Impious 0 Report post Posted July 21, 2007 (edited) Making a simple login system. (Step by step) Creating the configuration file: 1st Step - Open the notepad. After puting the tag "<?php"(without quotes) write this: $server = 'PUT HERE THE URL OF YOUR MYSQL SERVER';$user = 'USER NAME OF YOUR MYSQL ACCOUNT';$pass = 'PASSWORD OF YOUR MYSQL ACCOUNT';$link = mysql_connect($server,$user,$pass);$base = 'DATABASE NAME';$table = 'TABLE NAME'; 2nd Step - close the php code with: "?>"3rd Step - save the file with the name "config.php" Creating the database installation file: 1st Step - Open the notepad. After puting the tag "<?php"(without quotes) write this: /* 01 */ include ("config.php"); /* 02 */ mysql_select_db($base,$link);/* 03 */ $install = mysql_query("/* 04 */ CREATE TABLE $table (/* 05 */ id int(255) NOT NULL auto_increment,/* 06 */ login varchar(200) NOT NULL default '',/* 07 */ password varchar(200) NOT NULL default '',/* 08 */ email varchar(200) NOT NULL default '',/* 09 */ date DATE NOT NULL default '0000-00-00',/* 10 */ time TIME NOT NULL default '00:00:00',/* 11 */ PRIMARY KEY (id)/* 12 */ ) TYPE=MyISAM;") or die("Wrong to create: $table <br>".mysql_error());/* 13 */ $insertTest=mysql_query("INSERT INTO $table (id,login,password,email,date,time) VALUES ('','test','dGVzdGU=','t-traders@hotmail.com','2007/07/05','14:04:23')"); if($install){/* 14 */ print("Instalation complete! Destroy the file install.php to the system run perfectly!"); }else{/* 15 */ print("Error! Verify if the file config.php is configured!"); }?> Explanationline____________explanation 01 request the configuration file(config.php) 02 mysql command: open the database (DATABASE NAME, mysql_connect('YOUR MYSQL SERVER','YOUR MYSQL ACCOUNT NAME','YOUR MYSQL PASSWORD'); 03 all variables starts with '$' on php, thats a example of one($install) 04 mysql command: create a table on mysql database with the name 'TABLE NAME' ($table) 05 mysql command: insert a field with the name: "id", this is using the auto_increment option, this auto complete the field when added any base 06 mysql command: insert a login field 07 mysql command: insert a password field 08 mysql command: insert a email field 09 mysql command: insert a date field with '0000-00-00' as default 10 mysql command: insert a time field with '00:00:00' as default 11 mysql command: set "id' as primary key of the table 12 mysql command: if have anything wrong and it cant add a table to the database this write the msg with the error 13 mysql command: insert test bases 14 if the script runs OK the msg "Instalation complete! Destroy the file install.php to the system run perfectly!" is show 15 if this not work shows the msg "Error! Verify if the file config.php is configured!" 2nd Step - Save the file with the name: install.php 3rd Step - Upload the files: config.php and install.php . Execute the install.php. 4th Step - Delete the file "install.php". Creating the Registration Form: 1st Step - Create a table like this: $m is the varible that shows the error message like: "Invalid E-mail" $loginvalue is the value of the gap "login"(its for when anything is wrong the user dont have to write all gaps again $emailvalue is like the loginvalue $code is a random code antibots the table contains a login gap; a password gap; an e-mail gap and an antibot gap /* 01 */<table style="text-align: left; width: 100%;" border="0" cellpadding="0" cellspacing="0">/* 02 */ <form action="register.php" method="post"> <tbody>/* 03 */ <tr>/* 04 */ <font color="#ff0000" size="2"><strong><?= $m ?></strong></font>/* 05 */ </tr> <tr> <td style="width: 60px;">Login:</td>/* 06 */ <td style="width: 649px;"><input name="login" type="text" value="<?= $loginvalue ?>"></td> </tr> <tr> <td style="width: 60px;">Password:</td>/* 07 */ <td style="width: 649px;"><input name="password" type="password"></td> </tr> <tr> <td style="width: 60px;">Email:</td>/* 08 */ <td style="width: 649px;"><input name="email" type="text" value="<?= $emailvalue ?>"></td> </tr> <tr> <td style="width: 60px;">Code:</td> <td style="width: 649px;"> /* 09 */ <font color="#6633cc" face="Tahoma" size="2"><strong><?= $code ?></strong></font><font color="#6633cc" face="Tahoma" size="2"> <input name="code" size="4" maxlength="4" type="text"></font></td> </tr> <tr> <td style="width: 60px;"> <input name="correct_code" value="<?= $code ?>" type="hidden">/* 10 */ <input name="Submit" value="Submit!" type="submit"></td> <td style="width: 649px;"></td> </tr> </tbody>/* 11 */ </form>/* 12 */</table> Explanationline____________explanation 01 open a table with this characteristics: align text on left, width size = 100% of the page, none border, cellpadding or cellspacing 02 open a form thats send informations to register.php with the post method 03 <tr> represents rows 04 show the error msg, if exists 05 close this row 06 <td> represents cols, on this col have a login gap with text type 07 password gap, password type is those that transform all character in ************** 08 email gap 09 shows the generated random code(antibot system) 10 submit the of information of this gaps to register.php 11 close this form 12 close this table 2nd Step - placing the table on php code: Create a file and rename to index.php. Place this: <?phpsrand((double)microtime()*1000000); /* 01 */$code=rand(1000, 5000); /* 02 */$msg = $_GET['msg']; /* 03 */$m=base64_decode($msg); /* 04 */$evalue = $_GET['evalue']; /* 05 */$lvalue = $_GET['lvalue']; /* 06 */$emailvalue=base64_decode($evalue); /* 07 */$loginvalue=base64_decode($lvalue); ?>/* 08 */ <table style="text-align: left; width: 100%;" border="0" cellpadding="0" cellspacing="0">/* 09 */ <form action="register.php" method="post"> <tbody>/* 10 */ <tr>/* 11 */ <font color="#ff0000" size="2"><strong><?= $m ?></strong></font>/* 12 */ </tr> <tr>/* 13 */ <td style="width: 60px;">Login:</td>/* 14 */ <td style="width: 649px;"><input name="login" type="text" value="<?= $loginvalue ?>"></td> </tr> <tr>/* 15 */ <td style="width: 60px;">Password:</td>/* 16 */ <td style="width: 649px;"><input name="password" type="password"></td> </tr> <tr>/* 17 */ <td style="width: 60px;">Email:</td>/* 18 */ <td style="width: 649px;"><input name="email"type="text" value="<?= $emailvalue ?>"></td> </tr> <tr>/* 19 */ <td style="width: 60px;">Code:</td> <td style="width: 649px;"> /* 20 */ <font color="#6633cc" face="Tahoma" size="2"><strong><?= $code ?></strong></font><font color="#6633cc" face="Tahoma" size="2">/* 21 */ <input name="code" size="4" maxlength="4" type="text"></font></td> </tr> <tr>/* 22 */ <td style="width: 60px;"> <input name="correct_code" value="<?= $code ?>" type="hidden">/* 23 */ <input name="Submit" value="Submit!" type="submit"></td> <td style="width: 649px;"></td> </tr> </tbody>/* 24 */ </form>/* 25 */</table> Explanationline____________explanation 01 defines a variable with a code randomized between 1000 and 5000. thats for the antibot system 02 $_GET[] is a sintax that get a information in GET method, thats spefied by the clasps inside. in this example this gets the information sent by 'msg'. 03 base64_decode() decodes values encodeds using base64[to encode use base64_encode()] this decodes the information sent by form with GET method, got by $msg 04 $_GET[] is a sintax that get a information in GET method, thats spefied by the clasps inside. in this example this gets the information sent by 'evalue'. 05 $_GET[] is a sintax that get a information in GET method, thats spefied by the clasps inside. in this example this gets the information sent by 'lvalue'. 06 base64_decode() decodes values encodeds using base64[to encode use base64_encode()] this decodes the information sent by form with GET method, got by $evalue 07 base64_decode() decodes values encodeds using base64[to encode use base64_encode()] this decodes the information sent by form with GET method, got by $lvalue 08 open a table with this characteristics: align text on left, width size = 100% of the page, none border, cellpadding or cellspacing 09 open a form thats send informations to register.php with the post method 10 <tr> represents rows 11 show the error msg, if exists 12 close this row 13 thats the label(login:) for the input <input name="login" type="text" value="<?= $loginvalue ?>"> 14 login gap.. the value is to when have any error this returns to this forms and show the information previously typed.. thir shows the login typed.. got by $_GET['lvalue'] and decoded by $loginvalue=base64_decode($lvalue); (7th line) 15 "password:" label for the input: <input name="password" type="password"> 16 password gaps (with the type: password, thats transforms all characters in ***********) 17 "email:" for <input name="email" type="text" value="<?= $emailvalue ?>"> 18 email gap.. the value is to when have any error this returns to this forms and show the information previously typed.. thir shows the email typed.. got by $_GET['evalue'] and decoded by $emailvalue=base64_decode($evalue); (8th line) 19 "code:" label for <?= $code ?> and <input name="code" size="4" maxlength="4" type="text"> 20 shows the code randomized for antibot system.. with #6633cc color, Tahoma face and size 2 21 thats the gap to the user type the code showed before 22 sends the correct code, to compare with the code typed 23 submit gap, sends all this information typed by the user 24 close this form 25 close this table Save this file. 3rd Step - Validating the antibot code. Create a document with the name "register.php" and place this: <?php$login = $_POST['login']; /* geting the login */$password = $_POST['password']; /* geting the password */$code = $_POST['code']; /* geting the code */$email = $_POST['email']; /* geting the email */$correct_code = $_POST['correct_code']; /* geting the correct code */ if(!empty($code)){ /* looking if the code was written */ /* looking if the code is correct */ if($code == $correct_code){ $l = base64_encode($login); $s = base64_encode($password); $e = base64_encode($email); header("Location: register2.php?l=$l&s=$s&e=$e"); /* here the code is right and the registration is being redirecting */ } else{ $lvalue = base64_encode($login); $evalue = base64_encode($email); $m = base64_encode("Invalid Code!"); header("Location: index.php?msg=$m&evalue=$evalue&lvalue=$lvalue");}}else{$m = base64_encode("Write the code!");$lvalue = base64_encode($login);$evalue = base64_encode($email);header("Location: index.php?msg=$m&evalue=$evalue&lvalue=$lvalue");}?> 4th Step - Filtering the informations. Create a file with the name "register2.php" and write this: <?phpinclude ("config.php");mysql_select_db($base,$link);$e = $_GET['e'];$l = $_GET['l'];$s = $_GET['s'];$email = base64_decode($e);$login = base64_decode($l);$password = base64_decode($s);$pattern2 = "([0-9_A-Z_a-z])+[-_,_._>_<_~_^_/_?_°_\_|_!_š_²_³_£_¢__§_º_@_#_%_¨_&_*_+_}_*_'_]";/* filtering characters on login */if(ereg($pattern2,$login) == true){$m = base64_encode("Login contains invalid characters!");$lvalue = base64_encode($login);$evalue = base64_encode($email);header("Location: index.php?msg=$m&evalue=$evalue&lvalue=$lvalue");exit;}$pattern2 = "([0-9_A-Z_a-z])+[-_,_._>_<_~_^_/_?_°_\_|_!_š_²_³_£_¢__§_º_@_#_%_¨_&_*_+_}_*_'_]";/* filtering characters on password */if(ereg($pattern2,$password) == true){$m = base64_encode("Password contains invalid characters!");$lvalue = base64_encode($login);$evalue = base64_encode($email);header("Location: index.php?msg=$m&evalue=$evalue&lvalue=$lvalue");exit;}$pattern3 = "([0-9_A-Z_a-z])+[,><~^/?°\|!š²³£¢§º#%¨&*+}*']";/* filtering characters on email */if(ereg($pattern3,$email) == true){$m = base64_encode("E-mail contains invalid characters!");$lvalue = base64_encode($login);$evalue = base64_encode($email);header("Location: index.php?msg=$m&evalue=$evalue&lvalue=$lvalue");exit;}/* looking if e-mail is valid */if (!(strpos($email,"@")) OR strpos($email,"@") != strrpos($email,"@")){$m = base64_encode("Invalid E-mail!");$lvalue = base64_encode($login);$evalue = base64_encode($email);header("Location: index.php?msg=$m&evalue=$evalue&lvalue=$lvalue");exit;}/* looking if the password have more than 6 characters */if(strlen($password) < 6){$m = base64_encode("Your password must contain at least 6 characters !");$lvalue = base64_encode($login);$evalue = base64_encode($email);header("Location: index.php?msg=$m&evalue=$evalue&lvalue=$lvalue");exit;}/* looking if the password have more than 3 characters */if(strlen($login) < 3){$m = base64_encode("Your login must contain at least 6 characters !");$lvalue = base64_encode($login);$evalue = base64_encode($email);header("Location: index.php?msg=$m&evalue=$evalue&lvalue=$lvalue");exit;}$sql=mysql_query("SELECT login FROM $table WHERE login='$login'");/* looking if the login exists */if(mysql_num_rows($sql)>0){$m = base64_encode("Existing user!");$lvalue = base64_encode($login);$evalue = base64_encode($email);header("Location: index.php?msg=$m&evalue=$evalue&lvalue=$lvalue");exit;}$sql1=mysql_query("SELECT login FROM $table WHERE email='$email'");/* looking if the email exists */if(mysql_num_rows($sql)>0){$m = base64_encode("Registered email already!");$lvalue = base64_encode($login);$evalue = base64_encode($email);header("Location: index.php?msg=$m&evalue=$evalue&lvalue=$lvalue");exit;}else{ $c_password1= base64_encode($password); $date= date("Y/m/d"); $hour= date("H:i:s"); mysql_query(" INSERT INTO `$table` ( `id` , `login` , `password` , `email` , `date` , `time` ) VALUES ( '', '$login', '$c_password1', '$email', '$date', '$hour' )") OR die("Error at open database!"); $m = base64_encode("Registration completed. Now you can log in!"); header("Location: login.php?msg=$m"); exit;}mysql_close($link);?> Creating a Login form: 1st Step: Create a file with this name: login.php, and write this: <?phpinclude ("config.php");$msg = $_GET['msg'];$m = base64_decode("$msg");$lvalue = $_GET['lvalue'];$loginvalue = base64_decode("$lvalue");$loginenc = base64_encode("login");$passwordenc = base64_encode("password");$login1 = @$_COOKIE['$loginenc'];$password1 = @$_COOKIE['$passwordenc'];$logout = base64_encode("logout");mysql_select_db($base,$link);$sql5 = "SELECT * FROM $table WHERE login='$login1'";$result = mysql_query($sql5);$row = mysql_fetch_assoc($result);$get_login = $row['login'];$v_password = $row['password'];$get_password = base64_decode("$v_password");$sql1=mysql_query("SELECT login FROM $table WHERE login='$login1'");/* verifying if the user is already log in */if(mysql_num_rows($sql1)>0){if($password1 == $get_password && $get_login == $login1){?> <center>Welcome, <?= $login1 ?><a href="login2.php?action=<?= $logout ?>"> Logout</a><br><br> put here the user page <?exit;}}/* if the user arent logged in, open the login form */else{?><table align="center" style="text-align: center;" border="0"cellpadding="0" cellspacing="0"><form action="login2.php?action=<?= $loginenc ?>" method="post"> <tbody> <tr> <td colspan="2" rowspan="1"><font color="#CC0033" size="2"><strong> <?= $m ?><br><br></strong></td> </tr> <tr> <td style="width: 60px;">Login:</td> <td><input class=field name="login" type="text" value="<?= $loginvalue ?>"></td> </tr> <tr> <td style="width: 60px;">Password:</td> <td><input class=field name="password" type="password"></td> </tr> <tr> <td style="width: 60px;"></td> <td><input class=bottom name="Submit" value="Log in!" type="submit"></td> </tr> </tbody></table></form><? }mysql_close($link);?> 2nd Step: Create a file with the name: login2.php, and write this: <?phpinclude ("config.php");$get_login = $_POST['login'];$get_password = $_POST['password'];$get_action = $_GET['action'];$loginenc = base64_encode("login");$passwordenc = base64_encode("password");mysql_select_db($base,$link);$sql5 = "SELECT * FROM $table WHERE login='$get_login'";$result = mysql_query($sql5);$row = mysql_fetch_assoc($result);$ver_login = $row['login'];$v_password = $row['password'];$get_password2 = base64_decode("$v_password");/* loging out */$logout = base64_encode("logout");if($get_action == $logout){setcookie('$loginenc',00);setcookie('$passwordenc',00);header('Location: login.php');}if($get_action == $loginenc){$pattern2 = "([0-9_A-Z_a-z])+[-_,_._>_<_~_^_/_?_°_\_|_!_š_²_³_£_¢__§_º_@_#_%_¨_&_*_+_}_*_'_]";if(ereg($pattern2,$get_login) == true || ereg($pattern2,$get_password) == true){$m = base64_encode("Login ou password incorreto!");header("Location: login.php?msg=$m");exit;}/* if the password is valid to this login set a cookie with this information */if($get_password2 == $get_password){setcookie('$loginenc',$get_login);setcookie('$passwordenc',$get_password);header("Location: login.php");exit;}else{$m = base64_encode("Login ou password incorreto!");header("Location: login.php?msg=$m");}}mysql_free_result($result);mysql_close($link);?> Finishing: up this files and test the system. Sorry if anything is wrong or incomplete, this is my first tutorial.. if anything is wrong please post here and if is possible with the fix xD Yours Impious Edited August 20, 2007 by Impious (see edit history) Share this post Link to post Share on other sites
Sten 0 Report post Posted July 21, 2007 Thanks so much for this tutorial!ill try it soon sometime, its just what i needed, to make a members system for my website!i hope it works, after i try it ill tell u any problems i find in it!thanks! Share this post Link to post Share on other sites
jimmy89 0 Report post Posted July 21, 2007 Same here! From a quick look the code looks good, but I might have missed something! I'll try it out in a few days - when i get a moment of spare time!-jimmy Share this post Link to post Share on other sites
Impious 0 Report post Posted July 26, 2007 Errors fixed: *wrong tags *wrong values *wrong variables *wrong texts *data base errors added attached files Share this post Link to post Share on other sites
Chesso 0 Report post Posted July 29, 2007 Looks pretty good to me at a first glance.Might consider expanding it, to explain some of the code for the newbies out there, maybe some of the functions etc you use?Or perhaps just a bit more in-depth as to what each bits and bobs do. Share this post Link to post Share on other sites
Impious 0 Report post Posted July 30, 2007 you're right chesso.. I already was thinking on explaining the functions, etc better..but, in the principle this post is for more experienced people and/or for who that simply want a system, without knowing necessarily as it functions..but, i'll do this on the next week, cause im very busy now.. Share this post Link to post Share on other sites
HellFire121 0 Report post Posted July 31, 2007 Nice job anyways, even without an explanation of what things do someone that knows a bit of php/mysql can easily figure out what it is and how you got it to work. This can easily be adapted to form something better as well as giving a good example of how mysql can be used to secuerly store information.-HellFire Share this post Link to post Share on other sites