Logo
  • PHP
    • HipHop / HHVM
    • Modern PHP
    • PHPStorm
    • LAMP
    • Laravel
    • Composer
    • PDO
  • JavaScript
    • node.js
    • AngularJS
  • CSS
    • SASS
    • “CSS4” (CSS level 4)
  • HTML
  • Git
  • LAMP
  • Vagrant
  • UI / UX
  • Architecture of …
  • Off-Topic
With ♥ from Berlin
August 25, 2013
Chris
Linux, Login, PHP, php-login project
19

How to install php-login-minimal on Ubuntu 12.04 LTS

PreviousNext
the-php-login-project

In this article I’ll show you how to install the minimal version of the php-login.net‘s login script (see the GitHub repo here) on a standard Ubuntu server – in a very short and a very detailed way.

 

THE VERY SHORT TUTORIAL:

If you prefer a short tutorial, do it like this: First, make sure you have PHP 5.3.7+ and MySQL 5 running! Then copy the content of the php-login-minimal folder to your server’s web root (or whereever you want to have it) and perform the SQL statements from within both files in the “_installation” folder on your MySQL database (usually via PHPMyAdmin or on the mysql command line). Open the config/db.php file and change the database user and the password where it says “DB_USER” and “DB_PASS“. Your app is now running.

 

THE VERY DETAILED TUTORIAL:

THE BASIC REQUIREMENTS:

  1. A server, in this tutorial we’ll use Ubuntu 12.04 LTS as the operation system.
  2. Apache installed on the server.
  3. PHP 5.3.7 or higher installed on the server (this includes PHP 5.4+ and PHP 5.5+). PHP introduced some hashing algorithms (that are used in this script) in version 5.3.7, so you definitely need this. This tutorial will show you how to check your PHP version and how to upgrade PHP.
  4. MySQL 5 or higher installed on the server. This tutorial will show you how to check and eventually install MySQL if it’s not done already.
  5. You should be able to access your server via SSH.
  6. You should know the basics of how a server works, how to login via SSH, how to use the linux command line and how to copy files to your server.

 

THE FURTHER REQUIREMENTS:
Find out which version of PHP your server runs

Create a file called phpinfo.php on your local computer and put the following stuff in there:

<?php
phpinfo();

The function phpinfo(); shows the entire configuration and settings of PHP, so it’s perfect for inspecting and finding out what your installed version of PHP can do and what not. I think it’s a good idea to create such an phpinfo.php on every new server you set up.

Copy the file to your server’s web root folder, usually /var/www/ ! For easily accessing a server via SSH in Windows 7/8 I can recommend WinSCP and Putty. WinSCP let’s you log in via your SSH credentials (username and password OR via SSH key file) and look at your server like in a FTP tool while Putty is a simple, but effective command-line tool. WinSCP will automatically open Putty (already connected to your server) when you log in.

When you have moved the phpinfo.php file to your web root, open your browser and go to

http://www.yourdomain.com/phpinfo.php

You’ll see something like this:

check for correct php version, must be PHP 5.3.7 or higher

Is your PHP version 5.3.7 or higher ? Fine, then let’s go on ! If not, then you are using a very old version of PHP that should be updated instantly.

By the way, you can also find out your installed PHP version by doing this on the linux command line (but we did it the above way to check if your server displays php files correctly ;)

php -v

 

THE FURTHER REQUIREMENTS:
Update the PHP version (if older than 5.3.7)

Updating PHP is a big topic, so let’s do it the quick way. To update PHP, log into your server and do this on the command line (or “shell” or “bash”, whatever you call it):

sudo apt-get update

to let your system (beside some other stuff) check for updateable software, then do this to upgrade PHP:

sudo apt-get --only-upgrade install php5

After this is done, restart the Apache server with:

sudo service apache2 restart

Now check the installed version of PHP with a simple:

php -v

Is it 5.3.7 or higher now ? Perfect ! If not, then you should contact your server provider, hoster etc. and ask for an update or simply get a modern server somewhere else. It’s 2014, ladies, and the 5.3 branch of PHP has officially reached the End of Life, which means no more updates for this branch. Seriously, there is really no good reason to use a 3+ years dead version of PHP.

 

THE FURTHER REQUIREMENTS:
Install MySQL server (if not installed)

This version of the login script needs a MySQL database, so let’s check if MySQL 5.1 or higher is installed. Have a look into your phpinfo.php output screen and search for the mysqli [the last character is an “i” !] block. It should look like this (the version number is not important right now, usually it will be 5.1, 5.5 or 5.6):

check if mysqli is installed

Everything there ? Wonderful! If not, then we have to install MySQL right now: Do

sudo apt-get upgrade

and

sudo apt-get install mysql-server php5-mysql

to install the MySQL server. You’ll be asked for a new password: Choose wisely, choose strong ! By the way: There seem to be problems with VERY long passwords and passwords that use exotic characters, so you should not overcomplicate things.

To activate everything, restart the Apache server:

sudo service apache2 restart

To prove everything is installed correctly, reload your phpinfo.php screen and have a look. You should find a mysqli info block that looks like the picture above !

 

THE FURTHER REQUIREMENTS:
Install PHPMyAdmin (for easy database handling)

Handling databases is a complex and error-prone thing, so why not using the standard PHP/MySQL-database administration tool ? PHPMyAdmin is my weapon of choice, so let’s install it via these commands (the “update” is only necessary when ubuntu doesn’t find an installable version of phpmyadmin, this happens sometimes on fresh servers):

sudo apt-get upgrade
sudo apt-get install phpmyadmin

You’ll be asked for the MySQL password you have provided in the last step. In a professional application it’s not good to log into phpmyadmin with THIS user/password, and in general it’s a bad idea to have phpmyadmin running on a live server (as it makes attackers’s life much easier), but for this installation tutorial it might be totally okay. You can log into PHPMyAdmin then on:

http://www.mydomain.com/phpmyadmin

Log in with “root” and the password you have given.

 

THE INSTALLATION PROCESS:
Change the database password

Edit your config/db.php and put in your database user (in your case probably “root”) and the password.

 

THE INSTALLATION PROCESS:
Copy the script to your server

This step is easy: Delete the phpinfo.php from your server (as it is not necessary anymore and will give potential attackers informations about your server) and copy the contents of the php-login-minimal folder to your web root, usually /var/www/. This folder should now look like (screenshot from WinSCP):

how your root folder should look like after copying the php-login script to your server

 

THE INSTALLATION PROCESS:
Creating the database

Log into PHPMyAdmin:

http://www.yourdomain.com/phpmyadmin

and create a database called “login” with the SQL statement in “_installation/01-create-database.sql“, then do the same with the file “_installation/02-create-and-fill-users-table.sql” to create the user-table. It’s also possible to import the files. The PHPMyAdmin user interface is quite self-explaining, so this should not be a problem.

The script is now ready to go under your web address:

http://www.yourdomain.com/

 

SOME WORDS ABOUT LOCAL & REMOTE DEVELOPMENT

It’s always a good decision to develop LOCALLY, which means directly on your own computer, or even better, within a virtual machine hosted on your system. Usually, developing on a live server on the web might be critial, because your tools might have no or weak passwords, your app is in development and therefore attackable, or simply because you just mistyped a bash command and your server now tries to download the entire web.

When developing locally, you could install PHP, MySQL etc by hand or use a pre-combined and pre-configured easy-to-handle development bundle, like Ampps [Win, Mac], EasyPHP [Win], WampServer [Win], SecureWAMP [Win] or even Xampp [Win, Mac, Linux].

—

Please note: Comments are closed!: Sorry, but I had to remove / deactivate the comments in this and other articles as lots of idiots and trolls commented with masterpieces a la “script is shit does not work plz help”, “does not work on android”, “you must change X to Y”, “explain to me” etc. without realizing what this script is, why there’s a readme and several tutorials and lots of commented code and what free-time open-source scripts in general are. It’s disturbing that people build their entire businesses on top of totally free software, written by unpaid volunteers in their free-time, and then they still complain and treat the autors like shit.

This article was written quite a while ago (10 years), please keep this in mind when using the information written here. Links, code and commands might be outdated or broken.

Random articles

  • [Link] Set up Nginx with PHP 5.5 easily[Link] Set up Nginx with PHP 5.5 easily
  • How to install php-login-one-file on Ubuntu 12.04 LTSHow to install php-login-one-file on Ubuntu 12.04 LTS
  • PHPStorm: 42 Tips and Tricks (47min video talk by Mikhail Vink at Dutch PHP Conference 2015)PHPStorm: 42 Tips and Tricks (47min video talk by Mikhail Vink at Dutch PHP Conference 2015)
  • What’s new in PHPStorm 9What’s new in PHPStorm 9
  • Experimenting with HHVM at Etsy (Link)Experimenting with HHVM at Etsy (Link)
  • Dangerous Performance Myths in the Web (video talk by Thomas Lohner, PHPUG Latvia)Dangerous Performance Myths in the Web (video talk by Thomas Lohner, PHPUG Latvia)
  • Install MINI in 30 seconds inside Ubuntu 14.04 LTSInstall MINI in 30 seconds inside Ubuntu 14.04 LTS
  • MINI2, an extremely simple barebone PHP application on top of SlimMINI2, an extremely simple barebone PHP application on top of Slim
  • MINI, an extremely simple barebone PHP applicationMINI, an extremely simple barebone PHP application
minimalpassword hashingPHPtutorial
Share this

19 Comments

  • Philip
    December 4, 2013 6:39 pm

    Hey Chris,

    great script. got it setup easily and it works great.

    i am planning to implement this in a webapp i am creating for a final project. my question: is there a way to redirect the user to certain pages depending on the username? for example if the username is admin, he/she is redirected to the admin page. if the username is let’s say bob, he/she is redirected to a page built specifically for him/her. if so, how could i do it? and which page would i put the code in?

  • amit
    November 10, 2013 8:25 am

    HI! Thank you for the script. Worked like a charm. However i have one query. I could not find out piece of code is generating the log in form, as i would like to put it in custom html. I am using 1-minimal script.

  • Vishal
    October 6, 2013 7:19 pm

    Nice script and very well written and explained. I have recently started learning PHP so please excuse me if its a naive question for you to answer. I hope can you please explain me the logic what is achieved in the piece of code in libraries/password_compatibility_library ->function password_verify()?

    for ($i = 0; $i < strlen($ret); $i++) {

    $status |= (ord($ret[$i]) ^ ord($hash[$i]));

    }

  • Marius
    September 27, 2013 7:56 am

    Thank you, Chris, for this awesome script. It works as expected. However, I want to ask you if there is a way to disable or remove the registration link from the login page. I think the login form is created on-the-fly, because I didn’t find it anywhere.
    I hope you will find the time to answer. Thank you again.

    • Marius
      September 27, 2013 11:32 am

      Never mind.I was stupid. I found it. views/not_logged_in.php.

  • Warren
    September 18, 2013 9:23 pm

    im getting a connection error for some reason, please see here http://www.canyon.tv , when i check the login credentials they are correct. Please can you take a look and email me to let me know what I am doing wrong?

  • Dan
    September 15, 2013 12:15 pm

    Great script, however I seem to have the same problem as everyone else below…

    How you do protect a page to ensure that the user is logged in before displaying it? I can’t seem to find the code to include on each page…

  • paul
    September 15, 2013 10:45 am

    Hi i need an answer asap please, if i wanted to protect a page where u had to be logged in to view it, what php code do i add?

  • Prasun Bannerjee
    September 10, 2013 8:02 am

    Have been a blogger and android dev. since long, now planning to dive into php development. So, pretty new here. Have a web app which requires user registration and then a dashboard area. I’m using the minimal version as I do not require much specific functionality. Question is, where to keep the files related to the dashboard area and the further hyperlinks being generated from it for other web app functionality.

    I understand that logged_in.php is the file which I should edit and keep my dashboard area (correct me if I’m wrong) but what to follow for further links being generated from it, say some other page or functionality

    Thanks
    PB

    • Chris
      September 10, 2013 12:35 pm

      Sorry Prasun, I really don’t know what your question is. The script is extremely simple and self-explaining. Simple login system, with the simple possibility to show a page when logged in and another page when not logged in (plus registration page). I don’t know what you mean by “Dashboard Area” or “further hyperlinks”, but maybe this script is not what you are searching for.

      • Prasun Bannerjee
        September 10, 2013 1:11 pm

        That was pretty silly of me (as I said I am new to php), I got it solved within few minutes of asking the question. Thanks and sory for the inconvenience.
        Cheers
        PB

  • Jan G. Laursen
    September 8, 2013 1:09 pm

    I’m new to PHP and need a little guidance.
    Don’t I need to put some code into the php-files I want to protect?

    /Jan

    • Chris
      September 8, 2013 8:46 pm

      If you are totally new to PHP, then please don’t use this script. This script is extremely simple and here we have an extremely detailed tutorial. When you have problems using this, then you might not have the minimum requirements to build a safe web application. Please have a look on other frameworks that might be a better fit for your situation: http://jonathanmh.com/best-php-mvc-frameworks-of-2013/

    • Chris
      September 8, 2013 9:18 pm

      Hey Jan, this script gives a login system, that is useful if you need a site that offers user the possibility to create accounts etc.! What you probably need (I’m not sure if I understand your question) is a simply page password protection. This script here might be totally overdozed for your situation.

      • Marius
        September 26, 2013 10:52 pm

        He wants to say that if he enters in the browser the full path to a page he wants to protect, the page loads whether he is logged in or not. Ex: successful login loads page “welcome.php”. But if I am not logged at all and if I enter in browser’s address bar: http://www.mysite.com/welcome.php the page loads. Some session script needs to be put in welcome.php page to check if the user is logged in or not.

    • Marius
      September 27, 2013 7:02 am

      Before anything on that page you have to put a code to check if the session not exists, e.g:

      • Marius
        September 27, 2013 7:08 am

        The code was stripped out for security reasons, so I put a picture with the code. Hope it helps.

        • Chris
          September 27, 2013 11:11 am

          Hello Marius, that’s basically correct, but goes totally into a wrong direction, as the script is not built like that. In today’s php applications usually are built using ONE index.php that handles everything. If you don’t want/can use it like that, then please simply have a look into the 2-advanced version that uses multiple php files in the root folder, that’s exactly what you are asking for.

php

How to install/setup latest version of PHP 5.5 on Debian Wheezy 7.0/7.1/7.2 (and how to fix the GPG key error)

Please note: This works fine. But this package will also upgrade your apache to version 2.4 which has different config

vagrant

How to setup a local server (in a virtual machine) with Vagrant in PHPStorm

This is part 1 of a series on How to get a modern workflow in PHP development. Part 2 is

php

How to install the mcrypt php extension (to use Laravel 4)

When installing Laravel 4 on a fresh Ubuntu or Debian system, you’ll probably get this error message: “Laravel requires the

phpstorm 7.0 php

How to debug code on a remote server (or in vagrant box) with PHPStorm

Please also note: There are several methods to do remote debugging. This is the one that works without any browser

Compare 250+ cloud server plans with Cloud Cost Calculator

How cool is that ? The Cloud Cost Calculator compares more than 250 cloud server plans of Amazon, Rackspace, DigitalOcean,

bitdeli git github stats

Get visitor stats for your GitHub repo with BitDeli

GitHub is the definitive #1 “hoster” for git repositories, no question. And this highly sympathic company has made version control

php uk conference

PHP Caching Best Practices by Eli White (video from PHP UK Conference 2014)

The title says it all: PHP Caching best practices. This article was written quite a while ago (9 years), please

php

[Link] How to create, read, update and delete (CRUD) with PDO, MySQLi and MySQL the right way (prepared statements)

Mike Dalisay has written an excellent tutorial on the CORRECT USAGE of basic CRUD functions (create, read, update, delete) with

php

How to use the PHP 5.5 password hashing functions

PHP 5.5 introduced some very interesting password hashing functions that will make your life much much easier, the web much

php

Postmodern PHP: appserver.io, a multithreaded application server for PHP, written in PHP

There’s a lot of very interesting stuff going on in the PHP scene right now, I have the feeling this

1/4

Categories

Search

Berlin, prepare for TOA conference (15th – 17th of July)
Soundcloud’s “VP of Engineering” about using SSDs
[Link] Improving Smashing Magazine’s Performance: A Case Study
A quick history of Comic Sans, the most wrongly used font ever
Ghost
[FREE SERVER PROMO] Install GHOST for free on a free SSD server with this coupon
Microsoft announces “holographic” 3D interfaces (promo video)
windows-xp-eol
Windows XP is officially dead from today. Do you know people still using it ? Punch them.
laracon-2014-eu-amsterdam
Laracon 2013 – Kapil Verma: Engineering Complex Applications with Laravel 4 (40min video)
vagrant
How to setup a local server (in a virtual machine) with Vagrant in PHPStorm
The New Era of JavaScript (28min conference talk, Jack Franklin, 2013)
Support FLARUM, the future of PHP forum scripts (with some dollars on Kickstarter)
php
New GitHub repo: simple php-long-polling for creating real-time apps
php
[Link] Excellent PHP best practices, 2014 style
vagrant
A preinstalled Vagrant box with PHP HipHop / HHVM and Ubuntu 13.10 (Saucy Salamander)
phpstorm-8
Ignore .idea folder from git in PHPStorm

Tags

apache bash centos composer conference coupon CSS debian fonts framework git GitHub hack HHVM HipHop HTML HTML5 IDE JavaScript JS LAMP laravel linux mod_rewrite MVC MySQL Nginx optimization PHP PHP 5.5 PHP 5.6 phpmyadmin PHPStorm security server SSD Ubuntu UI UX vagrant video virtual machine voucher VPS wordpress
Side-Project: Wordle-Solver:
www.wordle-helper.info

Pages

  • Privacy Policy
 
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT