Copy link to clipboard
Copied
Hi,
I have been doing some research on how I would create a login page with Dreamweaver 2017 as I wanted to create a practice page to make sure I understood the principles and that I was securing my pages and databases correctly before moving to a production environment. I have found many tutorial online (including some wrote officially by adobe) but they all seem to be out of date as they are all talking about "server behaviours" which was depreciated when Dreamweaver CC was released and is no longer included with Dreamweaver.
I really want to create a proper login page that uses a web-form connected to a MySQL database. I know how to create the database and I know how to layout the form. What I don't know how to do is make the form work with the database and as previously mentioned all tutorials that I have found (including official adobe ones) are talking about server behaviours which is not helpful to me at all since I am using the CC 2017 version of dreamweaver.
I want to have this setup:
1: A login page with a web-form where users enter their user name and password
2: A login button that will submit the information in the form
I do not need a registration page as I do not want users to be able to self register. I will be using a web-form that submits a registration request to an administrator via email, who will manually validate the users identity and then create an entry for them in the user database.
I want this to happen when i user enters the correct details into the login form:
1: Username and password is entered into the login form
2: User submits the form by clicking login
3: Username and password is validated against credentials held in a MySQL database
4: User is authenticated
5: User is directed to the protected "members" page
I want to have this happen when the user enters the incorrect details into the login form
1: Steps one to 3 above are the same
2: User is not authenticated
3: User is directed to a page that says "you have entered an incorrect username or password please try again."
I want this to happen if a user enters the website address for the protected page directly into the address bar of their browser
1: Session ID is checked
2: No session ID or invalid session ID is detected or session ID can not be determined
3: User is redirected to the login page
or
1: Session ID is checked
2: Valid session ID is detected
3: User is allowed to continue to the protected page without being redirected to the login page.
How can I do this in my version of Dreamweaver CC 2017?
Cheers
Jay
jaygtel wrote:
How can I do this in my version of Dreamweaver CC 2017?
This can be as hard as you like or as easy as you like. Assuming your server has php5.5 or above enabled you can use the password_hash and password_verify php functions.
Example code php/mysqli (scroll below). You need 3 columns in your database - id, username and password. Make sure the username is set to var(50) and the password is set to var(150). The id should be the primary key and set to int(11)
First you need to hash the p
...Copy link to clipboard
Copied
See How to build a login page in Dreamweaver
Edit: Sorry, please ignore. After a second look, the article uses deprecated code.
Copy link to clipboard
Copied
Have a look at PHP Login System with PDO Connection.
Copy link to clipboard
Copied
jaygtel wrote:
How can I do this in my version of Dreamweaver CC 2017?
This can be as hard as you like or as easy as you like. Assuming your server has php5.5 or above enabled you can use the password_hash and password_verify php functions.
Example code php/mysqli (scroll below). You need 3 columns in your database - id, username and password. Make sure the username is set to var(50) and the password is set to var(150). The id should be the primary key and set to int(11)
First you need to hash the password/s as you should not store unencrypted passwords in your database for security reasons.
To do this, if you are not going to create a registration page, you can insert the line of code below into a php page, run it in the browser which will return the hashed password which in this case is "SecretPassword"
<?php echo password_hash("SecretPassword", PASSWORD_BCRYPT); ?>
When you have the hashed password you can copy it and paste it into the database password field, repeat operation for each user using a different password. The reason you should have a registration page, if you think you wlll have more than a handful of users, is that you can check to see that the same password is not being used again.
Once you have your database informatuon set up copy the LOGIN PAGE code below and paste into a php file and save to your site folder as login.php - Replace 'server_name, username, password, database_name' in the database connection string with those of your own.
The code is querying a table in the database named 'users' - 'SELECT * FROM users' - replace with your database table name.
Change the page see code below (header('Location: http://www.bbc.co.uk');) where you wish successful logins to be directed, can be a page in your site folder.
That's it. If you have followed the instrcutions you should not have a working login page.
<!-------------------------------------------------------------- LOGIN PAGE --------------------------------------------------->
<?php session_start() ?>
<?php $conn = new mysqli('server_name' , 'username' , 'password , 'database_name'); ?>
<?php
if(isset($_POST['submit'])) {
$username = $conn->real_escape_string(trim($_POST['username']));
$password = $conn->real_escape_string(trim($_POST['password']));
$get_users = $conn->query('SELECT * FROM users') or die($conn->error);
while($row = $get_users->fetch_assoc()) {
if ($row['username'] == $username && password_verify($password, $row['password'])) {
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header('Location: http://www.bbc.co.uk');
}
else {
$response = "Sorry you do not have permission to access this website";
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<title>Secure Login</title>
</head>
<body>
<?php
if(isset($response)) {
echo $response;
}
?>
<form id="login" name="login" method="post" action="">
<label>Username</label><br />
<input type="text" name="username" id="username" value=""/><br />
<label>Password</label><br />
<input type="text" name="password" id="password" value=""/><br />
<input type="submit" name="submit" id="submit" value="Submit" />
</form>
</body>
</html>
<!-------------------------------------------------------------- END LOGIN PAGE --------------------------------------------------->
IMPORTANT: The piece of code below NEEDS to go at the very start of each page that you wish to be securely protected:
<?php session_start(); ?>
<?php
if(!isset($_SESSION['username'])) {
header('Location: login.php');
}
?>
Copy link to clipboard
Copied
Thanks so much that is what I have been looking for. As I said I know how to create the form and the database, it was just making the two work together I was having problems with.
I have taken your suggestion about a registration form into account and have decided that I will create a registration form which administrators can use to enter the details of new users into the database rather than using the database itself like I was originally intending.
This may solve the password issue. Although I had intended for an administrator to enter the details into the database directly and use MD5 when entering the password, which would have hashed the password - your suggestion of a registration form does sound a better approach and will allow for user growth as more users are transitioned to member status.
Copy link to clipboard
Copied
jaygtel wrote:
This may solve the password issue. Although I had intended for an administrator to enter the details into the database directly and use MD5 when entering the password, which would have hashed the password - your suggestion of a registration form does sound a better approach and will allow for user growth as more users are transitioned to member status.
Md5 is considered one of the weakest methods of hashing passwords which makes it vulnerable to attacks. I've used it in the past myself but I wouldn't choose this method again.
Since I don't write webpages which require that many users to log in, mainly a hand full of administrators I tend not to even use a database BUT if I did I would go with the easy to use php5.5+ password_hash and password_verify functions as its less complicated than other methods.
Good luck with your project. I think its wise to set up a registration page, even if its just for your administators to use, as it's easier to manage the usernames and passwords. However don't forget if your users loose their login details they wont be able to recover them without the intervention of an administrator.