25 replies to this topic

[MiniK]

Hello. This is my first web tutorial ever. This is basically a simple register and login script. Yes, I know it’s a bit rubbish but I’m quite new to PHP/MySQL.

Here’s the register form. This can be any file extension you like. I’d recommend calling it register.html.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Register</title>
</head>

<body>
<h1>Register</h1>
<table><tr>
<form action=register.php method=post>

<td width="81">Username:</td>
<td width="247"><input name="username" size="30" autocomplete="off" value="" type="text" /></td>

</tr><tr>

<td>Password:</td>
<td><input name="password" size="30" type="password" /></td>

</tr>

<tr>

<td>First Name:</td>
<td><input name="firstname" size="30" type="text" /></td>

</tr>

<tr>

<td>Last Name:</td>
<td><input name="lastname" size="30" type="text" /></td>

</tr>

<tr>

<td>Age:</td>
<td><input name="age" size="30" maxlength="2" /></td>

</tr>
</table>


<p><input type="submit" class="button" value="Register" /></p>
</form>
</body>
</html>

Now create a MySQL database. Then create a file that will be called

mysql-connect.php

. Here is the file:

<?php
$con = mysql_connect("DB_HOST","DB_USER","DB_PASS");
mysql_select_db("DB_NAME", $con);
?>

Replace DB_HOST with the host of your database. This is usually “localhost”, but some hosts differ. Replace DB_USER with the username for your database, and DB_PASS with the password of your database and then replace DB_NAME with the name of your database. Enough with this file, let’s get onto the actual registration script. Save this as

register.php

.

<?php
include 'mysql-connect.php';
$username = $_POST['username'];
$password = $_POST['password'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$age = $_POST['age'];
$ip = $_SERVER['REMOTE_ADDR'];

$result = mysql_num_rows(mysql_query("SELECT * FROM TABLENAME WHERE username='$username'"));
if($result == 1)
	{
	echo ‘<h1>ERROR!</h1>The username you have chosen already exists!’;
	}
else
	{
	mysql_query("INSERT INTO TABLENAME (username, password, firstname, lastname, age, ip) 
VALUES ('$username', '$password', '$firstname', '$lastname', '$age', '$ip')");

	echo '
  <p>Congratulations! You have successfully registered! </p>
  <p>Click <a href="login.php">here</a> to login.</p>‘;
?>

OK, let’s break this down:

include 'mysql-connect.php';

Include the database connection file.

$username = $_POST['username'];
$password = $_POST['password'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$age = $_POST['age'];
$ip = $_SERVER['REMOTE_ADDR'];

This part gets all of the variables: username, password, first name, last name, age and ip address.

$result = mysql_num_rows(mysql_query("SELECT * FROM TABLENAME WHERE username='$username'"));

This checks to see if the username already exists in the database. Make sure you change “TABLENAME” to the name of the table in which the user information is stored.

if($result == 1)
	{
	echo ‘<h1>ERROR!</h1>The username you have chosen already exists!’;
	}
else
	{
	mysql_query("INSERT INTO TABLENAME (username, password, firstname, lastname, age, ip) 
VALUES ('$username', '$password', '$firstname', '$lastname', '$age', '$ip')");

	echo '
  <p>Congratulations! You have successfully registered! </p>
  <p>Click <a href="login.php">here</a> to login.</p>‘;

If the username already exists, display an error message, and if not, insert the user information into the database and display a login link. Make sure you change “TABLENAME” to the name of the table in which the user information is stored. Now onto the login form. This is quite simple. Just save it as login.php.

<html>
<head>
<title>Login</title>
</head>
<body>
<form name="login" action="login2.php" method="post">


<table align="center"><tr>

<td class="title">Username</td>
<td><input name="user" size="30" autocomplete="off" value="" type="text" /></td>

</tr><tr>

<td class="title">Password</td>
<td><input name="pass" size="30" type="password" /></td>

</tr></table>


<p style="text-align:center;"><input type="submit" class="button" value="Login" /></p></form>
</body>
</html>

Basically, that asks for username and password, and sends them to another file called

login2.php

which we shall move onto now…

<?php
include 'mysql-connect.php';

$username = $_POST['user'];
$password = $_POST['pass'];
$query1 = mysql_query("SELECT * FROM TABLENAME WHERE username='$username'");
$result = mysql_num_rows($query1);
if($result == 0)
{
include '<h1>Error!</h1>The username you specified does not exist!';
}
else
{

$checkuser = mysql_query("SELECT * FROM TABLENAME WHERE username='$username'");

			$row = mysql_fetch_array($checkuser);
							$password2 = $row['password'];
							$status = $row['status'];
				if ($password == $password2)
					{
					//PUT PASSWORD PROTECTED INFORMATION HERE
					}
				else
					{
					echo '<h1>Error!</h1>The username and password combination you entered does not match the ones we have in the database.';
					}

}
?>

Let’s break this file down aswell.

$username = $_POST['user'];
$password = $_POST['pass'];

This grabs the username and password that they entered.

$query1 = mysql_query("SELECT * FROM TABLENAME WHERE username='$username'");
$result = mysql_num_rows($query1);

This checks to see if the user exists in the database. Make sure you change “TABLENAME” to the name of the table in which the user information is stored.

if($result == 0)
{
include '<h1>Error!</h1>The username you specified does not exist!';
}

If not, display an error message.

else
{

$checkuser = mysql_query("SELECT * FROM TABLENAME WHERE username='$username'");

			$row = mysql_fetch_array($checkuser);

If the user does exist, get the information stored in the database about that user. Make sure you change “TABLENAME” to the name of the table in which the user information is stored.

$password2 = $row['password'];

Get the user’s password.

if ($password == $password2)
				{
				//PUT PASSWORD PROTECTED INFORMATION HERE
				}

If the password in the database matches the one they entered, display password protected information.

else
				{
					echo '<h1>Error!</h1>The username and password combination you entered does not match the ones we have in the database.';
				}

}

If not, display yet another error message.

OK, that’s the script. Hope you liked it. It was for a website I was making but I have no need for it anymore, so I thought I would post it here so that other people can learn from it. This /should/ work, but if it doesn't, just let me know and I can advise you on what is wrong and can edit it. We can ALL learn from our mistakes.

[karlosvalencia]

Hello,

I'm new to PHP myself and have what I hope is a basic question. I'd like to have password protected pages on my site. Simple have no more than 10 pages, each one with its own password. Is this doable with PHP, do I need MySQL installed for that?

Furthermore, if I see a server like the one provided by trap17.com how can I install my PHP script on it?

[Acid]

You mention in the end, that this system is for the purpose that other peoples can/will learn from it - To be honest, if I was new to PHP/MySQL, I wouldn't understand half of it. I think you should comment more what the codes do, give a little bit description.

But good job on making it, I guess.

[coldasice]

any ways.. use md5($password) for secure password

[GaiaZone]

Thanks for this tutorial!

I'm just starting with MySQL, and I actually understood everything.

Great job!

EDIT: Never mind that last question, found the answer.

Another question thought, I'm getting this error when I run the script (after correcting all the other errors):

Quote

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/gaiazone/public_html/mysql/login2.php on line 7

All my problems seem to be with that command.

Any help?

Edited by GaiaZone, 11 January 2008 - 12:23 AM.

[Imtay22]

karlosvalencia, on Jan 5 2008, 08:35 AM, said:

Hello,

I'm new to PHP myself and have what I hope is a basic question. I'd like to have password protected pages on my site. Simple have no more than 10 pages, each one with its own password. Is this doable with PHP, do I need MySQL installed for that?

Furthermore, if I see a server like the one provided by trap17.com how can I install my PHP script on it?

Am am not totally sure how to do this, but I know it has something to do with the .htaccess file. I will search it up in a sec and get it back to you.

Back on Topic- This is a very nice tutorial, I am needing one of these for my site. Do you mind if I adjust it so it can be a login for my forum, instead of a site?

Thanks,

Imtay

[coldasice]

GaiaZone, on Jan 10 2008, 11:37 PM, said:

Thanks for this tutorial!

I'm just starting with MySQL, and I actually understood everything.

Great job!

EDIT: Never mind that last question, found the answer.

Another question thought, I'm getting this error when I run the script (after correcting all the other errors):
All my problems seem to be with that command.

Any help?

mby u forgot or did anything wrong in the connection of mysql db.. or else mby iu forgot to change table name or somthing =D

[hitmanblood]

Hello I must say that this is good tutorial however there are few things to attent first of all write more comments user secure password and name all your files with the .php extension instead of html because if you have some code in the html file it will not be executed on the server.

And the other question to attend. PHP and MySQL are already installed when you obtain your account on trap17. sO don't worry about it especially if you are beginner.

[Imtay22]

Imtay22, on Jan 13 2008, 07:53 AM, said:

Quote

I'd like to have password protected pages on my site. Simple have no more than 10 pages, each one with its own password.

Am am not totally sure how to do this, but I know it has something to do with the .htaccess file. I will search it up in a sec and get it back to you.

Quote

Step 3. Add Access Files to the Folder
Once you identify the folder you wish to safeguard, then you need to create two files in this folder. The files are: .htaccess and .htpasswd. The .htaccess file displays the access login information needed for users and also includes the list of specific users who can login. The .htpasswd file includes the individual users and their passwords.

Create .htaccess file in your Folder by using a text editor to create .htaccess. Notice that you must include the . (dot) before the file name!

The file should atleast include these lines:
AuthName "Login to the Private Area"
AuthType Basic
AuthUserFile /var/www/html/Private/.htpasswd
Require user andrea

Note that the AuthName requires quotes and whatever is in quotes will display on the login window when a user tries to access your private folder with a web browser. It is vital that you properly set the path for the AuthUserFile and obviously replace the word Private with whatever folder you are trying to password protect.

Also be sure to include the user login names of the people you plan to allow to this folder next to the Require user line. In my case, I simply added myself to this folder as a user (andrea).

Now, create the .htpasswd file in the same Folder but NOT by using a text editor. Instead use this command from the command line on your Linux server.

Type this command at the prompt:
htpasswd -cmb .htpasswd andrea ann2cute

Note that you must use your own name and password (replace andrea and ann2cute) and that the option cmb does the following: First it forces Creating of a new .htpasswd file. Since this is your first time adding a user it is necessary. Next the m option forces encryption and b allows you to include the user name and password immediately. In my case I created a new .htpasswd file, then added the user andrea and her password ann2cute.

That explains how to do that. If you need any help please visit the whole guidehere.

Thanks,

Imtay

[hitmanblood]

I thought that this guy in fact wanted the php scripts to protect that is password protect thouse pages. However I might have misunderstood in the end. And that the guy answering to his question in fact said that it migt be done using htaccess file.