User Registration
> Login
> Logout
> Restrict access to members only
> User Profile
Heres a little break down of what each feature does and what its for:
Quote: User Registration
This allows guests to register a new account. They need to provide a username, password and email address.
Quote: Login
Registered users can login using their username and password which was created when they registered an account.
Quote: Logout
Allow a person who is logged in to logout. This will stop people from accessing their account afterwards.
Quote: Restrict Access
This will allow you to offer certain content to registered users only so guests cannot see it.
User Profile - A profile which contains information about that user. Other people can view other peoples profiles.[/QUOTE]
There you go. The introduction is over and done with so now lets start creating the script itself. The first part is to deal with the database.
Working With The Database
All of the members information will be stored within a MySQL database. PHP works perfectly with MySQL therefore it is fairly simple for them to work with eachother. First of all you will need a database, prefferably empty although it doesnt have to be. If you dont already have a MySQL database available then you will need to get one. Contact your web host if you are unsure what to do or post your questions in our support forum if you need help. For this tutorial I will be using a database called accounts.
Once you have got your database ready you now need to create the tables for it. You will only need one table to hold the members information. Here is the SQL query which will create that table. You need to copy and paste this into phpMyAdmin or if you prefer create the table manually with phpMyAdmin.
Code
CREATE TABLE `users` (
`userid` INT( 11 ) NOT NULL AUTO_INCREMENT ,
`username` VARCHAR( 255 ) NOT NULL ,
`password` VARCHAR( 32 ) NOT NULL ,
`email` VARCHAR( 255 ) NOT NULL ,
`biography` TEXT NOT NULL ,
PRIMARY KEY ( `userid` )
);
That will create a table called 'users' which has got the the following columns:
Quote
userid - Conatins a unique user id
username - Contains the username
password - Contains an encrypted password 32 characters in length for increased security
email - Contains the users email address
biography - Contains a little personal biography of the user
Thats it for the database. The next step is to start coding the script itself.
User Registration
The main part of this script is to allow guests of your site to sign up for an account without the need of someone manually adding their details to a database. To do this we need to create a register.php script. This will take information submitted from a form and insert it into the MySQL database. So to begin with, lets get that form created.
Save the above as signup.html
Basically all it is is a HTML form which submits the information to register.php. The file register.php is the file which will insert the submitted information into the database and in the process will hash the password. Hashing the password will turn the original password into a random set of 32 characters. The hashing method that we will be using is md5 which is considered to be very secure.
The next step is to create register.php itself. Here is the code. It has been commented step by step to explain what is happening.
Code
<?php
// Connect to the database
$server = "localhost";
$dbuser = "dbusername";
$dbpass = "dbpass";
$dbname = "dbname";
mysql_connect($server,$dbuser,$dbpass) or die ("Could not establish connection"); // make connection
mysql_select_db($dbname); // select database
// convert posted info to easy to use variables
$user = $_REQUEST;//get username from form
$pass = $_REQUEST;//get password from form
$email = $_REQUEST;// get email from form
$biography = $_REQUEST;// get biography from form
// strip away any dangerous tags
$user=strip_tags($user);
$pass=strip_tags($pass);
$email=strip_tags($email);
$biography=strip_tags($biography);
if(strlen($user) < $minuser_len || strlen($pass) < $minpass_len)
{
die("User/password was not long enough!");
}
// hash users password for security (32 chars random - md5)
$pass=md5($pass);
// create the SQL query to be executed
$request = "INSERT INTO `users` ( `userid` , `username` , `password` , `email` , `biography`) VALUES ('', '$user', '$pass', '$email', '$biography');";
// execute the query
$result = mysql_query($request);
// check if succesful registration
if($result){
echo "Registration was succesful";
} else {
echo "Registration failed";
}
?>
In the above code at the start you will need to replace the mysql connection details with whatever your details are. This is reffering to the server, which is usually localhost so it can therefore be left alone, the database username, database password and the actual database name. One thing I need to point out to you which is a fairly obvious mistake that a lot of people do: Notice when we take away spaces and escaped spaces from the variables - we do not do this for the $biography variable. This is because we want to allow them to be able to use spaces to seperate words - obviously
The above code will insert the users posted information into the database table called users which we created a bit earlier. If the registration is succesful then it will say so, if not then it will say that the registration failed. The next step is to create the login section where users will be able to enter their username and password.
Create The Login
Firtly we need a HTML form. This form contains two fields. Username and password. The form action is login.php - login.php is the file which will process the login by comparing the submitted username and password combination to the database to see if there are any matches. The login form:
Thats the login form sorted. The next step is to create the login.php file which is the action file for the above form.
This will work by getting the username and password submitted by the user at the form, compare them against the details in the database and if there is a match a cookie will be set on the users computer. This cookie will store basic information and will expire in a set amount of time. We use cookies because it means that if the user closes their browser after logging in they dont have to log back in again when they return. If however the cookie has expired past the time limit we set they will have to login again. Here is the code for login.php along with explanations.
Code
<?php
// Connect to the database
$server = "localhost";
$dbuser = "dbusername";
$dbpass = "dbpass";
$dbname = "dbname";
mysql_connect($server,$dbuser,$dbpass) or die ("Could not establish connection"); // make connection
mysql_select_db($dbname); // select database
// convert posted info to easy to use variables
$user = $_REQUEST;
$pass = $_REQUEST;
// strip away any dangerous tags
$user=strip_tags($user);
$pass=strip_tags($pass);
// remove spaces from variables
$user=str_replace(" ","",$user);
$pass=str_replace(" ","",$pass);
// search database to check for user
$request = "SELECT * FROM users WHERE password='".$pass."' AND username='".$user."'";
// hand over the request
$results = mysql_query($request);
// if mysql returns any number of rows great than 0 then there is a succesful login
if(mysql_num_rows($results))
{
// get users id
$getid = "SELECT * FROM users WHERE username='".$user."' LIMIT 1";
$getidexec = mysql_query($getid);
while($r=mysql_fetch_array($getidexec)){
$userid = $r[userid];
}
// set a cookie
setcookie( "userid", "$userid", time()+3600, "/", "", 0 );
echo "User Logged in.<br><br><a href=\"index.php\">Continue...</a>";
}
else // only happens if not a succesful username and password match
{
// login failed so display error message and kill script
die("Username and passwords do not match our records");
}
?>
Again we start off by connecting to the database in the same manner. Then we do some changes to the variables to prevent people hacking your scripts or performing dangerous queries on your database. After that we use md5() function to hash the users password into random 32 characters. We do this because in our register.php we hashed it before inserting it into the database therefore for us to get a match we have to do the same here. If there is a username and password match then we get the users id. This is done so that we can then set a cookie which records that that user has logged in succesfully. Once the cookie is set it displays a link to index.php - this will be our main index file.
And thats it for the login section. The next step is to create index.php.
Creating the homepage
We will use index.php as a basic homepage. All I am going to do is show you how to check to see whether a user is logged in or not. Ill leave it up to you to create the entire index page since this tutorial only needs to teach you the basics of it. Here is the code for index.php
Code
<?php
if (!$_COOKIE){
die("You are not logged in");
}
echo "You are logged in";
?>
The above code is fairly simple and short. It uses an if statement to see if a cookie is there or not. The exclamation mark put before $_COOKIE means it is checking to see if that variable is empty or in otherwords if there is no cookie set.
$_COOKIE is default in PHP therefore you can simply access it and perform operations on it to check for set cookies etc. The above script will stop running if the login isnt succesful. This means that you can place your members only content anywhere after the final }.
Logging Out
The whole point of having a logout link is so that a user can stop anyone else accesing their account on the computer their logged in at. It works by simply resetting the cookie which is set when logging in and setting the expire time to a minus value - meaning it would no longer be valid. Here is the code for logout.php:
Code
<?php
// set a cookie
setcookie( "userid", "0", time()-3600, "/", "", 0 );
?>
The difference this time compared to the cookie we set when the user logged in is that we are setting it to -3600 which means the cookie has already expired and is therefore useless. We also set the cookies value to 0. Previously a userid was set here however because we no longer have a user we simply set it to 0.
Viewing A Profile
One of the great things about communities where users register is that they have the ability to have custom profiles. Other people can then view their profiles and find out information about them. Here is profile.php which will act as the profile page for the members:
Code
<?php
// Connect to the database
$server = "localhost";
$dbuser = "dbusername";
$dbpass = "dbpass";
$dbname = "dbname";
mysql_connect($server,$dbuser,$dbpass) or die ("Could not establish connection"); // make connection
mysql_select_db($dbname); // select database
// Get users information
$result = mysql_query("SELECT * FROM `users` WHERE `userid` = '".$u."' LIMIT 1");
while($r=mysql_fetch_array($result)){
// Turn breaks into new lines for biography field
$r[biography] = nl2br($r[biography]);
To get the profile page to display a particular users profile you must pass their userid to the profile.php page. This can be done by simple calling it like this:
Quote
profile.php?u=5
That will displays the users information whos userid is 5.
You can link to a users profile by doing the following:
Code
<a href="profile.php?u=5">User Number 5</a>
You can of course change the userid so it will display a different profile.
And thats it for now. Hope you have enjoyed this tutorial. If you have any additions or extra features to add to this tutorial feel free to post your feedback. Good luck.
and freewebs.com is the link to see the result I got when testing.
[PHP]<?php
// Connect to the database
$server = "localhost";
$dbuser = "dbusername";
$dbpass = "dbpass";
$dbname = "dbname";
mysql_connect($server,$dbuser,$dbpass) or die ("Could not establish connection"); // make connection
mysql_select_db($dbname); // select database
// convert posted info to easy to use variables
$user = $_REQUEST;//get username from form
$pass = $_REQUEST;//get password from form
$email = $_REQUEST;// get email from form
$biography = $_REQUEST;// get biography from form
// strip away any dangerous tags
$user=strip_tags($user);
$pass=strip_tags($pass);
$email=strip_tags($email);
$biography=strip_tags($biography);
mersyl63
BeginnerLink Clerk
Comments
Explain what you mean...
The Royal Ram
User Registration
> Login
> Logout
> Restrict access to members only
> User Profile
Heres a little break down of what each feature does and what its for:
Quote: User Registration
This allows guests to register a new account. They need to provide a username, password and email address.
Quote: Login
Registered users can login using their username and password which was created when they registered an account.
Quote: Logout
Allow a person who is logged in to logout. This will stop people from accessing their account afterwards.
Quote: Restrict Access
This will allow you to offer certain content to registered users only so guests cannot see it.
User Profile - A profile which contains information about that user. Other people can view other peoples profiles.[/QUOTE]
There you go. The introduction is over and done with so now lets start creating the script itself. The first part is to deal with the database.
Working With The Database
All of the members information will be stored within a MySQL database. PHP works perfectly with MySQL therefore it is fairly simple for them to work with eachother. First of all you will need a database, prefferably empty although it doesnt have to be. If you dont already have a MySQL database available then you will need to get one. Contact your web host if you are unsure what to do or post your questions in our support forum if you need help. For this tutorial I will be using a database called accounts.
Once you have got your database ready you now need to create the tables for it. You will only need one table to hold the members information. Here is the SQL query which will create that table. You need to copy and paste this into phpMyAdmin or if you prefer create the table manually with phpMyAdmin.
Code
CREATE TABLE `users` (
`userid` INT( 11 ) NOT NULL AUTO_INCREMENT ,
`username` VARCHAR( 255 ) NOT NULL ,
`password` VARCHAR( 32 ) NOT NULL ,
`email` VARCHAR( 255 ) NOT NULL ,
`biography` TEXT NOT NULL ,
PRIMARY KEY ( `userid` )
);
That will create a table called 'users' which has got the the following columns:
Quote
userid - Conatins a unique user id
username - Contains the username
password - Contains an encrypted password 32 characters in length for increased security
email - Contains the users email address
biography - Contains a little personal biography of the user
Thats it for the database. The next step is to start coding the script itself.
User Registration
The main part of this script is to allow guests of your site to sign up for an account without the need of someone manually adding their details to a database. To do this we need to create a register.php script. This will take information submitted from a form and insert it into the MySQL database. So to begin with, lets get that form created.
Code
<form name="form1" method="post" action="register.php">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
Email Address: <input type="text" name="email"><br>
Biography: <textarea name="biography"></textarea><br>
<input type="submit" name="Submit" value="Submit">
<input type="reset" name="Submit2" value="Reset">
</form>
Save the above as signup.html
Basically all it is is a HTML form which submits the information to register.php. The file register.php is the file which will insert the submitted information into the database and in the process will hash the password. Hashing the password will turn the original password into a random set of 32 characters. The hashing method that we will be using is md5 which is considered to be very secure.
The next step is to create register.php itself. Here is the code. It has been commented step by step to explain what is happening.
Code
<?php
// Connect to the database
$server = "localhost";
$dbuser = "dbusername";
$dbpass = "dbpass";
$dbname = "dbname";
mysql_connect($server,$dbuser,$dbpass) or die ("Could not establish connection"); // make connection
mysql_select_db($dbname); // select database
// convert posted info to easy to use variables
$user = $_REQUEST;//get username from form
$pass = $_REQUEST;//get password from form
$email = $_REQUEST;// get email from form
$biography = $_REQUEST;// get biography from form
// strip away any dangerous tags
$user=strip_tags($user);
$pass=strip_tags($pass);
$email=strip_tags($email);
$biography=strip_tags($biography);
// remove spaces from variables
$user=str_replace(" ","",$user);
$pass=str_replace(" ","",$pass);
$email=str_replace(" ","",$email);
// remove escaped spaces
$user=str_replace("%20","",$user);
$pass=str_replace("%20","",$pass);
$email=str_replace("%20","",$email);
// add slashes to stop hacking
$user=addslashes($user);
$pass=addslashes($pass);
$email=addslashes($email);
$biography=addslashes($biography);
// minimum lengths
$minuser_len = 6; //username minimum length
$minpass_len = 6; //password minimum length
if(strlen($user) < $minuser_len || strlen($pass) < $minpass_len)
{
die("User/password was not long enough!");
}
// hash users password for security (32 chars random - md5)
$pass=md5($pass);
// create the SQL query to be executed
$request = "INSERT INTO `users` ( `userid` , `username` , `password` , `email` , `biography`) VALUES ('', '$user', '$pass', '$email', '$biography');";
// execute the query
$result = mysql_query($request);
// check if succesful registration
if($result){
echo "Registration was succesful";
} else {
echo "Registration failed";
}
?>
In the above code at the start you will need to replace the mysql connection details with whatever your details are. This is reffering to the server, which is usually localhost so it can therefore be left alone, the database username, database password and the actual database name. One thing I need to point out to you which is a fairly obvious mistake that a lot of people do: Notice when we take away spaces and escaped spaces from the variables - we do not do this for the $biography variable. This is because we want to allow them to be able to use spaces to seperate words - obviously
The above code will insert the users posted information into the database table called users which we created a bit earlier. If the registration is succesful then it will say so, if not then it will say that the registration failed. The next step is to create the login section where users will be able to enter their username and password.
Create The Login
Firtly we need a HTML form. This form contains two fields. Username and password. The form action is login.php - login.php is the file which will process the login by comparing the submitted username and password combination to the database to see if there are any matches. The login form:
Code
<form action="login.php" method="post">
Username: <input type="text" name="username" size="10"><br>
Password Desired: <input type="password" name="password" size="10">
<input type="submit" value="submit" name="submit">
</form>
Thats the login form sorted. The next step is to create the login.php file which is the action file for the above form.
This will work by getting the username and password submitted by the user at the form, compare them against the details in the database and if there is a match a cookie will be set on the users computer. This cookie will store basic information and will expire in a set amount of time. We use cookies because it means that if the user closes their browser after logging in they dont have to log back in again when they return. If however the cookie has expired past the time limit we set they will have to login again. Here is the code for login.php along with explanations.
Code
<?php
// Connect to the database
$server = "localhost";
$dbuser = "dbusername";
$dbpass = "dbpass";
$dbname = "dbname";
mysql_connect($server,$dbuser,$dbpass) or die ("Could not establish connection"); // make connection
mysql_select_db($dbname); // select database
// convert posted info to easy to use variables
$user = $_REQUEST;
$pass = $_REQUEST;
// strip away any dangerous tags
$user=strip_tags($user);
$pass=strip_tags($pass);
// remove spaces from variables
$user=str_replace(" ","",$user);
$pass=str_replace(" ","",$pass);
// remove escaped spaces
$user=str_replace("%20","",$user);
$pass=str_replace("%20","",$pass);
// add slashes to stop hacking
$user=addslashes($user);
$pass=addslashes($pass);
// hash password into md5 (random 32 characters - md5)
$pass=md5($pass);
// search database to check for user
$request = "SELECT * FROM users WHERE password='".$pass."' AND username='".$user."'";
// hand over the request
$results = mysql_query($request);
// if mysql returns any number of rows great than 0 then there is a succesful login
if(mysql_num_rows($results))
{
// get users id
$getid = "SELECT * FROM users WHERE username='".$user."' LIMIT 1";
$getidexec = mysql_query($getid);
while($r=mysql_fetch_array($getidexec)){
$userid = $r[userid];
}
// set a cookie
setcookie( "userid", "$userid", time()+3600, "/", "", 0 );
echo "User Logged in.<br><br><a href=\"index.php\">Continue...</a>";
}
else // only happens if not a succesful username and password match
{
// login failed so display error message and kill script
die("Username and passwords do not match our records");
}
?>
Again we start off by connecting to the database in the same manner. Then we do some changes to the variables to prevent people hacking your scripts or performing dangerous queries on your database. After that we use md5() function to hash the users password into random 32 characters. We do this because in our register.php we hashed it before inserting it into the database therefore for us to get a match we have to do the same here. If there is a username and password match then we get the users id. This is done so that we can then set a cookie which records that that user has logged in succesfully. Once the cookie is set it displays a link to index.php - this will be our main index file.
And thats it for the login section. The next step is to create index.php.
Creating the homepage
We will use index.php as a basic homepage. All I am going to do is show you how to check to see whether a user is logged in or not. Ill leave it up to you to create the entire index page since this tutorial only needs to teach you the basics of it. Here is the code for index.php
Code
<?php
if (!$_COOKIE){
die("You are not logged in");
}
echo "You are logged in";
?>
The above code is fairly simple and short. It uses an if statement to see if a cookie is there or not. The exclamation mark put before $_COOKIE means it is checking to see if that variable is empty or in otherwords if there is no cookie set.
$_COOKIE is default in PHP therefore you can simply access it and perform operations on it to check for set cookies etc. The above script will stop running if the login isnt succesful. This means that you can place your members only content anywhere after the final }.
Logging Out
The whole point of having a logout link is so that a user can stop anyone else accesing their account on the computer their logged in at. It works by simply resetting the cookie which is set when logging in and setting the expire time to a minus value - meaning it would no longer be valid. Here is the code for logout.php:
Code
<?php
// set a cookie
setcookie( "userid", "0", time()-3600, "/", "", 0 );
?>
The difference this time compared to the cookie we set when the user logged in is that we are setting it to -3600 which means the cookie has already expired and is therefore useless. We also set the cookies value to 0. Previously a userid was set here however because we no longer have a user we simply set it to 0.
Viewing A Profile
One of the great things about communities where users register is that they have the ability to have custom profiles. Other people can then view their profiles and find out information about them. Here is profile.php which will act as the profile page for the members:
Code
<?php
// Connect to the database
$server = "localhost";
$dbuser = "dbusername";
$dbpass = "dbpass";
$dbname = "dbname";
mysql_connect($server,$dbuser,$dbpass) or die ("Could not establish connection"); // make connection
mysql_select_db($dbname); // select database
// Get users information
$result = mysql_query("SELECT * FROM `users` WHERE `userid` = '".$u."' LIMIT 1");
while($r=mysql_fetch_array($result)){
// Turn breaks into new lines for biography field
$r[biography] = nl2br($r[biography]);
// Output users information
echo "<b>Viewing $r[username]'s profile</b><br>";
echo "Biography: $r[biography]";
}
?>
To get the profile page to display a particular users profile you must pass their userid to the profile.php page. This can be done by simple calling it like this:
Quote
profile.php?u=5
That will displays the users information whos userid is 5.
You can link to a users profile by doing the following:
Code
<a href="profile.php?u=5">User Number 5</a>
You can of course change the userid so it will display a different profile.
And thats it for now. Hope you have enjoyed this tutorial. If you have any additions or extra features to add to this tutorial feel free to post your feedback. Good luck.
and freewebs.com is the link to see the result I got when testing.
www.mersyl.com
you know you could have just posted a link to it
anyways you have to give us more information. i still have no idea whats wrong!
// Connect to the database
$server = "localhost";
$dbuser = "dbusername";
$dbpass = "dbpass";
$dbname = "dbname";
mysql_connect($server,$dbuser,$dbpass) or die ("Could not establish connection"); // make connection
mysql_select_db($dbname); // select database
// convert posted info to easy to use variables
$user = $_REQUEST;//get username from form
$pass = $_REQUEST;//get password from form
$email = $_REQUEST;// get email from form
$biography = $_REQUEST;// get biography from form
// strip away any dangerous tags
$user=strip_tags($user);
$pass=strip_tags($pass);
$email=strip_tags($email);
$biography=strip_tags($biography);
// remove spaces from variables
$user=str_replace(" ","",$user);
$pass=str_replace(" ","",$pass);
$email=str_replace(" ","",$email);
// remove escaped spaces
$user=str_replace("%20","",$user);
$pass=str_replace("%20","",$pass);
$email=str_replace("%20","",$email);
// add slashes to stop hacking
$user=addslashes($user);
$pass=addslashes($pass);
$email=addslashes($email);
$biography=addslashes($biography);
// minimum lengths
$minuser_len = 6; //username minimum length
$minpass_len = 6; //password minimum length
if(strlen($user) < $minuser_len || strlen($pass) < $minpass_len)
{
die("User/password was not long enough!");
}
// hash users password for security (32 chars random - md5)
$pass=md5($pass);
// create the SQL query to be executed
$request = "INSERT INTO `users` ( `userid` , `username` , `password` , `email` , `biography`) VALUES ('', '$user', '$pass', '$email', '$biography');";
// execute the query
$result = mysql_query($request);
// check if succesful registration
if($result){
echo "Registration was succesful";
} else {
echo "Registration failed";
}
?>[/PHP]
That's the register.php as copied from the post above with the whole tutorial in it which is generating to 500 error..