method is very long, why not split it in other methods and make those methods easy to understand and clean, class method should be smaller than one screen of code

hope I helped someone

This doesn't work on my website that has a SSL encryption certificate.

Is it possible to do some changes in order to make it work? I just get a 403 error when trying to login

http://ww1.php-login.net/
is for sale

Hey,

Was just wondering what happened to the PHP Login Advanced repository. I am currently using it in my project and was worried maybe there is a security hole? Or was it taken down because it is no longer maintained? Thanks!

Years ago I used this project to address a website login background but now that I know more about security I get that we must passwords as a Hash of (password+salt) PLUS saving the salt in another column in order to be able to verify user.
If I am right about your code bellow(./classes/login.php) :

In line 84 it checks the direct hash of the password with the saved one. Also in the database we have no salt column.

May I ask to put some time to fix it or please put an alert at the beginning of the readme so people don't use it as a prefect example or in real world ?

Could someone please modify this project to make use of prepared statements?

Solved problem with Ubuntu 16.04

if you using tutorial: https://www.dev-metal.com/install-php-login-nets-1-minimal-login-script-ubuntu/

open terminal: sudo apt-get install libapache2-mod-php7.0

and retry install sudo apt-get install mysql-server php7.0-mysql is NOT use php5-mysql, because: E: Package 'php5-mysql' has no installation candidate ubuntu 16.04.

https://github.com/panique/php-login-advanced
its 404