PHP: Writing A Generic Login And Register Script - Open Discussion & Free Web Hosting

Welcome Guest ( Log In | Register )

Open Discussion & Free Web Hosting » Computers & Tech » How-To's and Tutorials » Programming » PHP


	Web Hosting Guide

2 Pages

1 2 >

PHP: Writing A Generic Login And Register Script

Options

coder2000 View Member Profile	Feb 7 2005, 03:04 PM Post #1
Member [ Level 2 ] Group: Members Posts: 56 Joined: 24-December 04 Member No.: 1,874	Now there are basically 3 functions that a user management system provides: login, register, and protection. A user management system can do more than this but that is all that this tutorial will be covering. I will try to explain what I am doing as I go along but to fully understand what is happening you should have a basic knowledge of PHP, SQL, and HTML. This tutorial assumes you are using MySQL, adjust accordingly for a different DBMS. First off lets define the database table where our users will be stored. Using phpMyAdmin run this statement to create our table: CODE CREATE TABLE tblUsers ( fldId INT NOT NULL AUTO_INCREMENT, fldUsername VARCHAR(40) NOT NULL, fldPassword VARCHAR(40) NOT NULL ); Now a little explanation as to what this will do. It will create a table in your database called tblUsers with fields fldId, fldUsername, and fldPassword. The last two fields are self explanitory they contain the username and password of the user. The fldId is the user id automatically assigned by the database. For more information on the syntax read the MySQL documentation. Lets continue by creating the script where our users will register. Open your favorite text editor and enter the following: CODE <?php ?> This tells the webserver that we are starting a php code section. You can have more than one in a script and you can include HTML in your code files as well, more on that later. Lets create a function that will actually do the work of adding the user to the database. Lets call it registerUser, now enter the following in between the php tags: CODE function registerUser() { mysql_connect('server', 'username', 'password', 'database'); $username = $_POST['username']; $password = md5($_POST['password']); $sql = "INSERT INTO tblUsers (fldUsername, fldPassword) VALUES ($username, $password);"; mysql_query($sql); } We now have a very basic registration function. Now we need to create the form the user will see. So below the ?> lets start our HTML. It should look a bit like this: CODE <html> <head> <title>Registration</title> </head> <body> <form action="<?php $_SERVER['PHP_SELF']."?register=true" ?>" method="post"> Username: <input type="text" name="username"> Password: <input type="password" name="password"> <input type="submit" value="Register"> </form> </body> </html> Now this HTML defines a form with 2 input fields and a button. The thing to look at though is the action attribute of the form tag. Here we have another php code section. This puts the path of the current script as our action with the variable register equal to true. We will deal with that in our code later. For now your code should look like this: CODE <?php function registerUser() { mysql_connect('server', 'username', 'password', 'database'); $username = $_POST['username']; $password = md5($_POST['password']); $sql = "INSERT INTO tblUsers (fldUsername, fldPassword) VALUES ($username, $password);"; mysql_query($sql); } ?> <html> <head> <title>Registration</title> </head> <body> <form action="<?php $_SERVER['PHP_SELF']."?register=true" ?>" method="post"> Username: <input type="text" name="username"> Password: <input type="password" name="password"> <input type="submit" value="Register"> </form> </body> </html> There is one more thing left to do. Handle the variable we passed to the script called register. Lets do that now. Here is the code: CODE <?php if ($_GET['register'] == 'true') { registerUser(); } function registerUser() { .... Here we use an if statement to check and see if it has been set to true if it is we call the function we defined earlier. That is all I will be doing for today. Later we will go over how to login, protect your pages and some basic error checking.

coder2000 View Member Profile	Feb 7 2005, 03:19 PM Post #2
Member [ Level 2 ] Group: Members Posts: 56 Joined: 24-December 04 Member No.: 1,874	Login Tutorial Protection Tutorial // Reserved for error checking tutorial

jipman View Member Profile	Feb 7 2005, 04:19 PM Post #3
Pretty please? Group: Members Posts: 733 Joined: 28-November 04 From: Holland Member No.: 1,552	Ehm m8, you might want to MD5 the passwords stored in the database... Just a simple case of md5(password). It's a bit more secure

coder2000 View Member Profile	Feb 7 2005, 04:51 PM Post #4
Member [ Level 2 ] Group: Members Posts: 56 Joined: 24-December 04 Member No.: 1,874	I usually do that but missed it this time. Thanks.

-=Wrighty=- View Member Profile	Feb 7 2005, 05:12 PM Post #5
Member - Active Contributor Group: Members Posts: 88 Joined: 19-December 04 Member No.: 1,807	Althoguh I already knew how to do this, thank you as I'm sure it will definitely help other users.

szupie View Member Profile	Feb 7 2005, 08:58 PM Post #6
S.P.A.M.S.W.A.T. Group: Members Posts: 814 Joined: 22-January 05 Member No.: 2,284	Do MD5(password) and password(password) do the same thing? I know they both encode them, but do they both code in MD5?

coder2000 View Member Profile	Feb 7 2005, 11:52 PM Post #7
Member [ Level 2 ] Group: Members Posts: 56 Joined: 24-December 04 Member No.: 1,874	If the password function you are refering to is the mysql function then no. Otherwise I don't know. Yes they both encrypt the password.

coder2000 View Member Profile	Feb 15 2005, 05:22 PM Post #8
Member [ Level 2 ] Group: Members Posts: 56 Joined: 24-December 04 Member No.: 1,874	Welcome back... Today we are going to log our users into our system. For those who haven't read the first tutorial it would be a good idea to do so as this will expand on that. Now we will start on our HTML for our login form. Create a new file and call it login.php with the following: CODE <html> <head> <title>Login</title> </head> <body> <form action="<? $_SERVER['PHP_SELF']."?login=true" ?>" method="POST"> Username: <input type="text" name="username"><br> Password: <input type="password" name="password"><br> <input type="submit" value="Login"> </form> </body> </html> Looks familiar? It should its basically the same html as we used for our register script. Now we will start on the PHP code. To the beginning of our file add the following: CODE <?php if ($_GET['login'] = true) { loginUser(); } ?> <html> .... Now we are going to arrange this file a bit differently. Instead of having our function at the top of the file we are going to have it at the bottom. So lets add another PHP code block there shall we: CODE .... </html> <?php function loginUser() { } ?> One thing you should know is no matter how many times you open or close a PHP code block it is basically all apart of the same code. I will be demonstrating this more in a bit. For now lets just finish off our function: CODE function loginUser() { $username = $_POST['username']; $password = $_POST['password']; $sql = "SELECT fldId, fldPassword FROM tblUsers WHERE fldUsername = '$username';"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if (md5($password) = $row['fldPassword']) { setcookie('loggedin', $row['fldId']); echo "Logged In"; } } One thing I should point out is that I haven't done any error checking. If you were using this in a production environment you would want to do that. In PHP you can use variables inside a string as demonstrated by our SQL statement that gets the id and password of our user. Now lets only display our form if we haven't tried to login: CODE if ... { } else { ?> <html> .... </html> ?> } function ... Here we have added an else statement to our if so that if we try and login we won't be displaying our form. Notice how the closing brace for the else is in our bottom section of PHP code. Well because all PHP code in a file is parsed at the same time we can do this. Well see you next time when I show you how to protect your pages.

Josh_Jpn View Member Profile	Feb 21 2005, 10:45 AM Post #9
Newbie [ Level 2 ] Group: Members Posts: 24 Joined: 21-February 05 Member No.: 2,724	After the user log in, is it better to use a cookie or opening a session, to keep checking to see if the user is logged in or not? Could you please explain why? Thanks

coder2000 View Member Profile	Feb 22 2005, 09:57 PM Post #10
Member [ Level 2 ] Group: Members Posts: 56 Joined: 24-December 04 Member No.: 1,874	QUOTE (Josh_Jpn @ Feb 21 2005, 04:45 AM) After the user log in, is it better to use a cookie or opening a session, to keep checking to see if the user is logged in or not? Could you please explain why? Thanks Usually I would use a session why I didn't use it here I can't remember. I will show you in the next part how to convert it to a session so you can limit page access.

« Next Oldest · PHP · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum