How to install php-login-minimal on Ubuntu 12.04 LTS
In this article I’ll show you how to install the minimal version of the php-login.net‘s login script (see the GitHub repo here) on a standard Ubuntu server – in a very short and a very detailed way.
THE VERY SHORT TUTORIAL:
If you prefer a short tutorial, do it like this: First, make sure you have PHP 5.3.7+ and MySQL 5 running! Then copy the content of the php-login-minimal folder to your server’s web root (or whereever you want to have it) and perform the SQL statements from within both files in the “_installation” folder on your MySQL database (usually via PHPMyAdmin or on the mysql command line). Open the config/db.php file and change the database user and the password where it says “DB_USER” and “DB_PASS“. Your app is now running.
THE VERY DETAILED TUTORIAL:
THE BASIC REQUIREMENTS:
- A server, in this tutorial we’ll use Ubuntu 12.04 LTS as the operation system.
- Apache installed on the server.
- PHP 5.3.7 or higher installed on the server (this includes PHP 5.4+ and PHP 5.5+). PHP introduced some hashing algorithms (that are used in this script) in version 5.3.7, so you definitely need this. This tutorial will show you how to check your PHP version and how to upgrade PHP.
- MySQL 5 or higher installed on the server. This tutorial will show you how to check and eventually install MySQL if it’s not done already.
- You should be able to access your server via SSH.
- You should know the basics of how a server works, how to login via SSH, how to use the linux command line and how to copy files to your server.
THE FURTHER REQUIREMENTS:
Find out which version of PHP your server runs
Create a file called phpinfo.php on your local computer and put the following stuff in there:
<?php phpinfo();
The function phpinfo(); shows the entire configuration and settings of PHP, so it’s perfect for inspecting and finding out what your installed version of PHP can do and what not. I think it’s a good idea to create such an phpinfo.php on every new server you set up.
Copy the file to your server’s web root folder, usually /var/www/ ! For easily accessing a server via SSH in Windows 7/8 I can recommend WinSCP and Putty. WinSCP let’s you log in via your SSH credentials (username and password OR via SSH key file) and look at your server like in a FTP tool while Putty is a simple, but effective command-line tool. WinSCP will automatically open Putty (already connected to your server) when you log in.
When you have moved the phpinfo.php file to your web root, open your browser and go to
http://www.yourdomain.com/phpinfo.php
You’ll see something like this:
Is your PHP version 5.3.7 or higher ? Fine, then let’s go on ! If not, then you are using a very old version of PHP that should be updated instantly.
By the way, you can also find out your installed PHP version by doing this on the linux command line (but we did it the above way to check if your server displays php files correctly ;)
php -v
THE FURTHER REQUIREMENTS:
Update the PHP version (if older than 5.3.7)
Updating PHP is a big topic, so let’s do it the quick way. To update PHP, log into your server and do this on the command line (or “shell” or “bash”, whatever you call it):
sudo apt-get update
to let your system (beside some other stuff) check for updateable software, then do this to upgrade PHP:
sudo apt-get --only-upgrade install php5
After this is done, restart the Apache server with:
sudo service apache2 restart
Now check the installed version of PHP with a simple:
php -v
Is it 5.3.7 or higher now ? Perfect ! If not, then you should contact your server provider, hoster etc. and ask for an update or simply get a modern server somewhere else. It’s 2014, ladies, and the 5.3 branch of PHP has officially reached the End of Life, which means no more updates for this branch. Seriously, there is really no good reason to use a 3+ years dead version of PHP.
THE FURTHER REQUIREMENTS:
Install MySQL server (if not installed)
This version of the login script needs a MySQL database, so let’s check if MySQL 5.1 or higher is installed. Have a look into your phpinfo.php output screen and search for the mysqli [the last character is an “i” !] block. It should look like this (the version number is not important right now, usually it will be 5.1, 5.5 or 5.6):
Everything there ? Wonderful! If not, then we have to install MySQL right now: Do
sudo apt-get upgrade
and
sudo apt-get install mysql-server php5-mysql
to install the MySQL server. You’ll be asked for a new password: Choose wisely, choose strong ! By the way: There seem to be problems with VERY long passwords and passwords that use exotic characters, so you should not overcomplicate things.
To activate everything, restart the Apache server:
sudo service apache2 restart
To prove everything is installed correctly, reload your phpinfo.php screen and have a look. You should find a mysqli info block that looks like the picture above !
THE FURTHER REQUIREMENTS:
Install PHPMyAdmin (for easy database handling)
Handling databases is a complex and error-prone thing, so why not using the standard PHP/MySQL-database administration tool ? PHPMyAdmin is my weapon of choice, so let’s install it via these commands (the “update” is only necessary when ubuntu doesn’t find an installable version of phpmyadmin, this happens sometimes on fresh servers):
sudo apt-get upgrade
sudo apt-get install phpmyadmin
You’ll be asked for the MySQL password you have provided in the last step. In a professional application it’s not good to log into phpmyadmin with THIS user/password, and in general it’s a bad idea to have phpmyadmin running on a live server (as it makes attackers’s life much easier), but for this installation tutorial it might be totally okay. You can log into PHPMyAdmin then on:
http://www.mydomain.com/phpmyadmin
Log in with “root” and the password you have given.
THE INSTALLATION PROCESS:
Change the database password
Edit your config/db.php and put in your database user (in your case probably “root”) and the password.
THE INSTALLATION PROCESS:
Copy the script to your server
This step is easy: Delete the phpinfo.php from your server (as it is not necessary anymore and will give potential attackers informations about your server) and copy the contents of the php-login-minimal folder to your web root, usually /var/www/. This folder should now look like (screenshot from WinSCP):
THE INSTALLATION PROCESS:
Creating the database
Log into PHPMyAdmin:
http://www.yourdomain.com/phpmyadmin
and create a database called “login” with the SQL statement in “_installation/01-create-database.sql“, then do the same with the file “_installation/02-create-and-fill-users-table.sql” to create the user-table. It’s also possible to import the files. The PHPMyAdmin user interface is quite self-explaining, so this should not be a problem.
The script is now ready to go under your web address:
http://www.yourdomain.com/
SOME WORDS ABOUT LOCAL & REMOTE DEVELOPMENT
It’s always a good decision to develop LOCALLY, which means directly on your own computer, or even better, within a virtual machine hosted on your system. Usually, developing on a live server on the web might be critial, because your tools might have no or weak passwords, your app is in development and therefore attackable, or simply because you just mistyped a bash command and your server now tries to download the entire web.
When developing locally, you could install PHP, MySQL etc by hand or use a pre-combined and pre-configured easy-to-handle development bundle, like Ampps [Win, Mac], EasyPHP [Win], WampServer [Win], SecureWAMP [Win] or even Xampp [Win, Mac, Linux].
—
Please note: Comments are closed!: Sorry, but I had to remove / deactivate the comments in this and other articles as lots of idiots and trolls commented with masterpieces a la “script is shit does not work plz help”, “does not work on android”, “you must change X to Y”, “explain to me” etc. without realizing what this script is, why there’s a readme and several tutorials and lots of commented code and what free-time open-source scripts in general are. It’s disturbing that people build their entire businesses on top of totally free software, written by unpaid volunteers in their free-time, and then they still complain and treat the autors like shit.
Random articles
![[Link] Set up Nginx with PHP 5.5 easily](https://www.dev-metal.com/wp-content/uploads/2014/02/nginx-1-100x100.jpg)
[Link] Set up Nginx with PHP 5.5 easily
How to install php-login-one-file on Ubuntu 12.04 LTS
PHPStorm: 42 Tips and Tricks (47min video talk by Mikhail Vink at Dutch PHP Conference 2015)
What’s new in PHPStorm 9
Experimenting with HHVM at Etsy (Link)
Dangerous Performance Myths in the Web (video talk by Thomas Lohner, PHPUG Latvia)
Install MINI in 30 seconds inside Ubuntu 14.04 LTS- MINI2, an extremely simple barebone PHP application on top of Slim
- MINI, an extremely simple barebone PHP application
Hey Chris,
great script. got it setup easily and it works great.
i am planning to implement this in a webapp i am creating for a final project. my question: is there a way to redirect the user to certain pages depending on the username? for example if the username is admin, he/she is redirected to the admin page. if the username is let’s say bob, he/she is redirected to a page built specifically for him/her. if so, how could i do it? and which page would i put the code in?
HI! Thank you for the script. Worked like a charm. However i have one query. I could not find out piece of code is generating the log in form, as i would like to put it in custom html. I am using 1-minimal script.
Nice script and very well written and explained. I have recently started learning PHP so please excuse me if its a naive question for you to answer. I hope can you please explain me the logic what is achieved in the piece of code in libraries/password_compatibility_library ->function password_verify()?
for ($i = 0; $i < strlen($ret); $i++) {
$status |= (ord($ret[$i]) ^ ord($hash[$i]));
}
Thank you, Chris, for this awesome script. It works as expected. However, I want to ask you if there is a way to disable or remove the registration link from the login page. I think the login form is created on-the-fly, because I didn’t find it anywhere.
I hope you will find the time to answer. Thank you again.
Never mind.I was stupid. I found it. views/not_logged_in.php.
im getting a connection error for some reason, please see here http://www.canyon.tv , when i check the login credentials they are correct. Please can you take a look and email me to let me know what I am doing wrong?
Great script, however I seem to have the same problem as everyone else below…
How you do protect a page to ensure that the user is logged in before displaying it? I can’t seem to find the code to include on each page…
Hi i need an answer asap please, if i wanted to protect a page where u had to be logged in to view it, what php code do i add?
Have been a blogger and android dev. since long, now planning to dive into php development. So, pretty new here. Have a web app which requires user registration and then a dashboard area. I’m using the minimal version as I do not require much specific functionality. Question is, where to keep the files related to the dashboard area and the further hyperlinks being generated from it for other web app functionality.
I understand that logged_in.php is the file which I should edit and keep my dashboard area (correct me if I’m wrong) but what to follow for further links being generated from it, say some other page or functionality
Thanks
PB
Sorry Prasun, I really don’t know what your question is. The script is extremely simple and self-explaining. Simple login system, with the simple possibility to show a page when logged in and another page when not logged in (plus registration page). I don’t know what you mean by “Dashboard Area” or “further hyperlinks”, but maybe this script is not what you are searching for.
That was pretty silly of me (as I said I am new to php), I got it solved within few minutes of asking the question. Thanks and sory for the inconvenience.
Cheers
PB
I’m new to PHP and need a little guidance.
Don’t I need to put some code into the php-files I want to protect?
/Jan
If you are totally new to PHP, then please don’t use this script. This script is extremely simple and here we have an extremely detailed tutorial. When you have problems using this, then you might not have the minimum requirements to build a safe web application. Please have a look on other frameworks that might be a better fit for your situation: http://jonathanmh.com/best-php-mvc-frameworks-of-2013/
Hey Jan, this script gives a login system, that is useful if you need a site that offers user the possibility to create accounts etc.! What you probably need (I’m not sure if I understand your question) is a simply page password protection. This script here might be totally overdozed for your situation.
He wants to say that if he enters in the browser the full path to a page he wants to protect, the page loads whether he is logged in or not. Ex: successful login loads page “welcome.php”. But if I am not logged at all and if I enter in browser’s address bar: http://www.mysite.com/welcome.php the page loads. Some session script needs to be put in welcome.php page to check if the user is logged in or not.
Before anything on that page you have to put a code to check if the session not exists, e.g:
The code was stripped out for security reasons, so I put a picture with the code. Hope it helps.
Hello Marius, that’s basically correct, but goes totally into a wrong direction, as the script is not built like that. In today’s php applications usually are built using ONE index.php that handles everything. If you don’t want/can use it like that, then please simply have a look into the 2-advanced version that uses multiple php files in the root folder, that’s exactly what you are asking for.