It looks like you're new here. If you want to get involved, click one of these buttons!
saqib389
BeginnerLink Clerk
<?
session_start();
if (isset($_SESSION['userid']))
{
echo "Hello ".$_SESSION['userid'];
}
else
{
echo "<b>Hello Guest</b>";
?>
<html>
<body>
<h2><center>:: Registration :: </h2></center>
<center>
<table border=1 width=200 height=100 align=center>
<tr><td >
<form action="login.php" method="post">
Username: <input type="text" name="username" size="10"><br>
Password: <input type="password" name="password" size="10"> <br>
<input type="submit" value="submit" name="submit">
<tr><td align=center>
<br>
<a href="register.php">
<font size=3 face=arial>
Register Now</a></font>
</form>
</tr></td>
</tr></td></table>
</center>
<?
}
?>
</html>
</body>
<html>
<body>
<table border=0 width=200 height=100 align=center>
<tr><td>
<h2>:: Registration :: </h2>
<form name="form1" method="post" action="register2.php">
Username: <input type="text" name="username">
<br>
Password: <input type="password" name="password">
<br>
Email Address: <input type="text" name="email">
<br>
About You: <textarea name="biography"></textarea>
<br>
<input type="submit" name="Submit" value="Submit">
<input type="reset" name="Submit2" value="Reset">
</form>
</tr></td></table>
</html>
</body>
<html>
<body>
<?php
// Connect to the database
$server = "localhost";
$dbuser = "dbuser";
$dbpass = "dbpass";
$dbname = "dbnamel";
mysql_connect($server,$dbuser,$dbpass) or die ("Could not establish connection"); // make connection
mysql_select_db($dbname); // select database
// convert posted info to easy to use variables
$user = $_REQUEST['username'];//get username from form
$pass = $_REQUEST['password'];//get password from form
$email = $_REQUEST['email'];// get email from form
$biography = $_REQUEST['biography'];// get biography from form
// strip away any dangerous tags
$user=strip_tags($user);
$pass=strip_tags($pass);
$email=strip_tags($email);
$biography=strip_tags($biography);
// remove spaces from variables
$user=str_replace(" ","",$user);
$pass=str_replace(" ","",$pass);
$email=str_replace(" ","",$email);
// remove escaped spaces
$user=str_replace("%20","",$user);
$pass=str_replace("%20","",$pass);
$email=str_replace("%20","",$email);
// add slashes to stop hacking
$user=addslashes($user);
$pass=addslashes($pass);
$email=addslashes($email);
$biography=addslashes($biography);
// minimum lengths
$minuser_len = 6; //username minimum length
$minpass_len = 6; //password minimum length
if(strlen($user) < $minuser_len || strlen($pass) < $minpass_len)
{
die("User/password was not long enough!");
}
// encrypt users password for security (32 chars random)
$pass=md5($pass);
// create the SQL query to be executed
$request = "INSERT INTO `users` ( `userid` , `username` , `password` , `email` , `biography`)
VALUES (
'', '$user', '$pass', '$email', '$biography');";
// execute the query
$result = mysql_query($request);
// check if succesful registration(currently disabled)
if($result){
echo "Registration was succesful";
?>
<a href="index.php">
:: HOME :: </a>
<?}
else {
echo "Registration failed";
}
?>
</body>
</html>
<?php
// Connect to the database
$server = "localhost";
$dbuser = "dbuser";
$dbpass = "dbpass";
$dbname = "dbname";
mysql_connect($server,$dbuser,$dbpass) or die ("Could not establish connection"); // make connection
mysql_select_db($dbname); // select database
// convert posted info to easy to use variables
$user = $_REQUEST['username'];
$pass = $_REQUEST['password'];
// strip away any dangerous tags
$user=strip_tags($user);
$pass=strip_tags($pass);
// remove spaces from variables
$user=str_replace(" ","",$user);
$pass=str_replace(" ","",$pass);
// remove escaped spaces
$user=str_replace("%20","",$user);
$pass=str_replace("%20","",$pass);
// add slashes to stop hacking
$user=addslashes($user);
$pass=addslashes($pass);
// encrypt password into md5 (random 32 characters)
$pass=md5($pass);
// search database to check for user
$request = "SELECT * FROM users WHERE password='".$pass."' AND username='".$user."'";
// hand over the request
$results = mysql_query($request);
// if mysql returns any number of rows great than 0 then there is a succesful login
if(mysql_num_rows($results))
{
// get users id
$getid = "SELECT * FROM users WHERE username='".$user."' LIMIT 1";
$getidexec = mysql_query($getid);
while($r=mysql_fetch_array($getidexec)){
$userid = $r[userid];
}
// set a cookie
session_start();
$_SESSION['userid']=$_POST['username'];
//setcookie( "userid", "$userid", time()+3600, "/", "", 0 );
echo "User Logged in.<br><br><a href=\"index.php\">Continue...</a>";
}
else // only happens if not a succesful username and password match
{
// login failed so display error message and kill script
die("Username and passwords do not match our records");
}
?>
Comments
1. Create the column 'active' in the users table.
2. When a user registers set their value of active to 0 and then send the user an email... In the email is a link with something like activate.php?id=x where X is their userid.
3. When clicked the activate.php sript updates the 0 and changes it to a 1.
4. When logging in the login script checks to see if its a 1 or a 0 in the active fields. If a 1 then it means they have activated if not then they havent.
To check if a user has already registered heres the steps...
1. Do a query searching for that username...
[PHP]$result = mysql_query("SELECT * FROM `table_name` WHERE `username` = '".$_POST[username]."'");
if(mysql_num_rows($result))
{
die("Username taken");
}[/PHP]
Basically if the $result query returns a result then it means that there is already a user with that username...
The Royal Ram