Free PHP scripts for you to use! ^_^ <3

[Black Rose]

^_^ I was bored, so I figured I might as well put my scripting knowledge to use :)

These are free to use, and you don't have to give credit. You can if you want ^_^ but I don't require it :) A simple thanks here would suffice =D

.

Full Scripts

Login Script:

Spoiler:

 <?php
if (!mysql_connect("localhost","database_username","db_user_password")){
die(mysql_error());
}
if (!mysql_select_db("database_name")){
die(mysql_error());
}
?>
<form method="post" action="login.php">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" name="login" value="Login" />
</form>
<?php
if(isset($_POST['login'])){
$query = "SELECT * FROM users WHERE username='".$_POST['username']."'";
$array = mysql_query($query);
$user = mysql_fetch_array($array);
if ($user['password'] == md5($_POST['password'])){
print "Successfully logged in! Redirecting . . .";
header("Location: index.php");
} else {
print "Wrong username/password!";
}
}
?>

Registration Script (improved security and validation):

Spoiler:

 <?php
if (!mysql_connect("localhost","database_username","db_user_password")){
die(mysql_error());
}
if (!mysql_select_db("database_name")){
die(mysql_error());
}
?>

<form method="post" action="register.php">
Desired Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password1" id="password1" /><br />
Confirm Password: <input type="password" name="password2" id="password2" /><br />
<input type="submit" name="submit" value="Register" id="submit" />
</form>

<?php
if (isset($_POST['submit'])){
if($_POST['password1']!=$_POST['password2']){
$error = "Your passwords do not match!<br />";
}

if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_POST['email'])) {
print "<br />";
} else {
$error .= "The email address you entered is not valid!<br />";
}

$query1 = "SELECT * FROM users WHERE username='".$username."'";
$usercheck = mysql_query($query1);
if ($usercheck['username']==$_POST['username']){
$error .= "The username you chose has already been taken!<br />";
}

if ($error){
print "<div style='border:1px solid #3366AA;background-color:#88CCFF;width:72%;color:#3366AA'>";
print $error;
print "</div>";
die();
}
$query = "SELECT * FROM users WHERE username='".$_POST['username']."'";
$array = mysql_query($query);
$user = mysql_fetch_array($array);
if($user['username'] != '' || $user['username'] != 0){
$errormsg += "<b>That username is already taken!</b><br />";
$error = 1;
}
if ($error >0){
die("You have one or more errors that need your attention!");
} else {
protect($_POST['username']);
protect($_POST['password1']);
$query = "INSERT INTO users (username, password) VALUES ('".$_POST['username']."','".md5($_POST['password1'])."')";
if (!mysql_query($query)){
die(mysql_error());
} else {
print "Registered successfully! Redirecting . . . ";
header("Location: login.php");
}
}
}
function protect ($string){
        $string = mysql_real_escape_string($string);
        $string = strip_tags($string);
        $string = addslashes($string);
        
        return $string;
}  

?>

.

Functions:

Validate form

Spoiler:

To call simply use:

validate($_POST['username'],$_POST['password1'],$_POST['password2'],$_POST['email']);

function validate($user,$pass1,$pass2,$email){
if ($pass1 != $pass2){
$error .= "The passwords you entered do not match.<br />";
}
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {
$error .= "The email you entered is not valid.<br />";
}
if($error==""){
register($user,$pass1,$email);
} else {
die ("You have the following errors to correct before continuing:<br /><br />".$error);
}
}

I'll add more as soon as I can think of them. ^_^ Possibly even some independent functions =D

~BR

.

Thanks to /*.Ooka.*/ for the awesome security improvements =D

 

[Ooka]

Eww... those are extremely unsafe.

Before connecting to a database, protect your strings first.

function protect ($string){
		$string = mysql_real_escape_string($string);
		$string = strip_tags($string);
		$string = addslashes($string);
		
		return $string;
}

Use this method to protect variables in Register:

	$username = protect($_POST['username']);
	$password = protect($_POST['password']);
	$confirm = protect($_POST['passconf']);
	$email = protect($_POST['email']);
	$name = protect($_POST['name']);

Also, you don't need to connect twice, just make a functions.php folder and put this in it:

function connect (){
	$con = mysql_connect("host","username","password") or die (mysql_error());
	$db = mysql_select_db("database", $con);

Then, in the folder you're connecting with, put this before anything:

include_once "functions.php";

connect();

 

[Squeenix]

No mysql_escape_real_string :O

 

[Black Rose]

@Ooka: These weren't meant to be commercial grade scripts, they're for fan-sites/games. How many fan-sites out there use high security? ^_^

@Squeenix: See above.

These are simply for foundation, you can add whatever you want to these scripts. By "Full Script" I'm saying that you can use them "as-is", but that doesn't mean you have to. These are just pre-made to save you a bit of time :)

~BR

 

[j_]

@Ooka: These weren't meant to be commercial grade scripts, they're for fan-sites/games. How many fan-sites out there use high security? ^_^

@Squeenix: See above.

These are simply for foundation, you can add whatever you want to these scripts. By "Full Script" I'm saying that you can use them "as-is", but that doesn't mean you have to. These are just pre-made to save you a bit of time :)

~BR

SQL Injection is bad. It doesn't matter what size your site is! :P

It's not a matter of "high security" its a matter of someone dropping your database table if they feel like it! The extra 3 lines it takes to make any user input safe is definately worth it!

:)

 

[Squeenix]

Mysql injection = bad
They could just go on your site and put a username in that field and 1=1 in the password field
They could also just put in, DROP TABLE accounts in the stupid fields

Mysql injection protection is a MUST for all websites dealing with mysql

EDIT: Injection and protection rhymes :D

 

[Black Rose]

=/ Well, since you seem so adamant about it, I'll add those improvements in ^_^

Thankies =)

I'll try to add in more functions later. :)

~BR