[Release] Green-Secure-Register+Log in (GSRL) v0.1

-Dimensions- · 09-01-2010, 06:42 PM

Green-Secure-Register+Log in v0.1 (1st RELEASE)

Everything like this, and this, and this, are important.

Instructions:
Create a MySQL Database with a Account and Password.
In PHPMyAdmin type in this SQL Code:

Code:

CREATE TABLE `members` (
   
   `fname` varchar(25) NOT NULL default '',
   `lname` varchar(25) NOT NULL default '',
   `login` varchar(25) NOT NULL default '',
   `password` varchar(32) NOT NULL default '',
   `email` varchar(25) NOT NULL default '',
 
   PRIMARY KEY  (`login`)
 )

Extract the folder in the ZIP file given, to your Desktop.
( PASSWORD IS: "~9{/h(wgEf" without quotes )
Right-Click config.new~ and Select Rename.
Change config.new~ to config.php.
Now Right-Click config.php and Select Edit.
Replace localhost with your host. Keep the ' and '.
Replace account with your MySQL User.
Replace pword with your MySQL User's Password.
Replace dbase with your MySQL Database Name.
Now Upload the folder to your Public Directory (/home/____/public_html/GSRL/) or (/public_html/GSRL)

Now no longer change the config.php.

The files, and what they are:
access-denied.php - The page that users who don't have Authentication are linked to.
auth.php - The Page that Checks if the user is Authenticated.
config.php - The configuration of the Database.
login-exec.php - The script for the login-form.php. Checks Authentication and sets up user session.
login-failed.php - The page when a user tries to log in with false details, they are linked to.
login-form.php - The page where a user logs in.
logout.php - The page & script when a user logs out.
member-index.php - The page where users are linked to when they log in. (Authentication Required).
member-profile.php - Currently nothing.
register-exec.php - The script for the register-form.php. Sends registration info to MySQL Database.
register-form.php - The page where a guest registers.
register-success.php - The page where once users are registered, they are linked to.

Files you can edit:
access-denied.php
login-failed.php
login-form.php
logout.php
member-index.php
member-profile.php
register-form.php
register-success.php

We recommend you don't change any other files.

SQL Injection Prevention is INCLUDED.

Credits:
-Dimensions-
Help from Google.

Thanks Kosaki for finding the SQL Code Error.

Press Thanks if you used.

Please let me know of bugs and errors. (NEVER TESTED)

I'm still setting up a demo.

Things to look forward to:
Better Design
Member Profile page (Edit your profile)
Some Javascripts
Maybe a website for QSRL?
Manage Members page
Forgot Password page
Private Message System
Text Message System
Image Verification
Make it use a salt and more secure hash
and more!

Please don't hate, its my first release, and this is my 2nd year of PHP Coding and 3rd oh HTML and CSS.

**Kosaki** · 09-01-2010, 06:59 PM

Saw your post about this in the other topic.

This has not yet been approved but I do wonder about a rather simple thing.
The mysql table says the passwords has a max length of 25 characters.

How is the passwords stored in the database? Most of the hashes I have been using is bigger than 25 characters. (md5 is 32, sha256 is 64)

-Dimensions- · 09-01-2010, 07:14 PM

Its stored as MD5 Hash.

Code:

".md5($_POST['password'])."

Also comes with a Repeat Password feature:

Code:

    if( strcmp($password, $cpassword) != 0 ) {
        $errmsg_arr[] = 'Passwords do not match';
        $errflag = true;
    }

Also same with Email:

Code:

    if( strcmp($email, $cemail) != 0 ) {
        $errmsg_arr[] = 'Emails do not match';
        $errflag = true;
    }

**Kosaki** · 09-01-2010, 07:22 PM

Well you can't put a string with the length 32 in varchar(25) if the sql server is running in strict mode. And it will also produce warnings if you do so when in not strict mode.

Simplest would be to change from varchar(25) to varchar(32).

Good work tho.

PS: Making it use a salt and another more secure hash would make the applications much more secure

-Dimensions- · 09-01-2010, 07:29 PM

Quote:

Originally Posted by Kosaki

Well you can't put a string with the length 32 in varchar(25) if the sql server is running in strict mode. And it will also produce warnings if you do so when in not strict mode.

Simplest would be to change from varchar(25) to varchar(32).

Good work tho.

PS: Making it use a salt and another more secure hash would make the applications much more secure

If your up to it, you can help.

Thanks for the error you caught.

This might have a chance of making it to the top. I might set up a website and forum for it. Maybe in the future start selling it.

Go ahead and PM me if you want to help.

**Quicktime** · 09-01-2010, 11:10 PM

Quote:

Originally Posted by -Dimensions-

...

Hey,

I was going to suggest some improvements and maybe give some more code, but I am not going to bother as I see you are trying to sell it. Is this not constructed from 100% free code found on this forum?

Regards,

- Quicktime

**disco** · 09-02-2010, 12:34 AM

Quote:

Originally Posted by -Dimensions-

I might set up a website and forum for it. Maybe in the future start selling it.

Like Quicktime said, we're not gonna support items that you may attempt to sell in the future.