Complete Login System With PHP + MYSQL

[FaLgoR 0]

Its an complete login sistem made and tested by me and I think itwill be very usefull for people who are tryn to learn PHP.

First, let's make register.php:

<?include("conn.php"); // create a file with all the database connectionsif($do_register){ // if the submit button were clickedif((!$name) || (!$email) || (!$age) || (!$login) || (!$password) || (!$password2)){print "You can't let any fields in blank.\n"; // if the user did not put some fieldexit;}$name = stripslashes($name);$email = stripslashes($email);$age = stripslashes($age);$login = stripslashes($login);$password = stripslashes($password);$password2 = stripslashes($password2);// this is for security reasonsif($password != $password2){ // if passwords didn't matchprint "The password and the confirmation are not the same!\n";exit;}$password = md5($password);mysql_query("INSERT INTO table (name,email,age,login,password) VALUES ('$name','$email',$age,'$login','$password')") or die (mysql_error());print "Done!\n"; // if its okay, show this messageexit;} // close the first "if"?><form action="register.php" method="post">Name: <input type="text" name="name"><br>Email: <input type="text" name="email"><br>Age: <input type="text" name="age"><br>Login: <input type="text" name="login"><br>Password: <input type="password" name="password"><br>Password Again: <input type="password" name="password2"><br><input type="submit" name="do_register" value="Sumbit"></form>

And now 'conn.php', which is 'included' in the above file.

$host = 'localhost';$user = 'root';$pass = '';$db = 'yourdb';mysql_connect($host,$user,$pass) or die ("Database is unavaiable. Please try again later.");mysql_select_db($db) or die ("Database is unavaiable. Please try again later.");

Notice from jlhaslip:

I have cut and pasted the missing 'conn.php' in here to avoid all the confusion about it having been missed in the original version of the tutorial.
Most of the following posts concern this out-of-place file, so this note might help explain why they are there.

And now, login.php:

<?include("conn.php");if($do_login){$login = stripslashes($login); // VERY IMPORTANT FOR SECURITY OF YOUR DATABASE DON'T ERASE IT$passwd = stripslashes($passwd); // VERY IMPORTANT FOR SECURITY OF YOUR DATABASE DON'T ERASE IT$check = mysql_query("SELECT * FROM table WHERE login='$login' LIMIT 1;");$user = mysql_fetch_array($check);if($user[password] == md5($passwd)){ // if the writed password and the db password are the same...setcookie("login","$login",time()+360000);setcookie("pass","$passwd",time()+360000);// ...set the cookies...header("Location: userspage.php"); // ...and redirect to restrict page}else{print "Login or password incorrects!\n";exit;}}?><form action="login.php" method="post">Login: <input type="text" name="login"><br>Passwd: <input type="password" name="passwd"><input type="submit" name="do_login" value="Log-in!"></form>

And finally, userspage.php:

<?if(isset($HTTP_COOKIE_VARS["login"])){?>Page contents here<?}else{?>This page is restrict for registered users only!<?}?>

verify.php:

<?include("conn.php"); // include page with the database connection$cookie = $HTTP_COOKIE_VARS; // to reduce the var's name :o)if($cookie[login] && $cookie[pass]){$login = $cookie[login];$pass = $cookie[pass];$usrquery = mysql_query("SELECT * FROM members WHERE nick='$login' AND password='$pass';") or die (mysql_error()); // search for the user$user = mysql_fetch_array($usrquery);if($user[level] != 'Admin') header("Location: notfound.htm"); // if the user is not an admin, redirect to an error page}?>

admin.php:

<?include("verify.php"); // it will verify if the user is an admin?><!-- Here, the table with all the members --><table width="100%" border="0" cellspacing="0" cellpadding="0">    <tr>      <td>        <form method="post" action="members.php">          <table width="100%" border="0" cellspacing="3" cellpadding="0">            <tr bgcolor="#333333">              <th width="6%" class="header"><font size="1">Editar</font></th>              <th width="1%" class="header"><font size="1">ID</font></th>              <th width="24%" class="header"><font size="1">Name</font></th>              <th width="13%" class="header"><font size="1">Age</font></th>              <th width="40%" class="header"><font size="1">E-Mail</font></th>              <th width="11%" class="header"><font size="1">Details...</font></th>            </tr><?$query = mysql_query("SELECT * FROM members ORDER BY id;");if(!mysql_fetch_array($query)) // If there is no membersprint "<tr><td align=\"center\" colspan=\"7\"><font color=\"#FFFFFF\" size=\"2\"><b>Sorry, there is no members registered.</b></font></td></tr>\n";// Show you a messagewhile($profiles = mysql_fetch_array($query)){?>            <tr bgcolor="#666666">              <td> <div align="center"><input type="checkbox" name="id[]" value="<?=$profiles[id]?>"></div></td>              <td> <div align="center"><?=$profiles[id]?></div></td>              <td> <div align="center"><?=$profiles[name]?></div></td>              <td> <div align="center"><?=$profiles[age]?></div></td>              <td> <div align="center"><?=$profiles[email]?></div></td>              <td> <div align="center"><a href="profiles.php?op=edit&id=<?=$profiles[id]?>" target="_blank">More info...</a></div></td>            </tr><?}?>          </table>        </td>    </tr>  </table></form>

Done, now, profiles.php (used to see and edit member information):

<?include("verify.php"); // always put this page, or everybody would have access to this pagefunction Update (&$member, $table, $data){    global $id;    $items = explode(" ",$data);	$update = "";	$i = 0;	while ($tmp = $items[$i++])	{  $data = $member[$tmp];  if (is_numeric($data))  	$update .= "$tmp=$data";  else  {        sqlQuotes($data);  	$update .= "$tmp='$data'";        }  if ($items[$i]) $update .= ",";	}	mysql_query("UPDATE $table SET $update WHERE id=$member[id];");}// this function is really nice!!switch($op){case 'edit': // if you're trying to edit/see info$profile = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE id=$id;")); // save the user informations on an variable?><!-- now, lets show an table -->  <form action="profiles.php?op=doedit&memberid=<?=$profile[id]?>" method="post">    <table width="100%" border="0" cellspacing="3" cellpadding="0">      <tr>         <td width="25%"><font color="#FFFFFF">ID</font></td>        <td width="75%"><input name="id" type="text" id="id" value="<?=$profile[id]?>" size="2"></td>      </tr>      <tr>         <td><font color="#FFFFFF">Name</font></td>        <td><input name="name" type="text" id="nome" value="<?=$profile[name]?>" maxlength="32"></td>      </tr>      <tr>         <td><font color="#FFFFFF">Age</font></td>        <td><input name="age" type="text" value="<?=$profile[age]?>" maxlength="32"></td>      </tr>      <tr>         <td><font color="#FFFFFF">Country</font></td>        <td><input name="country" type="text" id="estado" value="<?=$profile[country]?>" size="2" maxlength="2"></td>      </tr>      <tr>         <td><font color="#FFFFFF">City</font></td>        <td><input name="city" type="text" id="cidade" value="<?=$profile[city]?>"></td>      </tr>      <tr>         <td><font color="#FFFFFF">ICQ</font></td>        <td><input name="icq" type="text" id="icq" value="<?=$profile[icq]?>"></td>      </tr>      <tr>         <td height="22"><font color="#FFFFFF">MSN</font></td>        <td><input name="msn" type="text" id="msn" value="<?=$profile[msn]?>"></td>      </tr>      <tr>         <td><font color="#FFFFFF">HP</font></td>        <td><input name="hp" type="text" id="hp" value="<?=$profile[hp]?>" size="40"></td>      </tr>      <tr>         <td><font color="#FFFFFF">E-mail</font></td>        <td><input name="email" type="text" id="email" value="<?=$profile[email]?>" maxlength="60"></td>      </tr>      <tr>         <td colspan="2"> </td>      </tr>      <tr>         <td colspan="2"><div align="center">             <input type="submit" value="Save">                          <input type="reset" value="Reset">          </div></td>      </tr>    </table>  </form><?break;case 'doedit':if(!$memberid)return;$profile[name] = $name;$profile[age] = $age;$profile[country] = $country;$profile[city] = $city;$profile[icq] = $icq;$profile[msn] = $msn;$profile[hp] = $hp;$profile[email] = $email;Update($profile,"members","name age country city icq msn hp email");mysql_query("UPDATE members SET id=$id WHERE id=$memberid;"); // update user's idEndNow("Details saved!<br><br><a href=\"admin.php\">Back</a>");break;}?>

Try to don't only copy the code and post into your site. If you do it, you will learn nothing with this tut. I hope it have been usefull for you!
Edited January 6, 2006 by jlhaslip (see edit history)

[zachtk8702 0]

Hey looks great. If someoen is just learning PHP i asusme theyre not familiar with MYSQL alreayd so maybe add something about putting tables in a database........ Maybe a php script would be easiest for them. Just an Idea.

[novaforme 0]

Well I run appserv off my own computer at my house so I can test pages and such before i post them, Well i tested this and all i got back was warnings.Warning: main(conn.php): failed to open stream: No such file or directory in e:\www\login\verify.php on line 10Warning: main(conn.php): failed to open stream: No such file or directory in e:\www\login\verify.php on line 10Warning: main(): Failed opening 'conn.php' for inclusion (include_path='.;c:\php4\pear') in e:\www\login\verify.php on line 10Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in e:\www\login\admin.php on line 28Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in e:\www\login\admin.php on line 32

[FaLgoR 0]

Well I run appserv off my own computer at my house so I can test pages and such before i post them, Well i tested this and all i got back was warnings.

 

Warning: main(conn.php): failed to open stream: No such file or directory in e:\www\login\verify.php on line 10

 

Warning: main(conn.php): failed to open stream: No such file or directory in e:\www\login\verify.php on line 10

 

Warning: main(): Failed opening 'conn.php' for inclusion (include_path='.;c:\php4\pear') in e:\www\login\verify.php on line 10

 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in e:\www\login\admin.php on line 28

 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in e:\www\login\admin.php on line 32

51379[/snapback]

Man, I you have to make an file called conn.php, with the database connections beofre runing the script

here is an example:

 

$host = 'localhost';$user = 'root';$pass = '';$db = 'yourdb';mysql_connect($host,$user,$pass) or die ("Database is unavaiable. Please try again later.");mysql_select_db($db) or die ("Database is unavaiable. Please try again later.");

Put this file at the login directory and it will works =]

[Music 0]

mext time.... Show what EACH code does so people can edit it an so forth

[maddog39 0]

Wow quoting that post was majorly cheating hosting points but whatever. Also, I dont see any MySQL what so ever and I also dont think its hard to make an install file and yeah you forgot a database connector file. That really needs to be fixed.

[FaLgoR 0]

Next time.... Show what EACH code does so people can edit it an so forth wink.gif

This is riduculous! The guy quote all the topic to comment only it! Cheater post!

Wow quoting that post was majorly cheating hosting points but whatever. Also, I dont see any MySQL what so ever and I also dont think its hard to make an install file and yeah you forgot a database connector file. That really needs to be fixed.

You have only to edit conn.php file to your needs.

[karlo 0]

Why do you use stripslashes()? Can't you use $_GET or $_POST?

[doom145 0]

whyme says: huge unessasry quote deleted

thx i have been looking something in the region of this......I am havin problems with my login php...I have made my own php login system but it didnt work so I guess I have to use this.....My problem is that it runs the code i dont want it to run and hence it logs into my whm lol.....so I am thigering out how to NOT copy u but have help from the tutorial

Edited March 25, 2005 by whyme (see edit history)

[shadowdemon 0]

Thanks for the help. I have had trouble with these codes cause they never worked but cant wait to try it

[xJedix 0]

Very nice tutorial and setup for a login system. I have my own I have used in the past as a clan site. You have given me many ideas to try that will majorly improve my site. I like your secure md5 passes, thats a great idea especially for something like a clan site. I am going to have to incorperate that into my site. Also, I haven't liked functions that much but it makes everything much simplilar and gives you a lot of freedom by using them. I will have to give them a try in the future.

I got one question.....
for this line in admin.php:

print "<tr><td align=\"center\" colspan=\"7\"><font color=\"#FFFFFF\" size=\"2\"><b>Sorry, there is no members registered.</b></font></td></tr>\n";

You can just have this line like this and still work:

print "<tr><td align=center colspan=7\><font color=#FFFFFF size=2><b>Sorry, there is no members registered.</b></font></td></tr>\n";

Is it wrong to do it that way? or does problems occur by doing this?

Also, is this code changed to php5? Because I remember being told that " should be ' in the php sections of the code for the new versions of php.


Thanks for the tutorial, and if someone could answer my questions.... that would be great

xJedix

Notice from jlhaslip:

Edit to repair bbcode as per report.

Edited December 2, 2005 by jlhaslip (see edit history)

[Plenoptic 0]

Well that's cool. Does it remember that the person is logged in or whatever? Like does it show that they are logged in on the site? Like say I log in and go to a different link on the forum. Will it say in a corner Logged In as Plenoptic? If so that's really cool. Nice tutorial

[HmmZ 0]

@KarloIt's avoiding the superglobals, wich are by default switched off in PHP4 and PHP5, but in my honest opinion i dont think falgor took that in his decision when using variables right away.Note that i dont know wich phpversion() Xisto has at the moment, so if they are still using cPanels default (PHP3) then you can use $_POST[] and $_GET[].@xJedixYou dont have to necessarily use quotes, in the end it can really speed up a script. however, it is one of the necessary functions when you want it just to be a LITTLE html validated, im not sure but it can be that some browsers can cause display errors when using no quotes, but dont hook me on that.

[Hiaito 0]

I wonder if you could run that off in PHPmyCHAT.

[Dooga 0]

Thanks! I was searching for such a script in hotscripts.com for a long time! Maybe you could even submit the script...