23 replies to this topic

[friiks]

Hey!
Maybe you've seen my other tutorials...or my signature..
Anyways I'm going to show you how to make a system so users of your site could register accounts and you could have protected - user only - pages on your site

Ok, so we start by creating a config.php file.

<?php

	$dbhost   = 'database host';
	$dbname   = 'database name';
	$dbusername   = 'database username';
	$dbuserpass = 'database password';	
	
mysql_connect ($dbhost, $dbusername, $dbuserpass);
mysql_select_db($dbname) or die('Cannot select database');
?>

Fill in the values of your host and upload it.
Here are querie to run in PHPmyadmin

CREATE TABLE `users` (
`id` INT( 11 ) NOT NULL AUTO_INCREMENT ,
`username` VARCHAR( 255 ) NOT NULL ,
`password` VARCHAR( 255 ) NOT NULL ,
PRIMARY KEY ( `id` )
) TYPE = MYISAM ;

Next, lets create index.php.

<?php
//start the session so you would stay logged in
//always must be on top
session_start();
//include config.php file
include('config.php');
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title>The site</title>
</head>
<body>
<center><a href="?p=idx">Home</a> - <a href="?p=page">Protected page</a>
<?php
$p=$_GET['p'];
//see my ?id= browsing tutorial
switch($p){
default:
//if user isn't logged in lets show him the log in form
if(!isset($_SESSION['username'])){
?>
<form action='login.php' method='POST'>
Username: <input type='text' name='username'><br>
Password: <input type='password' name='password'><br>
<input name="login" type="submit" value="Submit"><br>
Not <a href="register.php">registered</a>?
</form>
<?}
else{
//$_SESSION['username'] = the current users 
//username. It will be echoed like "Hi, user!"
echo "<br><br>Hi, ".$_SESSION['username']."!";
echo "<a href='logout.php'>Log out</a>";}
break;
case 'page':
//you can use it like this or use include()
if(!isset($_SESSION['username'])){
echo '<br><br>Log in to see this page!';}else{
echo '<br><br>Only user who is logged in can see this!..and you see this so this means you are logged in;]';
}
}
?>
</center>
</body>
</html>

You see the explanations in the code.

Now we need a file that will log the user in, right? Right!
Create a file called login.php

<?php
//start session and include conf...
session_start();
include'config.php';
//get the variables from form and adding some little security
$submit=$_POST['login'];
$username = mysql_real_escape_string(strip_tags(htmlspecialchars($_POST['username'])));
$password = md5($_POST['password']);
//if submit button is pressed
if ($submit){
if((!$username) || (!$password) || ($username=='') || ($password=='')){
header("Refresh: 2;".$_SERVER['HTTP_REFERER']);
echo'<center>Please enter both - username and password!</center>';		
}
//lets see if the user exists by making a query which selects
//submitted username and password from the database
//and the we use mysql_num_rows() to count the results returned
//if there is a user with a username and password like that $c will be 1
//as it will be counted otherwise it'll stay 0.
$sql=mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND `password`= '".$password."'") OR die(mysql_error());
$c=mysql_num_rows($sql);
if($c>0){
$r=mysql_fetch_array($sql);
//set $_SESSION['username'] to the username from database
$_SESSION['username'] = $r['username'];
header("Refresh: 2; url=index.php?i=idx");
echo'<center>Login successfull!</center>';
//else, if there werent any records found show an error and 
//return the user to index.
}else{
header("Refresh: 2; url=index.php?i=idx");
echo "<center>You couldn't be logged in!</center>";
}}
?>

Ok, so the user is logged in, everything's fine ...
but uh-oh...how can user log in if he's not registered ?

make a file called register.php

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title>Register!</title>
</head>
<body>
<form action='<?=$_SERVER['PHP_SELF']?>' method='POST'>
Username: <input type='text' name='username'><br>
Password: <input type='password' name='password'><br>
<input name="register" type="submit" value="Submit">
</form>
<?php
include('config.php');
///variables...
$submit=$_POST['register'];
$username = mysql_real_escape_string(strip_tags(htmlspecialchars($_POST['username'])));
$password = md5($_POST['password']);
//if button is pressed
if($submit){
//if username is not blank..same for pass
if(($username) and ($password) and ($username!==NULL) and ($password!==NULL)){
$sql="INSERT INTO `users` (`id`,`username`,`password`) VALUES ('NULL','".$username."','".$password."')";
mysql_query($sql) or die(mysql_error());
echo "Congratulations! You are registered!<br><a href='index.php'>Log in</a>";
}
}
?>
</body>
</html>

and the logout.php

<?
session_start();
$_SESSION = array();
header("Location: index.php");
?>

I'll add some more explanations later...don't have time now sorry.
But you have the code...and if you have questions - ask.
Preview

[Blessed]

nice tutorial
allot of comments i like it

[Psvertjuh]

nice tut indeed, really good, maybee i can use it. One question, is it possible, when you already have a forum, that u can make a quick login on your main page so you can login for the forum.. ? <-- bit vague I think? when u dont get it say it, dont really know how to say it in english

[friiks]

Well, I can show you how to make so you can have a little login form in your site that will log you in to forums, but it wont log you into the site...
If it's MYbb maybe I could make you a site you can but...yeah..

[Unholy Prayer]

Not a bad code. Could be very useful to the users that are new to PHP.

[Imtay22]

In register.php-

Quote

<form action='<?=$_SERVER['PHP_SELF']?>' method='POST'>

Could i change the form action to register.php, and make the php code register.php and the HTML code to index.php?id=register? I think that would work... But just checking first.

Edited by Imtay22, 13 April 2007 - 06:01 PM.

[jlhaslip]

Quote

<form action='<?=$_SERVER['PHP_SELF']?>' method='POST'>

Php replaces the $_SERVER['PHP_SELF'] with register.php, so that would not be required. And I think keeping the register script separate from the index.php is a good thing. It modularizes the code so that the Index page is cleaner and the register script is separate, so any changes to it are easier to figure. Just my take on it. You would need to adjust the index page to cause the register script to be called if you make the changes you are considering.

[Imtay22]

Okay thank you Jim. I was just wondering...

[friiks]

Thanks, jlh, for the answer, maybe you've noticed I'm here almost never. I told why once already so yeah. I just terminated my account and will be looking at the posts and probably making some new tutorials.

[JDameron91]

Ah, nice mate. Comments are great, and the code works awesome. I will be looking forward to seeing more of your tutorials very soon. Can't wait to see one on custom skins or something. XD