Although not recommended but maybe for some reason you need to create a PHP login without the use of any database (SQL). For some reason you maybe scared to approach, but here I made a script that is fairly secure without utilizing any database at all. It allows users to login and stay logged in. If you are one of those people then here's the script for you.
Now this script does not use any external files to store user names and password as it opens up more security flaws for hackers, so everything is managed in an array within the PHP. If somebody was able to get a hold of your PHP file this will compromise things but the chances of that happening is fairly close to utilizing a database.
Features
- Utilizes cookies to give users ability to stay logged in across multiple pages
- Secure login algorithm mitigates hacking attempts
Drawbacks
Now by not utilizing a database there are some drawbacks and they are:
- Users cannot change password and user names manually
- Users can attempt login as many times as they want
With that said, it means that usernames and passwords must be managed by an admin. If this is still something for you. If this is not for you wait around because I will convert this script into a database version in the future.
Less Talk More Script
Installation:
Just download all the necessary files which includes:
- _login.php
- _login_page.php
- _login_class.php
- _login_users.php
- login.php
- logout.php
Once you put these in your root folder you need to edit the users and settings. Open up _login_users.php and you'll see:
//My Login Script
//Attach this to any page that requires Login
//Users and Settings
$domain_code = 'website'; //Alpha Numeric and no space
$random_num_1 = 20; //Pick a random number between 1 to 500
$random_num_2 = 565; //Pick a random number between 500 to 1000
$random_num_3 = 3; //Pick a random number between 1 to 3
//Usernames can contain alphabets, numbers, hyphens and underscore only
//Set users below – Just add " => " with the first " being
//the username and the second " after the => being the password.
//Its an array so add an , after every password except for the
//last one in the list. As shown below
//Eg. $users = array(
// 'user1' => 'password',
// 'user2' => 'password'
// );
$users = array(
'user1' => 'password',
'user2' => 'password'
);
?>
Modify the domain code and three random numbers. The three random numbers is the key that makes login secure and unique to your website only. Then at the bottom you can create all of your users.
Now in every page that you require the user to login just add the following code to the very top of the page, exactly on line 1.
That's pretty much all you need to do to install the secure login script. The only other thing if you want is you can edit _login_page.php. That's the page people see when they need to login.
Login and Logout
You can lead users to login and logout with links to login.php and logout.php as such.
Displaying Macors
In this case the only macro you can call up is the username after they have logged in. You can call it in a welcome back message like this (placed in your HTML).
Download the files:
PHP Login Without Database.zip
Share It
Firstly, thank you very much for posting this! I did have one question (sorry!) and that is how could I change it to allowing the user name be people's email addresses?
Ideally I would like to just have people sign in with their email addresses and not have a password, just the username box which would be their email. I think this could work, the only draw back being that "Usernames can contain alphabets, numbers, hyphens and underscore only"
Any help you can give would be greatly appreciated, thank you!
Holly, yes I can show you how to do so, but I was wondering if it only requires an email and no password wouldn't other people be able to login to other accounts as well? Let me know and I'll reply you with a script.
The login will be for volunteers logging in to see more information about volunteering, there won't be any confidential information. The information will be the same, regardless of the user name. Would you recommend a password too?
That seems fine I was just curious. Here is what you're looking at for an email login:
http://www.crankberryblog.com/files/php_email_login.zip
Thank you so much for taking the time to do this! I really appreciate it. I have a couple of questions then hopefully that'll be it.
Would there by a limit to how many users I can add, and also sometimes it requires me to enter my email address twice before logging me in – is there anything I do to fix this?
Hey Holly sorry for the late reply I've been away for holidays. Yes it allows unlimited users.
As for the second problem I'll have to do a test tomorrow check back tomorrow night.
Great, thank you! I really appreciate the help.
Hey, I'm sorry to be a pain about this but did you find anything out about why the user has to enter their login info twice?
Hey Holly, much apologies as I have taken on more clients than I could handle at the moment. Here's the reason why. After I changed it to email only one of the functions was thrown off. If you open up _login_class.php you'll have to replace the verify_login function with the following:
function verify_login ($key_uid, $key_cid) { //Check Login if ($key_cid = $this->code_encryption($key_uid)) { //Validate Username Is True foreach ($this->users as $username) { if ($key_uid == $this->user_encryption($username)) { $this->username = $username; return TRUE; } } } return FALSE; }What is a data base for log/register on my server? Is this a from word 2003/2007 data base?
How do i do the log in and regester set up on my site. so people can log in and regoster. what is used for the data base?
and where do you put your log in folder and log out folder etc.?
Thanks Robert.
Hey Robert, this script specifically is for no database usage, as explained it is less flexible and only slightly less secure due to a floating file with the user database on it. Now, I will be releasing a database version of this possibly end of the week (based on my workload). The database that I'll be using will be MySQL. If you're planning to operate a database driven website you should definitely look into MySQL. There is no login folder and logout folder.
As with the registration, the non-database driven script doesn't have the feature you'll have to wait for my next script.
-Cheers
Fantastic, thank you so so much, Jerry!