Posted on May 12th, 2007
774 views
Hey Everybody!
I'm going to teach you how to make an User System. Now, let's start with our mysql. [php] CREATE TABLE `users` ( `id` INT( 11 ) NOT NULL AUTO_INCREMENT PRIMARY KEY , `username` TEXT NOT NULL , `password` TEXT NOT NULL , `email` TEXT NOT NULL , `joindate` TEXT NOT NULL , `ip` TEXT NOT NULL , `level` INT( 11 ) NOT NULL DEFAULT 'UN', ) ENGINE = MYISAM ; [/php]. Now that's done. We'll now need to make our config.php. [php] <? session_start(); // allows you to use sessions $user = "Nucleartown.com"; //database user here $pass = "Nucleartown.com"; //database password $host = "localhost"; //mysql host normally localhost $db = "Nucleartown.com"; //database name $conn = mysql_connect("$host","$user","$pass"); mysql_select_db($db) or die(mysql_error()); //conects to the mysql $logged = MYSQL_QUERY("SELECT * FROM `users` WHERE `id` = '$_SESSION[id]' AND `password` = '$_SESSION[password]'"); $logged = mysql_fetch_array($logged); //the above lines makes varriables for user infomation with an degree of security yay! die(remove this line) //remove the line above for it to work. ?> [/php] Now, that's done. On every page now put [php] <?php include('config.php'); ?> [/php]. At the very top once that's done we'll go to the next step. We're going to let the users register in the database with our registeration page. [php] <?php session_start(); //Allows Sessions include "config.php"; //includes our config if (!$_POST['submit']){ //If the submit isnt pressed echo "<form method='POST'> Username: <input type='text' name='username'><br> Email: <input type='text' name='email'><br> Password: <input type='password' name='pass'><br> Confirm Password: <input type='password' name='cpass'><br><br> <input type='submit' name='submit' value='Process'> </form>"; //displays all infomation needed }else{ //if the submit button is pressed (Else 1) $username = safe($_POST['username']); $email = safe($_POST['email']); $pass = safe($_POST['pass']); $cpass = safe($_POST['cpass']); //once it's posted check it if ($username == NULL || $email == NULL || $pass == NULL || $cpass == NULL){ //does an if and checks them. echo "Sorry, we cannot complete your registration because one or more fields was left blank!"; //Echo that they didn't }else{ //What else? $getname = mysql_query("SELECT `username` FROM `users` WHERE `username`='$username'") or die(mysql_error()); $checkname = mysql_num_rows($getname); //Checks if the username is aviaiable $getemail = mysql_query("SELECT `email` FROM `users` WHERE `email`='$email'") or die(mysql_error()); $checkemail = mysql_num_rows($getemail); //Check for the email $getip = mysql_query("SELECT `ip` FROM `users` WHERE `ip`='$Uip'") or die(mysql_error()); $checkip = mysql_num_rows($getip); //Check for the ip address if ($checkname != 0){ echo "Sorry, but the name you have chosen is already in use in our site, please go back and choose another!"; //If their name is taken, echo the infomation }elseif ($pass != $cpass){ echo "Sorry, but the passwords you have entered do not match! Please go back and re enter them."; //If the passwords do not match echo it }elseif ($checkemail != 0){ echo "Sorry, but the email you have entered is already in use in our database, please go back and enter a new one!"; //If the email is taken, echo the error }elseif ($checkip != 0){ echo "Sorry, but this computer has already registered, to keep it fair, one user per computer! If you are sure no one has registered on this computer, please contact Administration."; //If their computer is already registered, echo the error }else{ //Else 3, if all else is good, then we submit to database $password = sha1(md5(md5(sha1(md5(sha1(sha1(md5($password)))))))); //now security time it will protect all the password infomation. as normal usersystem use md5 only and that will make it an huge risk so we will make an huge combindtion $insert = mysql_query("INSERT INTO `users` (`username`,`password`,`email`,`ip`,`joindate`) VALUES ('$username','$password','$email','$Uip','$date')") or die(mysql_error()); //insert it all echo "You are registered now."; //echos the message! } //end function } //end function } //end function ?> [/php] Name that register.php. Now, we need to login name this one login.php. [php] <? session_start(); // allows you to use sessions include("config.php"); //includes our database if (!$logged[username]) //if { if (!$_POST[login]) //if they didn't post the login display below { echo(" <center><form method="POST"> <table> <tr> <td align="right"> Username: <input type="text" size="15" maxlength="25" name="username"> </td> </tr> <tr> <td align="right"> Password: <input type="password" size="15" maxlength="25" name="password"> </td></tr><tr> <td align="center"> <input type="submit" name="login" value="Login"> </td></tr><tr> <td align="center"> <a href="register.php">Register Here</a> </td></tr></table></form></center>"); //echos the login fourm } if ($_POST[login]) { // the form has been submitted. We continue... $username=$_POST['username']; $password = sha1(md5(md5(sha1(md5(sha1(sha1(md5($_POST[password])))))))); // the above lines set variables with the submitted information with the encryption. $info = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error()); $data = mysql_fetch_array($info); if($data[password] != $password) { // the password was not the user's password! echo "Incorrect username or password!"; }else{ // what if the pass was right $query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error()); $user = mysql_fetch_array($query); // gets the user's information $_SESSION['id'] = "$user[id]"; $_SESSION['password'] = "$user[password]"; // the above lines set two sessions echo ("<meta http-equiv="Refresh" content="0; URL=http://yoursite.com"/>Thank You! You will be redirected"); // modify the above line...add in your site url instead of yoursite.com. That will redirect them if it's correct } } } else { //what if there logged in display below echo ("<center>Welcome <b>$logged[username]</b><br /></center> - <a href="logout.php">Logout</a>"); //displays users settings } ?> [/php] Now, all that is done. What if they want to logout. Name this one logout.php. [php] <?php session_start(); //allows sessions include('config.php'); //includes our config unset($_SESSION['id']); unset($_SESSION['password']); //unsets the sessions header ("Location: http://yoursite.com"); //redirects them replace yoursite.com with the url of the page you want it to lead to once you're logged out. ?> [/php]. Now, since that's done. Now to display the login.php put: [php] <?php include('login.php'); //includes the file ?> [/php]. We are now done the whole tutorial. Also, there may be some things that would get you errors. So, don't complain just remove them and will be error-free. Thanks for reading, Cyrus Wu P.S. Please Ask Me What Would You Like For The Next Parts |