 Complete Login System, With PHP + MYSQL |
|
|
|
|
  |
 Feb 15 2005, 09:38 PM
Post
#1
|
|
|
Super Member  Group: Members Posts: 217 Joined: 2-January 05 Member No.: 3,084  |
Its an complete login sistem made and tested by me and I think itwill be very usefull for people who are tryn to learn PHP.
First, let's make register.php: CODE <? include("conn.php"); // create a file with all the database connections if($do_register){ // if the submit button were clicked if((!$name) || (!$email) || (!$age) || (!$login) || (!$password) || (!$password2)){ print "You can't let any fields in blank.\n"; // if the user did not put some field exit; } $name = stripslashes($name); $email = stripslashes($email); $age = stripslashes($age); $login = stripslashes($login); $password = stripslashes($password); $password2 = stripslashes($password2); // this is for security reasons if($password != $password2){ // if passwords didn't match print "The password and the confirmation are not the same!\n"; exit; } $password = md5($password); mysql_query("INSERT INTO table (name,email,age,login,password) VALUES ('$name','$email',$age,'$login','$password')") or die (mysql_error()); print "Done!\n"; // if its okay, show this message exit; } // close the first "if" ?> <form action="register.php" method="post"> Name: <input type="text" name="name"><br> Email: <input type="text" name="email"><br> Age: <input type="text" name="age"><br> Login: <input type="text" name="login"><br> Password: <input type="password" name="password"><br> Password Again: <input type="password" name="password2"><br> <input type="submit" name="do_register" value="Sumbit"> </form> And now 'conn.php', which is 'included' in the above file. CODE $host = 'localhost'; $user = 'root'; $pass = ''; $db = 'yourdb'; mysql_connect($host,$user,$pass) or die ("Database is unavaiable. Please try again later."); mysql_select_db($db) or die ("Database is unavaiable. Please try again later."); And now, login.php: CODE <? include("conn.php"); if($do_login){ $login = stripslashes($login); // VERY IMPORTANT FOR SECURITY OF YOUR DATABASE DON'T ERASE IT $passwd = stripslashes($passwd); // VERY IMPORTANT FOR SECURITY OF YOUR DATABASE DON'T ERASE IT $check = mysql_query("SELECT * FROM table WHERE login='$login' LIMIT 1;"); $user = mysql_fetch_array($check); if($user[password] == md5($passwd)){ // if the writed password and the db password are the same... setcookie("login","$login",time()+360000); setcookie("pass","$passwd",time()+360000); // ...set the cookies... header("Location: userspage.php"); // ...and redirect to restrict page }else{ print "Login or password incorrects!\n"; exit; } } ?> <form action="login.php" method="post"> Login: <input type="text" name="login"><br> Passwd: <input type="password" name="passwd"> <input type="submit" name="do_login" value="Log-in!"> </form> And finally, userspage.php: CODE <? if(isset($HTTP_COOKIE_VARS["login"])){ ?> Page contents here <? }else{ ?> This page is restrict for registered users only! <? } ?> verify.php: CODE <? include("conn.php"); // include page with the database connection $cookie = $HTTP_COOKIE_VARS; // to reduce the var's name :o) if($cookie[login] && $cookie[pass]){ $login = $cookie[login]; $pass = $cookie[pass]; $usrquery = mysql_query("SELECT * FROM members WHERE nick='$login' AND password='$pass';") or die (mysql_error()); // search for the user $user = mysql_fetch_array($usrquery); if($user[level] != 'Admin') header("Location: notfound.htm"); // if the user is not an admin, redirect to an error page } ?> admin.php: CODE <? include("verify.php"); // it will verify if the user is an admin ?> <!-- Here, the table with all the members --> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td> <form method="post" action="members.php"> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr bgcolor="#333333"> <th width="6%" class="header"><font size="1">Editar</font></th> <th width="1%" class="header"><font size="1">ID</font></th> <th width="24%" class="header"><font size="1">Name</font></th> <th width="13%" class="header"><font size="1">Age</font></th> <th width="40%" class="header"><font size="1">E-Mail</font></th> <th width="11%" class="header"><font size="1">Details...</font></th> </tr> <? $query = mysql_query("SELECT * FROM members ORDER BY id;"); if(!mysql_fetch_array($query)) // If there is no members print "<tr><td align=\"center\" colspan=\"7\"><font color=\"#FFFFFF\" size=\"2\"><b>Sorry, there is no members registered.</b></font></td></tr>\n"; // Show you a message while($profiles = mysql_fetch_array($query)) { ?> <tr bgcolor="#666666"> <td> <div align="center"><input type="checkbox" name="id[]" value="<?=$profiles[id]?>"></div></td> <td> <div align="center"><?=$profiles[id]?></div></td> <td> <div align="center"><?=$profiles[name]?></div></td> <td> <div align="center"><?=$profiles[age]?></div></td> <td> <div align="center"><?=$profiles[email]?></div></td> <td> <div align="center"><a href="profiles.php?op=edit&id=<?=$profiles[id]?>" target="_blank">More info...</a></div></td> </tr> <? } ?> </table> </td> </tr> </table> </form> Done, now, profiles.php (used to see and edit member information): CODE <? include("verify.php"); // always put this page, or everybody would have access to this page function Update (&$member, $table, $data) { global $id; $items = explode(" ",$data); $update = ""; $i = 0; while ($tmp = $items[$i++]) { $data = $member[$tmp]; if (is_numeric($data)) $update .= "$tmp=$data"; else { sqlQuotes($data); $update .= "$tmp='$data'"; } if ($items[$i]) $update .= ","; } mysql_query("UPDATE $table SET $update WHERE id=$member[id];"); } // this function is really nice!! switch($op){ case 'edit': // if you're trying to edit/see info $profile = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE id=$id;")); // save the user informations on an variable ?> <!-- now, lets show an table --> <form action="profiles.php?op=doedit&memberid=<?=$profile[id]?>" method="post"> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td width="25%"><font color="#FFFFFF">ID</font></td> <td width="75%"><input name="id" type="text" id="id" value="<?=$profile[id]?>" size="2"></td> </tr> <tr> <td><font color="#FFFFFF">Name</font></td> <td><input name="name" type="text" id="nome" value="<?=$profile[name]?>" maxlength="32"></td> </tr> <tr> <td><font color="#FFFFFF">Age</font></td> <td><input name="age" type="text" value="<?=$profile[age]?>" maxlength="32"></td> </tr> <tr> <td><font color="#FFFFFF">Country</font></td> <td><input name="country" type="text" id="estado" value="<?=$profile[country]?>" size="2" maxlength="2"></td> </tr> <tr> <td><font color="#FFFFFF">City</font></td> <td><input name="city" type="text" id="cidade" value="<?=$profile[city]?>"></td> </tr> <tr> <td><font color="#FFFFFF">ICQ</font></td> <td><input name="icq" type="text" id="icq" value="<?=$profile[icq]?>"></td> </tr> <tr> <td height="22"><font color="#FFFFFF">MSN</font></td> <td><input name="msn" type="text" id="msn" value="<?=$profile[msn]?>"></td> </tr> <tr> <td><font color="#FFFFFF">HP</font></td> <td><input name="hp" type="text" id="hp" value="<?=$profile[hp]?>" size="40"></td> </tr> <tr> <td><font color="#FFFFFF">E-mail</font></td> <td><input name="email" type="text" id="email" value="<?=$profile[email]?>" maxlength="60"></td> </tr> <tr> <td colspan="2"> </td> </tr> <tr> <td colspan="2"><div align="center"> <input type="submit" value="Save"> <input type="reset" value="Reset"> </div></td> </tr> </table> </form> <? break; case 'doedit': if(!$memberid) return; $profile[name] = $name; $profile[age] = $age; $profile[country] = $country; $profile[city] = $city; $profile[icq] = $icq; $profile[msn] = $msn; $profile[hp] = $hp; $profile[email] = $email; Update($profile,"members","name age country city icq msn hp email"); mysql_query("UPDATE members SET id=$id WHERE id=$memberid;"); // update user's id EndNow("Details saved!<br><br><a href=\"admin.php\">Back</a>"); break; } ?> Try to don't only copy the code and post into your site. If you do it, you will learn nothing with this tut. I hope it have been usefull for you! 
This post has been edited by jlhaslip: Jan 6 2006, 02:28 AM |
 |
 
|
|
Feb 17 2005, 04:53 AM
Post
#2
|
|
|
Member [Level 2] Group: Members Posts: 81 Joined: 3-August 04 Member No.: 609 |
Hey looks great. If someoen is just learning PHP i asusme theyre not familiar with MYSQL alreayd so maybe add something about putting tables in a database........ Maybe a php script would be easiest for them. Just an Idea.
|
|
|
|
|
Feb 17 2005, 05:21 AM
Post
#3
|
|
|
Computer Nerd! Group: Members Posts: 157 Joined: 3-February 05 From: Georgia Member No.: 3,573 |
Well I run appserv off my own computer at my house so I can test pages and such before i post them, Well i tested this and all i got back was warnings.
Warning: main(conn.php): failed to open stream: No such file or directory in e:\www\login\verify.php on line 10 Warning: main(conn.php): failed to open stream: No such file or directory in e:\www\login\verify.php on line 10 Warning: main(): Failed opening 'conn.php' for inclusion (include_path='.;c:\php4\pear') in e:\www\login\verify.php on line 10 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in e:\www\login\admin.php on line 28 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in e:\www\login\admin.php on line 32 |
|
|
|
|
Mar 4 2005, 05:03 PM
Post
#4
|
|
|
Super Member Group: Members Posts: 217 Joined: 2-January 05 Member No.: 3,084 |
QUOTE(novaforme @ Feb 17 2005, 02:21 AM) Well I run appserv off my own computer at my house so I can test pages and such before i post them, Well i tested this and all i got back was warnings. Warning: main(conn.php): failed to open stream: No such file or directory in e:\www\login\verify.php on line 10 Warning: main(conn.php): failed to open stream: No such file or directory in e:\www\login\verify.php on line 10 Warning: main(): Failed opening 'conn.php' for inclusion (include_path='.;c:\php4\pear') in e:\www\login\verify.php on line 10 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in e:\www\login\admin.php on line 28 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in e:\www\login\admin.php on line 32  Man, I you have to make an file called conn.php, with the database connections beofre runing the script here is an example: CODE $host = 'localhost'; $user = 'root'; $pass = ''; $db = 'yourdb'; mysql_connect($host,$user,$pass) or die ("Database is unavaiable. Please try again later."); mysql_select_db($db) or die ("Database is unavaiable. Please try again later."); Put this file at the login directory and it will works =] |
|
|
|
|
Mar 4 2005, 05:22 PM
Post
#5
|
|
|
Member [Level 1] Group: Members Posts: 73 Joined: 1-February 05 Member No.: 3,539 |
mext time.... Show what EACH code does so people can edit it an so forth
|
|
|
|
|
Mar 4 2005, 09:16 PM
Post
#6
|
|
|
Super Member Group: Members Posts: 208 Joined: 27-January 05 From: LI, New York Member No.: 3,448 |
Wow quoting that post was majorly cheating hosting points but whatever. Also, I dont see any MySQL what so ever and I also dont think its hard to make an install file and yeah you forgot a database connector file. That really needs to be fixed.
|
|
|
|
|
Mar 5 2005, 03:35 PM
Post
#7
|
|
|
Super Member Group: Members Posts: 217 Joined: 2-January 05 Member No.: 3,084 |
QUOTE Next time.... Show what EACH code does so people can edit it an so forth wink.gif This is riduculous! The guy quote all the topic to comment only it! Cheater post! QUOTE Wow quoting that post was majorly cheating hosting points but whatever. Also, I dont see any MySQL what so ever and I also dont think its hard to make an install file and yeah you forgot a database connector file. That really needs to be fixed. You have only to edit conn.php file to your needs. |
|
|
|