Php: Simple User System Part 1 Creating the basics of a user system

[QuickSilva 0]

Hello and welcome to the tutorial of creating a simple user system! In this tutorial we will be using sessions in order to keep the user logged in. All passwords in the database will be encrypted with MD5.

 

Ok first of all run this SQL on your database:

CREATE TABLE `users` (  `id` int(11) NOT NULL auto_increment,  `username` varchar(250) NOT NULL default '',  `password` varchar(250) NOT NULL default '',  `email` varchar(250) NOT NULL default '',  PRIMARY KEY  (`id`)) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1;

As you see above we have 4 fields:

ID: The ID will basically keep the ID of the user. This ID adds 1 for everytime a new row is created (basicly someone registering)

 

Username: Pretty self explanatory, keeps the username of the user.

 

Password: Again pretty self explanatory, this keeps the password of the user. For the passwords we will be encrypting them with MD5. This will keep them secure so that no-one can get in to there account by hacking the database or other means.

 

Email: This is the email address for the user.

 

-----------------

 

Ok now we move onto db.php. This file will allow us to connect to the database and will hold some other things in here aswell, such as the function for checking if the user is logged in. I have explained as well as I could in the code it's self. Please take time to read this, as it will make you understand the code more.

 

<?phpsession_start(); /*This will start our sessions. Without this the sessions will not run. This must be at the very top of the page.*/$connection = mysql_connect("localhost","DB USER","DB PASS");/*Basicly above this is what is happening. It is going to connect to the database using them credentials. Edit DB USER and DB PASS to what you have set it to be in cPanel. Localhost should only be changed if instructed by your host to do so, normaly if you have a dedicated mysql server.*/mysql_select_db("DB NAME") or die(mysql_error());/*This selects the database and if it can't, it will display the error that mysql outputs.*/$username = $_SESSION['username'];/*This is assigning the variable $username to the session.*/$password = $_SESSION['password'];/*This is assigning the variable $password to the session*/$id = $_SESSION['id'];/*This is asigning the variable $id to the session*/function checklogin($error_str){ /* This sets the functions checklogin. We have one parimeter called $error_str. This is the error to be put if there not logged in *//*This function will check if the user is logged in*/$checklogin = mysql_num_rows(mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password' AND id = '$id'")); /* This is the second check. It checks if there actualy in the database with the information by the sessions*/if ((!isset($username)) || (!isset($password)) || (!isset($id))){ /* Checks if the sessions are set. This is the first login check. */die($error_str);}elseif($checklogin == 0){ /* If the database said it can't find them anywhere */die($error_str);} /* Closes the elseif */} /*Closes the function */unset($checklogin, $password, $id);?>

-----------------

 

Right next we are going to make register.php. This is the form where the user can register up to the user system. Again I will try and comment it as much as possible so you understand it more.

 

<?phpsession_start(); /*Start the session as always*/include("db.php"); /*Here we are including the database file in order to connect to the database*/if ($_POST['submit']){ /*If they have clicked the submit button*//* On the next few lines we will set a variable for what they have put. Remember variables always begin with a $. */$post_username = $_POST['username'];$post_password = $_POST['password'];$md5_password = md5($post_password);$post_email = $_POST['email'];$usernamecheck = mysql_num_rows(mysql_query("SELECT * FROM users WHERE username = '$post_username'")); /* Check if the username has already been taken */if ((!$post_username) || (!$post_password) || (!$post_email)){ /* if they have missed a field */echo "You have missed a field!";}elseif($usernamecheck != 0){ /* If the username has already been taken */echo "This username has already been taken!";}else{ /* Username hasnt been taken and all fields filled in, let's carry on! */mysql_query("INSERT INTO users (`id`, `username`, `password`, `email`) VALUES ('', '$post_username', '$md5_password', '$post_email')"); /* Adds them to the database */echo "You have registered!";}}else{ /* If the form hasn't been submitted... */?><html><head><title>Register</title></head><body><!-- Starts the form --><form style="margin: 0px; display: inline;" method="post"><!-- Starts the layout table --><table cellpadding="2" cellspacing="0" border="1" width="31%" align="center"><tr><td colspan="2" align="center"><strong>Register</strong></td></tr><tr><td width="50%" align="right">Username:</td><td width="50%"><input type="text" name="username"></td></tr><tr><td align="right">Password:</td><td><input type="password" name="password"></td></tr><tr><td align="right">Email:</td><td><input type="text" name="email"></td></tr><tr>  <td colspan="2" align="center"><input type="submit" name="submit" value="Register!"></td>  </tr><!-- Ends the layout table --></table><!-- Ends the form --></form></body></html><? } ?>

-----------------

 

The next page is login.php so the user can actualy login

 

<?phpsession_start(); /* Starts the session as always */include("db.php"); /* Includes database file so we can connect */if ($_POST['submit']){ /* If they have clicked submit */$post_username = $_POST['username']; /* The username they filled in */$post_password = md5($_POST['password']); /* The password they filled in. Notice the md5. This will encrypt our password so we can match it up to the database */$numrows = mysql_num_rows(mysql_query("SELECT * FROM users WHERE username = '$post_username' AND password = '$post_password'"));if ((!$post_username) || (!$post_password)){echo "You have missed a field!";}elseif($numrows == 0){echo "Incorrect username or password!";}else{$fetcharray = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '$post_username' AND password = '$post_password'")); /* We are selecting the row from the database which is theres in order to get there id. This will put it all into arrays eg. $fetcharray[id] is what we are going to use. */$_SESSION['username'] = $post_username; /* Notice theyre the other way round? This is because we are setting a session. */$_SESSION['password'] = $post_password;$_SESION['id'] = $fetcharray[id];echo "You are now logged in!";}}else{ /* They didn't submit the form. */?><html><head><title>Login</title></head><body><form method="post" style="margin: 0px; display: inline;"><table cellpadding="2" cellspacing="0" border="1" width="31%" align="center"><tr><td colspan="2" align="center"><strong>Login</strong></td></tr><tr><td width="50%" align="right">Username:</td><td width="50%"><input type="text" name="username"></td></tr><tr><td align="right">Password:</td><td><input type="password" name="password"></td></tr><tr><td align="center" colspan="2"><input type="submit" name="submit" value="Login"></td></tr></table></form></body></html><? } ?>

-----------------

 

Ok finally I will show you how to make a page where they are required to be logged in. You can name this page what you want

 

<?phpsession_start();include("db.php"); /* Includes the database */checklogin("You need to be logged in to access this page!"); /*Error if they are not logged in and also this checks if they are.*/?>Your page here for logged in people!

-----------------

 

Thank you very much for reading this and I hope you have learnt something. If you ever need help reply here or message me. Check back for part 2 coming soon!

[delivi 0]

how do I display the login form when the user visits a page that need login.

[detportal 0]

Is that one of those Central Authentication Systems, where you login once and get authenticated by all the applications you have installed that require logins? Because that's what I've been after for a LOONG time, and I've posted here about it too. So IS it one of those systems, and if it is, THANK YOU SO MUCH! but how do you get programs to intergrate with it?

[alex1985 0]

You called the topic itself like ...Part 1, if there is a second part pf the titorial?!