xavier1280

This is how I would had created PHP with MySQL Database. A Short Tutorial for everyone.

 

we will first create a login script. The login script will have a MYSQL table which it will reference to verify the existence of a user at login. It will also have various scripts that will help register a new user and retrieve forgotten passwords.

 

Login Script

 

The login script will have the following pages:

 

Login.php - Enables users to log in.

Logout.php - Enables logging out.

Register.php - Creates new users.

Password.php - Password recovery.

Messages.php - Handles error messages.

Let's create a table that will gather the following information about a user:

 

Username

Password>

Level

Admin - This will be the moderator of the system

Normal - Normal access rights

Date_joined

IP Address - Enables us to identify and ban users.

Email - Used for password recovery.

Isbanned - Enable us to ban users

Here's the table:

CREATE TABLE `user` (

`id` int(5) NOT NULL auto_increment,

`uname` varchar(98) NOT NULL default '',

`pw` varchar(98) NOT NULL default '',

`email` varchar(100) NOT NULL default '',

`date_joined` datetime NOT NULL default '0000-00-00 00:00:00',

`ip` varchar(20) NOT NULL default '',

`level` varchar(10) NOT NULL default '',

`isbanned` enum('yes','no') NOT NULL default 'no',

PRIMARY KEY (`id`)

) TYPE=MyISAM AUTO_INCREMENT=11 ;

 

As you can see from the table layout, the table gathers a lot of information about a user. The most significant item of them all is the "isbanned" field. This field is responsible for checking whether or not a user is banned. The "ip" field stores the IP address of the user, which will be used to reinforce the isbanned status of a user.

 

 

If you can simply just copy and paste the following code from above to php my admin and run the SQL.

 

2) Login.php

 

This file displays a form that requests your username and password and also gives you the options to register as a new user or recover your password if you've forgotten it. Once you've pressed the submit button the following code gets executed:

 

<?

session_start();

if(isset($_GET['reg'])){

$reg=$_GET['reg'];

}else{

$reg="";

}

if($reg==1){

$msg1="<font color="#FF0000"><b>Your details have been added,

please login</b></font>";

}elseif($reg==2){

$msg1="<font color="#FF0000"><b>You have been successfully

logged out.</b></font>";

}elseif($reg==3){

$msg1="<font color="#FF0000"><b>You have been redirected because you need to be logged on as administrator.</b></font>";

}

if(isset($_POST['submit'])){

if( empty($_POST['uname']) && (empty($_POST['upass']))){

header( "Location:Messages.php?msg=1" );

exit();

}

//transfer to shorter var

$n=$_POST['uname'];

$p=$_POST['upass'];

//connect to db

include('config.php');

$query="select * from user where uname='$n' and pw='$p'";

if($result=mysql_query($query)){

$row=mysql_fetch_assoc($result);

//check each var

if($n !=$row['uname']){

header( "Location:Messages.php?msg=2" );

exit();

}

if($p !=$row['pw']){

header( "Location:Messages.php?msg=11" );

exit();

}

if($row['isbanned']=='yes'){

header( "Location:Messages.php?msg=12" );

exit();

}

}//ifresult

//put in session vars

$_SESSION['level'] = $row['level'];

$_SESSION['status'] = 'logged';

$_SESSION['username'] = $n;

//This takes you to the admin pages; change this to take you to

wherever you want it //to go.

header("location:../admin/main.php");

exit;

}?>

 

This script checks to see whether a user exists. If so, the username and password is compared with the information in the database. It also checks to see whether the user is banned. If all the checks are okay, the script puts the username in a session variable and then sends the user through to the appropriate page. If the user does not exist, the program goes to the messages page and displays an error message.

 

The script also checks the user's banned status. If a user is banned, then the script directs you to the Messages page. The submitted username and password is checked individually and then the appropriate action is taken. This enables the user to know exactly which of the two, username or password, is wrong.

 

3) Logout.php

 

Logs a user out with the following code:

 

<?

session_start();

if($_SESSION["status"]="logged") {

session_unset();

session_destroy();

header( "Location:login.php?reg=2" );

exit();

}

else{

if ($_SESSION["status"]="not logged") {

//the session variable isn't registered, the user shouldn't even

be on this page

header( "Location:login.php" );

exit();

}

}

?>

 

The 'header( "Location:login.php?reg=2" ); ' code sends a reg value of 2 to the login.php page, which informs the user that he/she has been logged out. To log out a user, we simply empty the session variables that have been filled at login. This is done by the session_unset() and session_destroy() functions.

 

4) Register.php

 

This script registers or adds a new user.

 

The following code does the job:

 

<?

if(isset($_POST['Submit'])){

//NEED TO CHECK IF FIELDS ARE FILLED IN

if( empty($_POST['name']) && (empty($_POST['email']))){

header("Location:Messages.php?msg=3");

exit();

}

if( empty($_POST['pw1']) && (empty($_POST['pw2']))){

header( "Location:Messages.php?msg=4" );

exit();

}

$name=$_POST['name'];

$email=$_POST['email'];

$pw1=$_POST['pw1'];

$pw2=$_POST['pw2'];

if("$pw1" !== "$pw2" ){

header( "Location:Messages.php?msg=5" );

exit();

}

$ip = $_SERVER['REMOTE_ADDR'];

if(empty($ip)){

header("location:Messages.php?msg=13");

exit();

}

if(isset($_POST['select'])){

$level=$_POST['select'];

}else{

$level="Normal";

}

//connect to the db server , check if uname exist

include('config.php');

$query=("Select * from user where uname='$name'");

$result= mysql_query($query);

$num=mysql_num_rows($result);

if ($num > 0) {//Username already exist

header( "Location:Messages.php?msg=6" );

exit();

}else{

//if username does not exist insert user details

$query=( "INSERT INTO user (uname, pw,email,date_joined,ip,level,isbanned) VALUES ('$name',password

('$pw1'),'$email',NOW(),'$ip','$level','no')");

if(!@mysql_query ($query)) {

echo mysql_error();

}else{

if(empty($_POST['select'])){

header("location:login.php?reg=1");

exit;

}else{

header("location:../admin/main.php");

exit;

}

}

}

mysql_close();

}?>

 

The script does three things:

 

Checks whether all the fields are filled in. If not, the program goes to the messages page where the appropriate error is displayed.

Checks whether the username already exists. If so, the program goes to the messages page where the appropriate error is displayed.

If the username does not exist, the script adds the user details and goes straight to the login page. Where the user can now login.

5) Password.php

 

This script sends the password that the user has forgotten to his/her email address.

 

Here's the password code:

 

<?

include("fns.php");

include "config.php";

if(isset($_POST['Submit'])){

//1. Check if form fields are filled in

if(!filledin($_POST)){

header( "Location:Messages.php?msg=7" );

exit();

}

$name=$_POST['name'];

$em=$_POST['mail'];

//2. Check if entered name exist

$query="Select pw from user where uname='$name'" or die(mysql_error());

$result= mysql_query($query);

if(mysql_num_rows($result)>0){

for ($i=0; $i<mysql_num_rows($result); $i++) {

$row = mysql_fetch_assoc($result);

$pass=$row['pw'];

$to="$emrn";

$from="From: Admin@jacquesnoah.co.ukrn";

$msg="Password:$passrn";

$msg .="Username:$namern";

$msg .="Please change your password as soon as you logonrn";

$subject="From Admin re:Your Login Passwordrn";

}

}else{

header( "Location:Messages.php?msg=8" );

exit();

}

//3. Send password to user

if(mail($to,$subject,$msg,$from)){

header( "Location:Messages.php?msg=9&email=<?php echo $em; ?>" );

exit();

//echo "Please click here to log";

}else{

header( "Location:Messages.php?msg=10");

exit();

}

}

?>

 

This code does three things:

 

Checks to see if all fields are filled in. Notice the use of the function called 'filledin()' in the line "if(!filledin($_POST)){}">. That function is declared in the functions script called "fns.php" which is included in at the top of the code. It just checks whether all posted variables contain something.

Checks to see if entered name exists. This provides us with extra security, by checking whether the username and email address exist.

Once all security checks have been passed, it sends the password.

I have tried and successfully able to run a effective login script. It can of course always be improved, but for now it is adequate, security wise.

 

Thanks.

Hi All,I am very new to E-Commerce, I've recently acquired a web design project. My client requirements is to Store Customer Details, Product Listing, Manage Categories and products, Manufacturers, Specials and develop reports for best viewed products, products purchased, Customer Orders and they should be able to add it to cart and checkout and accept different methods of payments including credit cards (Visa, Master Card, Direct Debit) and keep track of recurring payments.. Is there a pre configured script for PHP? or does the hosting plan needs to have ecommerce support???Any help would be appreciated. I need to start from scratch and very new to this process.

Thanks for the information Mod. I had recently created a topic in a sub forum called webdesign. I cannot seem to trace it or find that topic. Perhaps that topic needs to be accepted by Mods.My Question was simply to ask how to implement web conferencing and video conferencing. I have a client who has requested me to develop a website for a school that teaches Maths, English, Spelling and Reading.Their requirements was that they want to have web conferencing feature to conduct live meetings with students as well as virtual classroom would have all the resources for students to download tutorials, lecture notes, lab assessments and virtual classroom simulation labs from a web based application. Also lecturer needs to interact with students one on one remotely and creation of group discussion forum for students to interact with teachers and post relevant topics. Other simple requirements are students can upload their assignments from digital drop box that will automatically post to lecturer's email. I did some research and came across few packages called Electalive, Dim Dim, Moodle. But Still uncertain where to begin with???Thanks. Any help would be much appreciated.

Trap 17 seems like a very interesting place to ask questions. I am just enquring to find out whether the basic hosting plan supports Php My Admin to create database and is it e-commerce integrated? Thanks for all the suggestions and assistance i had with forum members.

I am currently working as a freelancer to develop websites for companies. I got a Question to ask, I've asked many forums and they seemed uncertain on answering my query.

I am currently developing a site for a school who requires me to implement web conferencing and video conferencing to conduct live meeting with participants. students in this instance, as well as a virtual classroom with lab simulations from a web based application and interaction with students remotely. They want to be able to view/download Assessment Labs, Lecture Notes, virtual labs.. A little similar to Blackboard.

They also want to have shopping cart with appropriate packages with paypal integrated to purchase products and make payments. They want to use Secure Payment (SSL Certificate) With different methods of online payment. i.e. credit card, direct debit payment. It also needs recurring payment.

I did some research on google. I come across dimdim and electalive. I'm still uncertain on the process of how to go about impementing these features.

Thanks.

Thanks for the important Information Kasperooney. I will be active in forums and will contribute to tutorials. I also appreciate that you explained me the costs of basic hosting package. I will spend some time going through the forums. Also If you dont mind me asking just another specific question, if suppose i do earn the amount of credits needed for basic hosting package i.e. $3, does that support php& Mysql and do i need to have sufficent credit on the following month to again top up the hosting package by writing good quality posts..Thanks for your effort in replying to my questions.

Thanks for the kind welcome Kasperooney. I have had some read through some pages that explains about MyCent and frequently asked questions. I am just trying very hard to understand with how to earn credits (Mycent) easier and how many posts do i need to make to buy basic hosting package??? From my understanding does this mean 100 posts equivalent to $1. I appreciate Trap 17 is a great place to test or experiment with site design, people who don't want to 'go live' on their REAL domain, or that are just happy to have a site on the WWW for free and able to test it and run scripts.

Hi All,

I am an IT Graduate from University of Auckland, I have a great passion for web development, I currently assisted group of developers with small projects to build websites such as http://forums.xisto.com/no_longer_exists/ and have good grasp of PHP & MYSQL. I also enjoy developing CSS websites with Flash.

I find Trap 17 a great tool to communicate with other web developers and stregthen our knowledge and skills and appreciate all the hard work.

Kind regards,
Alkaif

Hi Admin,Can we possibly have a thread in the main page, so users can request on specific topics for instance. I'm doing web development and there are few areas that i would need assistance with. For example. I am interested to know how to create a contact us page so when the users fill out that form and click submits, provided that it has form validation and submits to particular email. My Question in this case would be can we have the requests thread created and if someone is able to answer any specific query on the following topic and would assist many users in the forum.Thanks.

Trap 17 is a great site. I am just enquiring to find out what are the hosting plans that we can purchase provided that we have enough credit (my cents) to choose the appropriate needs of our website. Sorry if its already been posted or any link to guide me through would be much appreciated.