 Flatfile User Login/signup, Uses text files only (compatable with forums and message system) |
|
|
|
|
  |
  Aug 26 2006, 02:30 AM
Post
#1
|
|
|
Premium Member  Group: Members Posts: 172 Joined: 2-August 06 From: North Carolina Member No.: 27,662  |
With this tutorial, you will learn how to create a textfile login script. This user membership script is for use also with my forums and message system scripts. I will also give you the scripts to make it so that people can change their profiles.
Ok, The first thing we need to do is make the database. To do this, create a blank text file called 'userdata.txt', make sure it is ALL LOWER-CASE. Edit this file and put '**username|##|password|##|email|##|rank|##|userid|##|name|##|picture**'. This will not be used, however it will give you an idea of how the information is organized. do not put a return at the end of the line. now save that file. remember, it should be called 'userdata.txt'. CHMOD THIS FILE TO 777 Now we need to make the sign up form. Create a blank html or php file called 'signup.html' or 'signup.php'. It needs to contain the following code: CODE <form action="register.php" method="POST"> <center> <table width="200" align="center"> <tr><td>Desired Username:</td> <td><input type="text" name="username" width=100></td></tr> <tr><td>Email: </td> <td><input type="text" name="email" width="100:"></td></tr> <tr><td>Repeat Email:</td><td><input type="text" name="email2" width="100%"></td></tr> <tr><td>Password: </td><td><input type="password" name="pass" width="100"></tr></td> <tr><td>Repeat Password: </td> <td><input type="password" name="pass2" width="100"></td></tr> <tr><td colspan="2"><centeR><textarea cols="35" rows="5" READ-ONLY>YOUR TERMS OF SERVICE HERE</textarea></center></td></tr> <tr><td colspan="2"><center><input type="checkbox" name="tosagree"> <b>I Agree</b></center></td></tr> <tr><td colspan="2"><br><center><input type="submit" value="Register"></td></tr> </table></center></form> </center> What the above code is, is a form that has the following fields: username, password, confirm password, email, confirm email, and TOS Agree Statment. This is just the basic information, you might want more information later but for now, leave it the way it is. So, do you think you understand that? Well, as you may or may not have caught from the code, the form points to a file called "register.php", and you guessed it, thats the file were gonna make next. So go ahead and Create a blank php file called 'register.php'. This file will act as a buffer for the information. It will check to make sure that both the confirmation password and normal password are the same and the same thing for the emails. It will also make sure that the user has checked the I Accept checkbox. It will only allow for the addition of the new member if the username hasnt been taken yet. So lets take a look at the code: CODE <? $user = strtolower($_POST['username']); $pass1 = $_POST['pass']; $pass2 = $_POST['pass2']; $email1 = strtolower($_POST['email']); $email2 = strtolower($_POST['email2']); $tos = $_POST['tosagree']; if (!$tos) $error .= "» You did not agree to the Terms of Service<br>"; if($pass1 != $pass2) $error .= "» Your Passwords do not match<br>"; if ($email1 != $email2) $error .= "» Your Emails do not match<br>"; $allusers = file('userdb.txt'); foreach($allusers as $Key => $Val) { $allusersinfo[$Key] = explode("|##|", $Val); } for($K = 0; $K < sizeof($allusers); $K++) { if ( $user == $allusersinfo[$K][0]) { $error .="» Your username is already taken<br>"; $K = sizeof($allusers); } } if (!$error) { $fileh = fopen('userdata.txt','a'); $writecontent = "\r\n" . $user . "|##|" . md5($pass1) . "|##|" . $email1 . "|##|" . "Member|##|" . sizeof($allusers) . "|##|Undisclosed|##|*URL TO DEFAULT PICTURE*"; fwrite($fileh, $writecontent); fclose($fileh); echo "Thank you for Joining, you may now login"; } else { echo "there were a few errors<br><br>"; echo $error; echo "<br><a href='java script:history.go(-1);'>Click here</a> to go back"; } ?> You will need to replace "*URL TO DEFAULT PICTURE*" with the default picture you want them to have when joining. What this does is it takes the variables from the signup page, it verifies them, it logs all the errors into variable and according to the errors gives you a message accordingly. If you have no errors it will tell you "Thank you for Joining, you may now login" but if you have errors it will specifically tell you what is wrong and give you a link back. The reason we use the |##|'s is becaues how often do people use |##| when typing? Not very often ill tell you that much. And later, using a nice little php fuction called "explode", we can take those out and have nice and neatly organized information. Now, beleive it or not, that is ALL... for the signing up. anyway. Now we still have to login. We will do this the same way we did with the signing up. We will start with the form. Now Create a black php or html document called 'signin.php' or 'signin.html'. Put this code in the file: CODE <div align="center"><table border=0> <tr><td><form method="POST" action="login.php" name="login">Username:</td> <td><input type="text" name="name" class="forminput" size="7"></td></tr> <tr><td>Password:</td> <td><input type="password" name="pass" class="forminput" size="7"></td></tr> <tr><td colspan="2"><center><input type="submit" value="Login"></form></center></td></tr> <tr><td colspan=2><font size="3">Not a member? <a href="*SIGNUP URL HERE*">Sign Up!</a></font></table></div> *you need to replace "*SIGNUP URL HERE*" with the url to the signup page* What this is is a form that asks you for your username and password. It also has a link for you to click if you wish to signup because you arent a member. Think you can guess the next page to do? Its LOGIN.php just like in the form tag. So Create a blank php file called 'login.php. What it will do is check to see if your login information is in the text file or not. Lets look at the code: CODE <? $user = $_POST['name']; $pass = $_POST['pass']; $allusers = file('userdata.txt'); foreach($allusers as $Key => $Val) { $allusersinfo[$Key] = explode("|##|", $Val); } for($K = 0; $K < sizeof($allusers); $K++) { if ( strtolower($user) == $allusersinfo[$K][0] && md5($pass) == $allusersinfo[$K][1]) { setcookie("username",$user,time()+60*60*24*30); setcookie("email",$allusersinfo[$K][2],time()+60*60*24*30); setcookie("rank",$allusersinfo[$K][3],time()+60*60*24*30); setcookie("userid",$allusersinfo[$K][4],time()+60*60*24*30); $loggedin = 1; $K = sizeof($allusers); } } if ($loggedin) { ?> You Are Now Logged In <? echo $user; ?> <? } else { ?> There was an error with your login information. <? } ?> What this code does it it takes your login information and stores it into a variable. It reads the contents of the database and then EXPLODES out the |##|'s Leaving Our users and their information in nice and neat little arrays. After it does that, lets say we want to get the picture url for the member with the user id of '1'. to do this, we could simply use $user[1][6] because it is the first member, and the picture url is after the 6th |##|. Understand? If you will put this code at the top of all your php pages you will be able to use that syntax: CODE $allusers = file('userdata.txt'); foreach($allusers as $Key => $Val) { $user[$Key] = explode("|##|", $Val); } If all the login information is correct, it stores the username, email, userid, and rank in cookies that are set to expire in 30 days. Now, Lets say on your main page you want to make a welcome message. Depending on if they are logged in or not, you want it to either say 'Welcome Guest' or 'Welcome *username*'. Well We could do this pretty easily using those cookies i talked about earlier. to do this you would use somthing along the lines of: CODE <? if($_COOKIE['username']) echo 'Welcome ' . $_COOKIE['username']; else echo 'Welcome Guest'; ?> What this does is it checks to see if the variable for username is set, if it is then the user is then that means the user must be logged in so then the computer will echo to the screen 'Welcome *username*'. If it isnt, then that means that the user is not logged in and it echos 'Welcome Guest' to the screen. I tried to make it as simple and painless as i possibly can, but beleive me, this was the easy part. When you read the forum tutorial you will understand why. We will be throwing out the conventional 'Nice and neat' for a jumbled mess, but if we program it just right, we can make the computer work it out for us |
 |
 
|
|
Aug 26 2006, 01:47 PM
Post
#2
|
|
|
Member [Level 1] Group: Members Posts: 50 Joined: 25-August 06 Member No.: 28,897 |
Nice tutorial but it seems need more improvement like, check the email whether is valid or not, Filtering some "bad" characters. Let's say what about if some users by accident fill '|##|' characters. I think the results is unexpected!.
Here the code that i've used in my website!. CODE // function to block/allowing what characters we want to pass function filter_str($string, $other='') { if ($other == '') $filter = ereg_replace('[^a-zA-Z0-9_]', '', $string); else $filter = ereg_replace("[^a-zA-Z0-9_$other]", '', $string); return $filter; } // function to check the email format function check_email($email) { if (ereg('^[a-zA-Z0-9_\-]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$', $email)) return true; else return false; } Usage of the function: CODE // example $page = filter_str($_GET['page']); // only alphanumeric that allowed $name = filter_str($_POST['name'], " .,"); // alphanumeric plus space, coma, and dot is allowed $email = $_POST['email']; if (!check_email($email) // if email didn't valid exit("Sorry, it seems your email is not valid"); // then you can process the data hope's this can help someone! 
This post has been edited by masterio: Aug 26 2006, 01:56 PM |
|
|
|
|
Aug 26 2006, 04:35 PM
Post
#3
|
|
|
Premium Member Group: Members Posts: 172 Joined: 2-August 06 From: North Carolina Member No.: 27,662 |
lol, like i said, how often do people type |##|? i dont think ive seen it once .... untill now anyway....
But i suppose that it would be kind of useful to make sure just in case they do use it. when i do email validation i like to use the mail function, that way it will send them an email saying "Thanks for Joining' or something to the sort. im glad you pointed it out though cause im sure it will come in handy... judging from ur code seems you know quite a bit of php to know how to use regular expressions like that :-p |
|
|
|
|
Aug 26 2006, 04:36 PM
Post
#4
|
|
|
Newbie [Level 1] Group: Members Posts: 23 Joined: 24-August 06 Member No.: 28,825 |
kool thanks, maybe i will give this a try.
|
|
|
|
|
Aug 26 2006, 04:47 PM
Post
#5
|
|
|
Ephesians 6:10-17  Group: [MODERATOR] Posts: 1,868 Joined: 22-June 05 From: The World of Gentoo Member No.: 8,528  |
I would advise just Chmodding the file to 666 only. Cause that's all that seems to be needed. Another thing, i'd have an .htaccess file preventing users from peeking inside the "userdata.txt" file. One more thing, for extra security: instead of just md5-ing the password i'd also sha1 it, for the register.php file, like so:
CODE $writecontent = "\r\n" . $user . "|##|" . sha1(md5($pass1)) . "|##|" . $email1 . "|##|" . "Member|##|" . Of course, you'd have to change another line in "login.php": CODE if ( strtolower($user) == $allusersinfo[$K][0] && sha1(md5($pass)) == $allusersinfo[$K][1])
|
|
|
|
|
Aug 26 2006, 07:24 PM
Post
#6
|
|
|
Privileged Member Group: [HOSTED] Posts: 537 Joined: 21-August 06 From: Ziya's Heart Member No.: 28,693 |
Nice work Tsunami and Masterio, thanx. Good security tip by truefusion.
I will use this code in my site but would like to add one more feature, "Forget Password" option, would you take time to write the code for me. |
|
|
|
|
Aug 26 2006, 07:57 PM
Post
#7
|
|
|
Premium Member Group: Members Posts: 172 Joined: 2-August 06 From: North Carolina Member No.: 27,662 |
Ok here is a forgot password thing, since its md5 hashed you cant send the login info so i made it so that you can change the password. I havent had the chance to test it out properly but i beleive it should work
Save this as 'forgot.php'... everything is contained in htis one file CODE <? if (!$_GET['sent'] && !$_GET['id']) { ?> <form name="forgot" action="forgot.php?sent=1" method="POST"> <center>Please enter your email to request a password reset<br><input type="text" name="email" size="10"><br><input type="submit" value="submit"></center></form> <? } else if($_GET['sent']) { $fileh = file('userdata.txt'); foreach($fileh as $key => $val) $user[$key] = explode("|##|",$val); for($k=1; $k<sizeof($fileh);$k++) { if(strtolower($user[$k][2]) == strtolower($_POST['email'])) { $user = $user[$k][0]; $pass = $user[$k][1]; } } if($user) { $emailbody = "If you have requested a password request then follow the instructions below<br>1) go to this link <a href='http://YOUR SITE GOES HERE YOUR SITE GOES HERE/forgot.php?id=" . md5($user) . "'>http://YOUR SITE GOES HERE YOUR SITE GOES HERE/forgot.php?id=" . md5($user) . "</a><br>2) Use that form to reset your password<br>3)Login!<br><br>If you did not request this then please disregard this message"; @mail($_POST['email'],"Password Reset Request",$emailbody); ?> Your Request has been sent <? } else{?> that is an invalid email <? } }else if($_GET['id'] && !$_GET['reset']) { ?> <form name="forgot" action="forgot.php?id=<?echo $_GET['id'];?>&reset=1" method="POST"> <center>Enter a New Password<br><input type="text" name="pass" size="10"><br><input type="submit" value="submit"></center></form> <? } else if ($_GET['id'] && $_GET['reset']) { $fileh = file('userdata.txt'); foreach($fileh as $key => $val) $user[$key] = explode("|##|",$val); for($k=1; $k<sizeof($fileh);$k++) { if($_GET['id'] == md5($user[$k][0])) { $user[$k][1] = md5($_POST['pass']); } } $fileh2 = fopen('userdata.txt','w'); fwrite($fileh2,$fileh[0]); for($k=1;$k<sizeof($fileh);$k++) { for($l=0;$l<sizeof($user[1]);$l++) fwrite($fileh2,$user[$k][$l] . "|##|"); fwrite($fileh2,"\r\n"); } fclose($fileh2); ?> your password has been reset, please login <? }?> You need to edit where it says YOUR SITE HERE YOUR SITE HERE to your site but yea, im not gonna take the time to explain how it works unless you want me to since this was made for a request... any one can use it... hell i might even use it... Thanks for your input :-p This post has been edited by Tsunami: Aug 26 2006, 08:35 PM |
|
|
|