Updated portions at the bottom as of May 23, 2005
Well, this is going to be one of my longest tutorials here so please be patient while reading and be sure to read this all the way through as it is all important. If you just skp to the end like I have on several occasions, chances are you will not completely understand what is happening.
QUOTE("Quick edit as of June 08 @ 2006 - Please Read") Note: If I remember correctly, I copied this tutorial from a word document that I wrote to save time. Quotes change to slanted like quotes that may cause parse errors when you try to run it. Also, this code is just a tutorial showing you how a simple login system works. It is not secure and chances are, even with encrypted passwords, users can still easily hack it without sessions and secured data input. I recommend that if you want a login and registration system for your site, you search for an advanced one on http://www.evolt.com or hot scripts http://www.hotscripts.com.
Test here
There are several files that we will build to make the magic happen. We also need to create the necessary tables in our mysql database since this is where we will store the information.
What we need:
+a registration form
+login form
+backend to registration form
+backend to login form
4 total files.
We are going to start with the easiest files which are the 2 html forms. Since these forms are basic html, I'm not going to explain what is happening.
The first form we are going to make is the registration form. Take out notepad or your favorite text editor (I use Crimson Editor) and before we begin, save this file as registration.html.
We have to make 4 input boxes named: name, email, username & password. Here is my setup:
CODE <form name="login" method="post" action="register.php"> <table border="0" width="225" align="center"> <tr> <td width="219" bgcolor="#999999"> <p align="center"><font color="white"><span style="font-size:12pt;"><b>Registration</b></span></font></p> </td> </tr> <tr> <td width="219"> <table border="0" width="282" align="center"> <tr> <td width="116"><span style="font-size:10pt;">Name:</span></td> <td width="156"><input type="text" name="name" maxlength="100"></td> </tr> <tr> <td width="116"><span style="font-size:10pt;">Email:</span></td> <td width="156"><input type="text" name="email" maxlength="100"></td> </tr> <tr> <td width="116"><span style="font-size:10pt;">Username:</span></td> <td width="156"><input type="text" name="username"></td> </tr> <tr> <td width="116"><span style="font-size:10pt;">Password:</span></td> <td width="156"><input type="password" name="password"></td> </tr> <tr> <td width="116"> </td> <td width="156"> <p align="right"><input type="submit" name="submit" value="Submit"></p> </td> </tr> </table> </td> </tr> <tr> <td width="219" bgcolor="#999999"> </td> </tr> </table> </form>
Now, create a new file and name this login.html. Only 2 input boxes are needed here: username & password.
CODE <form name="login" method="post" action="login.php"> <table border="0" width="225" align="center"> <tr> <td width="219" bgcolor="#999999"> <p align="center"><font color="white"><span style="font-size:12pt;"><b>Login</b></span></font></p> </td> </tr> <tr> <td width="219"> <table border="0" width="220" align="center"> <tr> <td width="71"><span style="font-size:10pt;">Username:</span></td> <td width="139"><input type="text" name="username"></td> </tr> <tr> <td width="71"><span style="font-size:10pt;">Password:</span></td> <td width="139"><input type="password" name="password"></td> </tr> <tr> <td width="71"> </td> <td width="139"> <p align="right"><input type="submit" name="submit" value="Submit"></p> </td> </tr> </table> </td> </tr> <tr> <td width="219" bgcolor="#999999"><font color="white">Not Registered? </font><a href="register.html" target="_self"><font color="white">Register</font></a><font color="white"> </font><b><i><font color="white">Now!</font></i></b></td> </tr> </table> </form>
We are now done with the forms. Before we start backend coding this, we need to set up the tables within our database which will be userid, name, email, username, & password. You can execute this line of code:
CODE
CREATE TABLE users (
userid int(25) NOT NULL auto_increment,
name varchar(25) NOT NULL default '',
email varchar(255) NOT NULL default '',
username varchar(25) NOT NULL default '',
password varchar(255) NOT NULL default '',
PRIMARY KEY (userid),
UNIQUE KEY username (username)
) TYPE=MyISAM COMMENT='Members';
The next file we are going to create is the registration.php file. This file will enable us to store all the data that’s entered in the registration.html file in our database. So, create a new file called registration.php. I’m going to break this code down bit by bit and then paste the full code at the end so that it’s easier for you to understand.
The first thing we will need to do is connect to our database.
CODE
//Database Information
$dbhost = "localhost";
$dbname = "your database name";
$dbuser = "username";
$dbpass = "yourpass";
//Connect to database
mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());
Now that the script can connect to the database, it needs to collect all the information from the html form.
CODE
$name = $_POST['name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = $_POST['password'];
This is all fine and dandy, but the end result is not secure. Anyone who opens up the database can immediately see everyone’s password. So, we need to encrypt it using md5, a method I just learned today by the way. We will need to change the above to:
CODE
$name = $_POST['name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = md5($_POST['password']);
What md5 does is generate a random sequence of letters and numbers. So if you enter abcdefg as your password, the result in database will display 7ac66c0f148de9519b8bd264312c4d64. Now no one will be able to view the passwords stored within the database.
The next few lines are very important. They will check the database for existing users and if any are found, the script will stop instantly and ask you to re-enter in your information using another username.
CODE
$checkuser = mysql_query("SELECT username FROM users WHERE username='$username'");
$username_exist = mysql_num_rows($checkuser);
if($username_exist > 0){
echo "I'm sorry but the username you specified has already been taken. Please pick another one.";
unset($username);
include 'register.html';
exit();
}
Now if no errors are present, store the data in our database and tell the user that they have successfully registered.
CODE
$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
mysql_query($query) or die(mysql_error());
mysql_close();
echo "You have successfully Registered";
The final stage in the registration script is to email the user their data. We will use the mail function for this. You will need to edit the yoursite, webmaster and youremail variables below.
CODE
$yoursite = ‘www.blahblah.com’;
$webmaster = ‘yourname’;
$youremail = ‘youremail’;
$subject = "You have successfully registered at $yoursite...";
$message = "Dear $name, you are now registered at our web site.
To login, simply go to our web page and enter in the following details in the login form:
Username: $username
Password: $password
Please print this information out and store it for future reference.
Thanks,
$webmaster";
mail($email, $subject, $message, "From: $yoursite <$youremail>\nX-Mailer:PHP/" . phpversion());
echo "Your information has been mailed to your email address.";
?>
That’s the end of the register.php script!
Now we will create the final file, the login.php file. This will check to see if the user has entered the correct information and then validate them.
Like all the other scripts that grab information from a database, we must first connect to it.
CODE
//Database Information
$dbhost = "localhost";
$dbname = "your database name";
$dbuser = "username";
$dbpass = "yourpass";
//Connect to database
mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());
Now the script needs to start the session, grab the variables from the login form and then check the database to make sure they are correct.
CODE
session_start();
$username = $_POST[‘username’];
$password = md5($_POST[‘password’]);
$query = “select * from users where username=’$username’ and password=’$password’”;
$result = mysql_query($query);
If they don’t match, display the error and the login form again.
CODE
if (mysql_num_rows($result) != 1) {
$error = “Bad Login”;
include “login.html”;
if they do match, begin the session and include the members page.
CODE
} else {
$_SESSION[‘username’] = “$username”;
include “memberspage.php”;
}
?>
That’s it! Now for the full code:
register.php
CODE
<?PHP
//Database Information
$dbhost = "localhost";
$dbname = "your database name";
$dbuser = "username";
$dbpass = "yourpass";
//Connect to database
mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());
$name = $_POST['name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = md5($_POST['password']);
// lets check to see if the username already exists
$checkuser = mysql_query("SELECT username FROM users WHERE username='$username'");
$username_exist = mysql_num_rows($checkuser);
if($username_exist > 0){
echo "I'm sorry but the username you specified has already been taken. Please pick another one.";
unset($username);
include 'register.html';
exit();
}
// lf no errors present with the username
// use a query to insert the data into the database.
$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
mysql_query($query) or die(mysql_error());
mysql_close();
echo "You have successfully Registered";
// mail user their information
$yoursite = ‘www.blahblah.com’;
$webmaster = ‘yourname’;
$youremail = ‘youremail’;
$subject = "You have successfully registered at $yoursite...";
$message = "Dear $name, you are now registered at our web site.
To login, simply go to our web page and enter in the following details in the login form:
Username: $username
Password: $password
Please print this information out and store it for future reference.
Thanks,
$webmaster";
mail($email, $subject, $message, "From: $yoursite <$youremail>\nX-Mailer:PHP/" . phpversion());
echo "Your information has been mailed to your email address.";
?>
login.php
CODE
<?php
//Database Information
$dbhost = "localhost";
$dbname = "your database name";
$dbuser = "username";
$dbpass = "yourpass";
//Connect to database
mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());
session_start();
$username = $_POST[‘username’];
$password = md5($_POST[‘password’]);
$query = “select * from users where username=’$username’ and password=’$password’”;
$result = mysql_query($query);
if (mysql_num_rows($result) != 1) {
$error = “Bad Login”;
include “login.html”;
} else {
$_SESSION[‘username’] = “$username”;
include “memberspage.php”;
}
?>
If you see any errors in the code, please submit them! Otherwise, enjoy your new login and registration system. And thanks to Ali Imran for clearing up some bugs :)
Happy coding!
ADDITIONS
***** Added May 23, 2005 *****
I get questions about how to prevent the user from skipping the login and registration page and going directly to the home page or whatever is called up after the user logs in if they know the address.
To counter this, you have to check for sessions on this page which is fairly simple. Open up the members page, and add this code:
CODE
<?
// members page
session_start();
if ( empty( $username ) ) {
print "Please login below!";
include 'login.html';
} else {
// you can use regular html coding below the ?>
// and before the <?
?>
<html>
<head>
<title>MEMBERS ONLY</title>
</head>
<body>
Your Members Page....
</body>
</html>
<?
?>
What this is saying is, if there is nothing placed in the variable username, include the login page again. Otherwise, if there is something in the variable, display the rest of the page.
================================
Some people have also pmed me about an error with the email sending the password encrypted. I would simply do this:
Store the submitted password in another variable like so:
CODE
$name = $_POST['name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = md5($_POST['password']);
$emailedpass = $_POST['password']; // this was added so the user gets a password gets sent.
Then in the email portion, change the variable $password to $emailedpass like so:
CODE
$message = "Dear $name, you are now registered at our web site.
To login, simply go to our web page and enter in the following details in the login form:
Username: $username
Password: $emailedpass
Please print this information out and store it for future reference.
Thanks,
$webmaster";
*******************************
I will figure out another way how to do this later.
If there are any issues with this, please feel free to post questions here:
http://www.swish-db.com/forum/index.php?sh...topic=15865&hl=
|
