Secure PHP login without database (Make login page in php no database) - BZU PAGES: Find Presentations, Reports, Student's Assignments and Daily Discussion; Bahauddin Zakariya University Multan

**.BZU.** · #1 17-01-2011, 04:23 AM

Although not recommended but maybe for some reason you need to create a PHP login without the use of any database (SQL). For some reason you maybe scared to approach, but here I made a script that is fairly secure without utilizing any database at all. It allows users to login and stay logged in. If you are one of those people then here's the script for you.
Now this script does not use any external files to store user names and password as it opens up more security flaws for hackers, so everything is managed in an array within the PHP. If somebody was able to get a hold of your PHP file this will compromise things but the chances of that happening is fairly close to utilizing a database.
Features

Utilizes cookies to give users ability to stay logged in across multiple pages
Secure login algorithm mitigates hacking attempts

Drawbacks
Now by not utilizing a database there are some drawbacks and they are:

Users cannot change password and user names manually
Users can attempt login as many times as they want

With that said, it means that usernames and passwords must be managed by an admin. If this is still something for you. If this is not for you wait around because I will convert this script into a database version in the future.
Less Talk More Script

Installation:
Just download all the necessary files which includes:

_login.php
_login_page.php
_login_class.php
_login_users.php
login.php
logout.php

Once you put these in your root folder you need to edit the users and settings. Open up _login_users.php and you'll see:

PHP Code:

  <?php //My Login Script
//Attach this to any page that requires Login
  //Users and Settings
$domain_code = 'website';       //Alpha Numeric and no space
$random_num_1 = 20;             //Pick a random number between 1 to 500
$random_num_2 = 565;            //Pick a random number between 500 to 1000
$random_num_3 = 3;              //Pick a random number between 1 to 3
 //Usernames can contain alphabets, numbers, hyphens and underscore only
//Set users below – Just add " => " with the first " being
//the username and the second " after the => being the password.
//Its an array so add an , after every password except for the
//last one in the list. As shown below
//Eg. $users = array(
//              'user1' => 'password',
//              'user2' => 'password'
//      );
 $users = array(
                'user1' => 'password',
                'user2' => 'password'
        );
  ?>

Modify the domain code and three random numbers. The three random numbers is the key that makes login secure and unique to your website only. Then at the bottom you can create all of your users.
Now in every page that you require the user to login just add the following code to the very top of the page, exactly on line 1.

PHP Code:

<?php require('_login.php'); ?>

That's pretty much all you need to do to install the secure login script. The only other thing if you want is you can edit _login_page.php. That's the page people see when they need to login.
Login and Logout
You can lead users to login and logout with links to login.php and logout.php as such.

PHP Code:

  <a href="login.php">Login</a> | <a href="logout.php">Logout</a>

Displaying Macors
In this case the only macro you can call up is the username after they have logged in. You can call it in a welcome back message like this (placed in your HTML).

PHP Code:

 
Welcome back <?php echo $login->username; ?>