Now there are basically 3 functions that a user management system provides: login, register, and protection. A user management system can do more than this but that is all that this tutorial will be covering. I will try to explain what I am doing as I go along but to fully understand what is happening you should have a basic knowledge of PHP, SQL, and HTML. This tutorial assumes you are using MySQL, adjust accordingly for a different DBMS.

First off lets define the database table where our users will be stored. Using phpMyAdmin run this statement to create our table:


Now a little explanation as to what this will do. It will create a table in your database called tblUsers with fields fldId, fldUsername, and fldPassword. The last two fields are self explanitory they contain the username and password of the user. The fldId is the user id automatically assigned by the database. For more information on the syntax read the MySQL documentation.

Lets continue by creating the script where our users will register. Open your favorite text editor and enter the following:



This tells the webserver that we are starting a php code section. You can have more than one in a script and you can include HTML in your code files as well, more on that later. Lets create a function that will actually do the work of adding the user to the database. Lets call it registerUser, now enter the following in between the php tags:



We now have a very basic registration function. Now we need to create the form the user will see. So below the ?> lets start our HTML. It should look a bit like this:



Now this HTML defines a form with 2 input fields and a button. The thing to look at though is the action attribute of the form tag. Here we have another php code section. This puts the path of the current script as our action with the variable register equal to true. We will deal with that in our code later. For now your code should look like this:



There is one more thing left to do. Handle the variable we passed to the script called register. Lets do that now. Here is the code:



Here we use an if statement to check and see if it has been set to true if it is we call the function we defined earlier.

That is all I will be doing for today. Later we will go over how to login, protect your pages and some basic error checking.

Login Tutorial

Protection Tutorial

// Reserved for error checking tutorial

Ehm m8, you might want to MD5 the passwords stored in the database...

Just a simple case of md5(password).

It's a bit more secure

I usually do that but missed it this time. Thanks.

Althoguh I already knew how to do this, thank you as I'm sure it will definitely help other users.

Do MD5(password) and password(password) do the same thing? I know they both encode them, but do they both code in MD5?

If the password function you are refering to is the mysql function then no. Otherwise I don't know. Yes they both encrypt the password.

Welcome back... Today we are going to log our users into our system. For those who haven't read the first tutorial it would be a good idea to do so as this will expand on that. Now we will start on our HTML for our login form. Create a new file and call it login.php with the following:

Looks familiar? It should its basically the same html as we used for our register script. Now we will start on the PHP code. To the beginning of our file add the following:

Now we are going to arrange this file a bit differently. Instead of having our function at the top of the file we are going to have it at the bottom. So lets add another PHP code block there shall we:

One thing you should know is no matter how many times you open or close a PHP code block it is basically all apart of the same code. I will be demonstrating this more in a bit. For now lets just finish off our function:

One thing I should point out is that I haven't done any error checking. If you were using this in a production environment you would want to do that. In PHP you can use variables inside a string as demonstrated by our SQL statement that gets the id and password of our user. Now lets only display our form if we haven't tried to login:

Here we have added an else statement to our if so that if we try and login we won't be displaying our form. Notice how the closing brace for the else is in our bottom section of PHP code. Well because all PHP code in a file is parsed at the same time we can do this. Well see you next time when I show you how to protect your pages.

After the user log in, is it better to use a cookie or opening a session, to keep checking to see if the user is logged in or not? Could you please explain why? Thanks

Usually I would use a session why I didn't use it here I can't remember. I will show you in the next part how to convert it to a session so you can limit page access.