user authentication module using php

USER AUTHENTICATION WEB MODULE

USING PHP

Year: 2014

RISHABH SRIVASTAVA

BBDEC - LUCKNOW

([email protected])

TABLE OF CONTENTS

S. No. TOPIC Page No. 1 Introduction 1

2 Project Overview 2

3 Sign Up Page 3

4 Login Page 11

5 Forgot Password Page 15

6 Inbox 19

7 Pages at a Glance 23

8 References 24

User Authentication Module Using PHP

1

1: INTRODUCTION

PHP is a server-side scripting language designed for web development. PHP was originally created by Rasmus Lerdorf in 1994. While PHP originally stood for Personal Home Page, it now stands for Hypertext Preprocessor, which is a recursive backronym.

Fig: PHP logo

PHP code can be simply mixed with HTML code, or it can be used in combination with various templating engines and web frameworks. PHP code is usually processed by a PHP interpreter, which is usually implemented as a web server's native module or a Common Gateway Interface (CGI) executable. After the PHP code is interpreted and executed, the web server sends resulting output to its client, usually in form of a part of the generated web page.

The canonical PHP interpreter, powered by the Zend Engine, is free software released under the PHP License. PHP has been widely ported and can be deployed on most web servers on almost every operating system and platform, free of charge. Despite its popularity, no written specification or standard exists for the PHP language; instead, the canonical PHP interpreter serves as a de facto standard. However, work on creating a formal specification has started in 2014.

Fig: Rasmus Lerdorf (2014)


2

2: PROJECT OVERVIEW

Using php as a server-side scripting language, we have created a simple user authentication module. The module can be directly implemented in a website with some minor changes to provide user signup ability in a webpage. HTML and CSS have been used for the designing of the webpage, and MySQL for backend database management.

The module contains the following components:

− Sign up page − Login page − Page for resetting the password − User inbox

We will deal with each component of the module in detail through the subsequent topics.


3

3: SIGN UP PAGE

Fig: Signup Page

The sign up page gives the ability to add new users to the website. It accepts user details through a form and validates the information and creates a new user id. The sign up page accepts the following information from the user:

− Name − Date of Birth − Gender − Email − User id − Password − Mobile number − Security question and answer (required for resetting the password)

The php code if(preg_match("/^[a-zA-Z]{3,}$/",$name1) && preg_match("/^[a-zA-

Z]{3,}$/",$name2)) checks that the name should contain only English alphabets and no special charactyers or numbers.

The code if(filter_var($email,FILTER_VALIDATE_EMAIL)) checks that the email id is given in the proper format.


4

The user id given by the user should contain only English alphabets, numbers and underscores. This is controlled by the code if(preg_match("/^[a-zA-Z0-9_]{6,20}$/",$userid)). It also checks that the user id must not be taken by someone else.

The password entered should be atleast 8 characters long and both the passwords should match.

The security question is to be selected from the drop down menu and an appropriate answer is to be given by the user. It can be used at the time when the user wants to reset the password.

The mobile number should start with either of the digits 7, 8 or 9.

if(preg_match("/^[7-9][0-9]{9,9}$/",$mobile))

The password and the security answer are saved in the database after encrypting them with md5 checksum. $pw1=md5($pw2); $ans=md5($ans);

<?php error_reporting(0); mysql_connect('localhost','root',''); mysql_select_db('project'); /* TABLE::: create table user_data(f_name varchar(20),l_name varchar(20),dob date,gender char(1),email varchar(30),userid varchar(20),pwd varchar(32),mobile bigint(10),security_q int(1),security_a varchar(32)); */ if(ISSet($_POST['submit'])) { $name1=$_POST['name1']; $name2=$_POST['name2']; $dob=$_POST['dob']; $gender=$_POST['gender']; $email=$_POST['email']; $userid=$_POST['userid']; $pw1=$_POST['pw1']; $pw2=$_POST['pw2']; $mobile=$_POST['mobile']; $ques=$_POST['ques']; $ans=$_POST['ans']; if(preg_match("/^[a-zA-Z]{3,}$/",$name1) && preg_match("/^[a-zA-Z]{3,}$/",$name2)) { $dmy=explode("/",$dob); if($dmy[0]<=31 && $dmy[1]<=12 && $dmy[2]>=1980) { $ymd="$dmy[2]/$dmy[1]/$dmy[0]";


5

if(!(strcmp($gender,"A")==0)) { if(filter_var($email,FILTER_VALIDATE_EMAIL)) { if(preg_match("/^[a-zA-Z0-9_]{6,20}$/",$userid)) { $q="select * from user_data where userid='$userid'"; $i=mysql_query($q); if(mysql_num_rows($i)==0) { if(strlen($pw1)>7) { if(strcmp($pw1,$pw2)==0) { if(preg_match("/^[7-9][0-9]{9,9}$/",$mobile)) { if(strcmp($ques,"A")==0) { $e8="Select a security question!"; } else { $pw1=md5($pw2); $ans=md5($ans); $q="insert into user_data(f_name,l_name,dob,gender,email,userid,pwd,mobile,security_q,security_a) values('$name1','$name2','$ymd','$gender','$email','$userid','$pw1','$mobile','$ques','$ans')"; $i=mysql_query($q) or die("Registeration unsuccessful. Try again."); if($i) { $success="<div align='center' style='font-family:Arial; margin-top:20px; color:#46474a;'>You have been successfully registered. Go to <a href='login.php'>login page</a> directly.</div><br/><br/>"; } } } else { $e7="Invalid Mobile"; } } else { $e6="Passwords do not match"; } } else { $e6="Invalid Password"; } }


6

else { $e5="Userid taken, Choose another"; } } else { $e5="Invalid Userid"; } } else { $e4="Invalid Email"; } } else { $e3="Please select your gender"; } } else { $e2="Invalid Date"; } } else { $e1="Invalid Name"; } } ?> <html> <head> <title>Sign Up!</title> <style> #form { font-family:Arial; width:600px; background-color:white; border:1px solid white; border-radius:10px; padding:20px; box-shadow:1px 1px 25px black; } #head { width:600px; font-size:25px; color:#46474a; margin-top:-20px; } #subheading


7

{ margin-top:-30px; } td { padding:7px; } #rules { font-size:10px; color:#464bab; } #warnings { font-size:10px; color:e20620; } body { background-color:#a4e0cc; font-family:Arial; } select { color:#808590; } input[type="text"], input[type="password"] { color:#808590; font-size:14px; } a:link { text-decoration:none; color:blue; } a:visited { text-decoration:none; color:blue; } a:hover { text-decoration:none; color:blue; } </style> </head> <center> <body> <div id="head"> <h1>Sign Up</h1> <h3 id="subheading">It's simple and free!</h3>


8

</div> <div id="form"> <form method="post" action="signup.php"> <?php echo $success; ?> <table border="0"> <tr> <td>Name</td> <td>:</td> <td> <input type="text" placeholder="First Name" name="name1" value="<?php echo $name1; ?>" required/> <input type="text" placeholder="Last Name" name="name2" value="<?php echo $name2; ?>" required/> </td> </tr> <tr> <td></td> <td></td> <td id="warnings"><?php echo $e1; ?></td> </tr> <tr> <td>Date of Birth</td> <td>:</td> <td> <input type="text" placeholder="dd/mm/yyyy" name="dob" value="<?php echo $dob; ?>" required/> </td> </tr> <tr> <td></td> <td></td> <td id="warnings"><?php echo $e2; ?></td> </tr> <tr> <td>Gender</td> <td>:</td> <td> <select name="gender"> <option value="A">--Select--</option> <option <?php if(strcmp($gender,"M")==0) echo 'selected'; ?> value="M">Male</option> <option <?php if(strcmp($gender,"F")==0) echo 'selected'; ?> value="F">Female</option> </select> </td> </tr> <tr> <td></td> <td></td> <td id="warnings"><?php echo $e3; ?></td> </tr> <tr> <td>E-mail id</td> <td>:</td> <td> <input type="text" size="30px" placeholder="Enter your Email" name="email" value="<?php echo $email; ?>" required/> </td> </tr> <tr> <td></td> <td></td> <td id="warnings"><?php echo $e4; ?></td> </tr> <tr> <td style="padding:7px 7px 0px 7px;">User Id</td> <td>:</td> <td> <input type="text" size="30px" placeholder="Enter a User Id" name="userid" value="<?php echo $userid; ?>" required/> </td> </tr>


9

<tr> <td id="rules" style="padding:0px 7px 7px 7px;">(Should contain alphabets, numbers<br/>and underscores only ~Min 6 characters)</td> <td></td> <td id="warnings"><?php echo $e5; ?></td> </tr> <tr> <td style="padding:7px 7px 0px 7px;">Password</td> <td>:</td> <td> <input type="password" placeholder="Enter Password" name="pw1" required/> <input type="password" placeholder="Re-enter Password" name="pw2" required/> </td> </tr> <tr> <td id="rules" style="padding:0px 7px 7px 7px;">(Should be atleast 8 characters long)</td> <td></td> <td id="warnings"><?php echo $e6; ?></td> </tr> <tr> <td>Mobile Number</td> <td>:</td> <td><i style="font-size:14; color:grey;">(+91)</i> <input type="text" placeholder="Mobile Number" name="mobile" value="<?php echo $mobile; ?>" required/> </td> </tr> <tr> <td></td> <td></td> <td id="warnings"><?php echo $e7; ?></td> </tr> <tr> <td>Security Question</td> <td>:</td> <td> <select name="ques"> <option value="A">--Select a Security Question--</option> <option <?php if(strcmp($ques,"1")==0) echo 'selected'; ?> value="1">What is your pet's name?</option> <option <?php if(strcmp($ques,"2")==0) echo 'selected'; ?> value="2">What was your first phone number?</option> <option <?php if(strcmp($ques,"3")==0) echo 'selected'; ?> value="3">What is your car's registeration number?</option> <option <?php if(strcmp($ques,"4")==0) echo 'selected'; ?> value="4">What was the name of your first school?</option> </select> </td> </tr> <tr> <td></td> <td></td> <td id="warnings"><?php echo $e8; ?></td> </tr> <tr>


10

<td>Answer to Security Question</td> <td>:</td> <td><input type="text" placeholder="Enter an Answer" name="ans" value="<?php echo $ans; ?>" required/></td> </tr> <tr> <td></td> <td></td> <td></td> </tr> <tr> <td colspan="3" align="center"> <input type="submit" name="submit" value="Submit"/> <input type="reset" name="reset" value="Reset" /> </td> </tr> <tr> <td align="center" colspan="3">Go to the <a href="login.php">log in</a> page</td> </tr> </table> </form> </div> </body> </center> </html>


11

4: LOGIN PAGE

Fig: Login Page

The login page accepts user id and the password, and authenticates them to provide or deny access to the user.

It also contains a link to the sign up page and a link to reset the forgotten password.

<html> <head> <title>Log In!</title> <style> #form { font-family:Arial; width:400px; //margin-left:350px; background-color:white; border:1px solid white; border-radius:10px; padding:20px; box-shadow:1px 1px 25px black; } #head {


12

font-size:50px; color:#46474a; margin-top:-20px; } td { padding:7px; } body { background-color:#a4e0cc; font-family:Arial; } input[type="text"], input[type="password"] { font-size:14px; } a:link { text-decoration:none; color:blue; } a:visited { text-decoration:none; color:blue; } a:hover { text-decoration:none; color:blue; } center { margin-top:40px; } </style> </head> <center> <body> <h1 id="head">Log In</h1> <form method="post" action="session.php" id="form"> <table border="0"> <tr> <th align="left">User Id </th> <td>:</td> <td> <input type="text" size="30px" name="userid" required value="<?php error_reporting(0);


13

if(ISSet($_COOKIE['userid'])) { echo $_COOKIE['userid']; } ?>"/> </td> </tr> <tr> <th align="left">Password</th> <td>:</td> <td> <input type="password" size="30px" name="password" required /> </td> </tr> <tr> <td align="right"> <input type="submit" name="login" value="LOGIN"/> </td> <td></td> <td style="font-size:14px;"> <input type="checkbox" name="rem"/> Remember Me</td> </tr> <tr> <td colspan="3" align="right" style="padding:7px 0px 0px 0px; font-size:14px;"> <a href="signup.php">New User</a></td> </tr> <tr> <td colspan="3" align="right" style="padding:0px 0px 7px 0px; font-size:14px;"> <a href="forgot.php">Forgot Password</a></td> </tr> </table> </form> </body> </center> </html>

The action of the form is a session.php page which is given as follows:

The line $_SESSION['userid']=$userid; is used to start the user’s session after successful login and header('location:inbox.php'); line is used to display the user inbox. If the login is unsuccessful, a new page invalid.php is displayed using the code header('location:invalid.php');

A page, invalid.php can be easily created to display an error message displaying failure to authenticate the user id.

<?php error_reporting(0); session_start(); mysql_connect('localhost','root','') or die ("error1"); mysql_select_db('project') or die("error2"); if(ISSet($_POST['login'])) {


14

$userid=$_POST['userid']; $password=$_POST['password']; $pwd=md5($password); $q="select * from user_data where userid='$userid' and pwd='$pwd'"; $i=mysql_query($q) or die("error3"); if(mysql_num_rows($i)==1) { if(ISSet($_POST['rem'])) { setcookie('userid',$userid,mktime+(60*60*24*31*12*100)); } $_SESSION['userid']=$userid; //very important line header('location:inbox.php'); } else { header('location:invalid.php'); } } ?>

Cookie is used to remember the user id of the user.

if(ISSet($_POST['rem'])) { setcookie('userid',$userid,mktime+(60*60*24*31*12*100)); }


15

5: FORGOT PASSWORD PAGE

Fig: Forgot Password Page

The Forgot Password page is used to change the password associated with a user id in case the user forgets his password. Here, the security question and answer are used. The code checks whether the question and the answer match with that given at the time of registering the user id. If the details are authenticated, the password is reset and is displayed to the user which can then be used to sign in to the account.

<?php error_reporting(0); mysql_connect('localhost','root','') or die("error1"); mysql_select_db('project') or die("error2"); if(ISSet($_POST['fetch'])) { $userid=$_POST['userid']; $ques=$_POST['ques']; $ans=$_POST['ans']; $q="select * from user_data where userid='$userid'"; $i=mysql_query($q) or die("error3"); if(mysql_num_rows($i)==1) {


16

if(strcmp($ques,"A")==0) { $e2="Please select the security question!"; } else { while($d=mysql_fetch_row($i)) { $usrque=$d[8]; $usrans=$d[9]; $an=md5($ans); if(($usrque!=$ques)||(strcmp($usrans,$an)!=0)) { $e3="Security Question/Answer mismatch!"; } else { $q=rand(100,999).rand(100,999).rand(100,999).'pwd'; $pw=md5($q); $t="update user_data set pwd='$pw' where userid='$userid'"; $r=mysql_query($t) or die("error4"); if($r) { $msg="Your new password: $q"; } } } } } else { $e1="Invalid User Id"; } } ?> <html> <head> <title>Forgot Password?</title> <style> #form { font-family:Arial; width:500px; //margin-left:350px; background-color:white; border:1px solid white; border-radius:10px; padding:20px; box-shadow:1px 1px 25px black; } #head { font-size:40px; color:#46474a;


17

margin-top:-20px; } body { background-color:#a4e0cc; font-family:Arial; } input[type="text"], input[type="password"] { font-size:14px; text-align:center; color:#808590; } a:link { text-decoration:none; color:blue; } a:visited { text-decoration:none; color:blue; } a:hover { text-decoration:none; color:blue; } center { margin-top:40px; } td { padding:1px; } #warnings { font-size:12px; color:e20620; } #pwdchange { color:#1e4c9a; } select { color:#808590; } </style> </head> <center> <body> <h1 id="head">Forgot Password?</h1> <form method="post" action="forgot.php" id="form">


18

<h3 id="pwdchange"><?php echo $msg; ?></h3> <table border="0"> <tr><td colspan="3" align="center"><input type="text" placeholder="User ID" name="userid" size="40px" value="<?php echo $userid; ?>" required/></td></tr> <tr><td colspan="3" align="center" id="warnings"><?php echo $e1; ?></td></tr> <tr><td align="right">Security Question</td> <td>:</td> <td> <select name="ques"> <option value="A">--Select a Security Question--</option> <option <?php if(strcmp($ques,"1")==0) echo 'selected'; ?> value="1">What is your pet's name?</option> <option <?php if(strcmp($ques,"2")==0) echo 'selected'; ?> value="2">What was your first phone number?</option> <option <?php if(strcmp($ques,"3")==0) echo 'selected'; ?> value="3">What is your car's registeration number?</option> <option <?php if(strcmp($ques,"4")==0) echo 'selected'; ?> value="4">What was the name of your first school?</option> </select> </td> </tr> <tr><td colspan="3" align="center" id="warnings"><?php echo $e2; ?></td></tr> <tr> <td align="right">Answer to Security Question</td> <td>:</td> <td><input type="text" placeholder="Enter an Answer" name="ans" value="<?php echo $ans; ?>" required/></td> </tr> <tr><td colspan="3" align="center" id="warnings"><?php echo $e3; ?></td></tr> <tr><td colspan="3" align="center"><input type="submit" name="fetch" value="New Password"/></td></tr> <tr><td colspan="3" align="center"><a href="login.php">Login</a></td></tr> </table> </form> </body> </center> </html>


19

6: INBOX PAGE

Fig: Inbox Page

The Inbox page is a simple user specific page which displays the user id and provides a facility of changing the authentication password.

When the user logouts, the session is unset by the code:

unset($_SESSION['userid']); session_destroy(); header('location:login.php');

<?php error_reporting(0); session_start(); if(empty($_SESSION['userid'])) { header('location:login.php'); } mysql_connect('localhost','root','') or die ("Error1"); mysql_select_db('project') or die("Error2"); $userid=$_SESSION['userid']; if(ISSet($_POST['logout'])) {


20

unset($_SESSION['userid']); session_destroy(); header('location:login.php'); } if(ISSet($_POST['pwupdate'])) { $pw1=$_POST['pw1']; $pw2=$_POST['pw2']; if(strlen($pw1)>7) { if(strcmp($pw1,$pw2)==0) { $pw1=md5($pw2); $q="update user_data set pwd='$pw1' where userid='$userid'"; $i=mysql_query($q) or die("Error3"); if($i) { $msg="Password changed successfully..."; } } else { $e1="Passwords Do Not Match..!"; } } else { $e1="Length is less than 8 characters!"; } } ?> <html> <head> <title>Welcome, <?php echo $userid; ?></title> <style> #form1 { font-family:Arial; width:850px; background-color:white; border:1px solid white; border-radius:10px; padding:20px; box-shadow:1px 1px 25px black; } #form2 { font-family:Arial; width:600px; background-color:white; border:1px solid white; border-radius:10px; padding:20px;


21

box-shadow:1px 1px 25px black; } #head { font-size:25px; color:#46474a; margin-top:0px; } td { padding:7px; } #rules { font-size:10px; color:#464bab; } #warnings { font-size:9px; color:e20620; } body { background-color:#a4e0cc; font-family:Arial; } input[type="text"], input[type="password"] { color:#808590; font-size:14px; } #logout { margin-left:780px; margin-top:-10px; } </style> </head> <body> <center> <form method="post" action="inbox.php" id="form1"> <h1 id="head">WELCOME, <?php echo $userid; ?> </h1> <input type="submit" value="Logout" name="logout" id="logout"/> </form> </center> <center> <form method="post" action="inbox.php" id="form2"> <p style="font-size:12px; color:#464bab;"><?php echo $msg; ?></p> <table border="0"> <tr> <td rowspan="2" style="font-size:20px; color:#46474a;">Change Password: </td> <td> <input type="password" placeholder="Enter New Password" name="pw1" required/> </td> </tr>


22

<tr> <td> <input type="password" placeholder="Re-enter Password" name="pw2" required/> </td> </tr> <tr><td id="rules">(Should be atleast 8 characters long)</td><td id="warnings"><?php echo $e1; ?></td></tr> <tr><td colspan="2" align="center"><input type="submit" name="pwupdate" value="UPDATE"/></td></tr> </table> </form> </center> </body> </html>


23

7: PAGES AT A GLANCE


24

8: REFERENCES

− Contents of the introduction were taken from Wikipedia (http://www.wikipedia.org) − Notepad++ was used for coding − Wamp server was used for testing the module − MySQL for database management

http://www.wikipedia.org/

user authentication module using php

Engineering