Jump to content
xisto Community
8ennett

8ennett's Php Web Community: Part 1 Advanced User Account System

Recommended Posts

This tutorial is the first part in what will soon become a series of in-depth PHP tutorials to create your very own web community. The quality and features of this web community will be enough to rival many packages already out on the web which people are trying to sell. So not only can you save money by building it yourself, but you will have in-depth knowledge of exactly how the site has been built and can add more and more to it with ease. Over all the web community will contain forums, chat rooms, profile pages, advanced admin options, forum moderators, news feeds and even a module engine.

 

Ok, let's get started.

 

========================================================

 

PHP Web Community: Part 1

Advance User Account System

 

First of all you will need to download the PHP files - Download

 

Now it is recommended you use PHP 5+, MySQL and your PHP server NEEDS to include the GD2 library. Also your server will needed a working SMTP server so your site can send out emails. Also for ease of use your users will be required to have a working javascript browser.

 

Once you have extracted your files, you will need to create a new database (you can name it anything) and run the file 'tables.sql' located in the extracted folder. Once you have run this sql file in your favourite MySQL console then delete this file.

 

Next up go into the 'lib' folder and open config.php. All the PHP files have been fully commented as to what each line is/does. Fill out the first four variables defined with your database connection details. The other variables in the config file are:

 

$configsitename: Fill this in with what ever you are going to call your site

 

$configsiteaddress: The base url of your site without trailing slashes, eg. http://forums.xisto.com/no_longer_exists/

 

$configsiteadminemail: The administrators EMail address

 

$configsitewhoseonline: This value is in seconds. If a user has been online within the past amount of seconds then on the login page they will be displayed as part of the online users value.

 

$configsitedisable: If a person attempts to login to an account that is not their own and they have gotten the password wrong X amount of times (X being defined below) then the account is disabled for this many amount of seconds.

 

$configsitedisableamount: This is the amount of times a person can get their account password wrong before their account is disabled for the above defined amount of seconds.

 

$configsitewrongimage: If a user gets the captcha image wrong this amount of times then they are automatically logged out. This is to prevent bots from automatically logging in to an account.

 

Now if you didn't understand what some of the above variables are defining then don't worry, as you go through this tutorial you will understand. Also, in part 2 of this series we will be making an admin panel that will make it easier to edit these values so you don't have to keep editing the config.php file.

 

Once your site has been configured it will now be fully functional. I would suggest at this point you register an account for yourself and once it has been registered go in to your database and modify the following fields:

 

Validated: Set this to Yes so you don't need to bother checking your email

Type: Set this to 'Super' which will make this account in to a Super Admin account.

 

Ok now we can set about describing each php document and what their functions are. In order to access the site now all you need to do is open the index.php in your web browser. This is the only file you will now need to type in as all the other php files are includes.

 

index.php

If you open this file up you will find each line of php is fully commented

 

login.php

This file handles our login credentials. If you go through the php at the top of the file then you will see what each line of the code does and how it affects the login.

 

This page will also display how many users are registered with your site (including banned, disabled and unvalidated accounts) and how many users are currently online (people who have been online within the past X amount of minutes pre-defined in the config.php file).

 

Now the amount of users that are online is currently only updated when they fill in the login page, however once we get on to the part 2 chapter of this series we will be updating their online status every time they interact with the website once logged in.

 

If a person attempts to guess a users password then after they get the password wrong the amount of times we defined in the config file then the account will be disabled for however long will set it to again in the config file.

 

Posted Image

 

As you can see the pages aren't going to look very pretty, however that is not a topic for discussion in this tutorial. If you are unfamiliar with CSS and image design then I suggest you look up a seperate tutorial on that topic :D

 

register.php

Now obviously this page is going to handle our users registration to your website. As you will see in the php file, each line is commented and describes the different types of checks on the users submitted data so we won't run through these again.

 

Posted Image

 

As long as the checks pass on the user submitted data then an email will be sent out to the users email address and this will contain a link which the user can easily click to activate their account. This is so you can verify that the email address the user has given you is in fact real.

 

Another feature of this is checking that the username is not already being used. If it is found that someone else has this username then it will offer alternatives. They can choose to use one of these alternatives or change their desired username.

 

Posted Image

 

If there are any problems with the user submitted data then the registration form will automatically fill out again with the info previously provided (except the confirm pass field). This is just so the user doesn't get more and more frustrated having to fill out an entire form over and over again if their usernames aren't available.

 

lostpass.php

This page is going to deal with our lost password information. If a user requests their password to be reset then an email will be sent out to them with a link. As a security measure this whole process won't affect their password at all until they have clicked a link with a valid password reset code associated with their account AND have entered a new password. This is so others can't reset a persons password and lock out their account or gain access illegally.

 

Posted Image

 

After a valid link has been clicked

Posted Image

 

imagever.php

This php file will be displayed after user has logged in (and their account has been validated) and is a way to prevent automated logins. It will display a captcha image which the user must enter to continue logging in and they will be automatically logged out if they get the image wrong a pre-defined amount of times in our config file. Again, the file is fully commented and will explain everything in detail. The image itself is generated using the randomImage.php file which is also commented.

 

Posted Image

 

I suggest you create your own background images and these are located in the base directory of the site name cbg1.JPG to cbg5.JPG and one of these are randomly selected each time the image is loaded. Please not it is important if you are running a linux server to have the JPG extension in UPPERCASE as if they are in lowercase then linux won't recognise the extension. It took me a while to figure that one out :)

 

validate.php

This file will handle our account validation information. If a user attempts to login without having validated their account then they will be taken to a page that displays their currently registered email address and the user can opt to change their email address, and after doing so a new email will be sent out to the new address containing a fresh validation link (the old cold previously sent out will become obsolete and unusable). They can also simply resend the validation email in case they had to disable a spam filter etc. on their email account.

 

Posted Image

 

If they click a link which contains a valid activation code then this page will simply activate their account and take them to the image verification page without displaying any other details. If they enter an invalid code then an error message will be displayed and they will be taken back to the login page or to the resend validation email page depending on wether or not they are logged in.

 

We now have ourselves an advanced user account system with full features. I wouldn't advise expanding on this to continue creating your site without read part 2 in this series of tutorials which will detail key security features to prevent unauthorised access to the site and also continue updating your online status as you navigate the logged in site.

 

Feel free to ask questions and add comments concerning this tutorial and let me know if you found it to be informative.

 

Can I also add, although this is a free tutorial and will eventually create a web community website of the same quality as other developers sell online, you are not free to modify the code and slap a price tag on it. It is designed to be free, you can develop it as much as you like and add/take features from it however selling it is NOT an option.

 

Share this post


Link to post
Share on other sites

AMENDMENT REQUIRED

 

I've just realised there is a mistake in the index.php, simply change the two instances of

 

$_SESSION['imagever'] =='true'

 

to

 

$_SESSION['logimg'] == true

 

making sure you change imagever to logimg and also remove the speech marks from the word true, otherwise you won't be able to access the home page.

Edited by 8ennett (see edit history)

Share this post


Link to post
Share on other sites

AMENDMENT REQUIRED

 

I've just realised there is a mistake in the index.php, simply change the two instances of

 

$_SESSION['imagever'] =='true'

 

to

 

$_SESSION['logimg'] == true

 

making sure you change imagever to logimg and also remove the speech marks from the word true, otherwise you won't be able to access the home page.

Did you include the changes in the tarfile sources to be downloaded? With the error commented and corrected, for readability?

Share this post


Link to post
Share on other sites

No, I had no way of updating the download link. At least this way if anyone tries to rip off my work (again :) ) by linking directly to the file then the people downloading it will wonder why it's not working lol

Share this post


Link to post
Share on other sites

I've noticed a lot of people are all wanting to create their own rpg games using php so i've decided to write that tutorial using this system as a basis.I will get around to finishing the web community tutorial, however this is the perfect start to an rpg game as well.

Share this post


Link to post
Share on other sites

Nice. This look good to me. But can you host your files to anything other than rapidshare, mediafire ? You can host them on 4shared, mihd, windows live skydrive. Because mediafire is based on slots for downloading and for many countries these slots are always busy irrespective of the traffic to the files. Even if you see less traffic to your downloads i can't download those files because of slots. Slots allotted for asian countries are too low, so if you can host it for 4shared or mihd, skydrive then it'll help a lot to look at your code. Thanks for the tutorial as well.

Share this post


Link to post
Share on other sites

Nice. This look good to me. But can you host your files to anything other than rapidshare, mediafire ? You can host them on 4shared, mihd, windows live skydrive. Because mediafire is based on slots for downloading and for many countries these slots are always busy irrespective of the traffic to the files. Even if you see less traffic to your downloads i can't download those files because of slots. Slots allotted for asian countries are too low, so if you can host it for 4shared or mihd, skydrive then it'll help a lot to look at your code. Thanks for the tutorial as well.

Ok Ive uploaded the file to the following location: http://forums.xisto.com/no_longer_exists/

Also the updated file contains the amendment mentioned above.

Share this post


Link to post
Share on other sites

AWESOME tutorial man i can't wait for your next text and get rid of that pesky MCCODES lol its really easy to follow so thanks so much i have been trying to make one of these games for ages :)

Share this post


Link to post
Share on other sites

I've just noticed frazz, how on earth have you managed to get yourself negative 21k mycents? That's highly impressive.Back from holiday now so going to get cracking on the new mmorpg tutorial to follow on from this one.

Share this post


Link to post
Share on other sites

Wow, thanks alot man this is very helpful, will definatly help me in my long quest of learning PHP, btw where did you learn yours because i would really love to get as good as this, i am aiming to make a game like this soon but i lack the full knowlage! I shall definatly be following these series!

Share this post


Link to post
Share on other sites

I learned my php from an online tutorial, just google "PHP 101", after that I started working on various projects myself and when I got stuck I would look up various code snippets and examples online of how other people have achieved what I wanted to, that way I could learn for myself how to overcome problems, learn new tricks and techniques, it just develops from there really. You have to have a passion for coding as well in order to create something unique and useful as well as being willing to put the time in to your code.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.