Member Registration And Login System

[uncled1023]

Hey, no problem. Ok, cms will take some work to create a good working system, but it is doable. To start off, you already have the member system. Now to create different types of users, you just need to add a row to your users table, you can call it "group". And then, you can use the following code to limit a certain function to a certain group.

CODE

<?php
if($_COOKIE['user_group']=='Admin')
{
?>
The code the admin can do.
<?php
}
else
{
?>
message to normal user.
<?php
}
?>

[guitarguy656]

damit....

is there any other way to have an editable region on a site like a page that are clan results can post on. because i know cms is hard to make especialy for me

maybe a flash based programe that takes the data from the cookies?

or

a php code that allows a peice of the website to be changed or written

cause i dont think this host "zymic" supports a content management system? so theres no point me looking at tring to make one...

any another ideas??

[uncled1023]

Zymic supports cms, as long as it doesnt use the mail() function, which unless your making a newsletter, shouldnt be an issue. To have a piece of the website changed or written by a php code, you can have a new table for all the info you want displayed, then display it by getting the info from the database, and using echo to display it on the webpage. To edit it, all you need is another page, with a form that when submitted, changes the info in the database to the new info you put in on the form.

[guitarguy656]

so what your saying theres no easy way to do this then again we passed easy along time ago lol

ok so i want to have a go at this system but theres no tut for it from what i can see.... otherwise i would have to ask you every little question that pops into my head lol

so this host haas a website cms built in? or i have to make one? if i have to make one then its abit complex for me in all honesty...

its not that am lazy as such i just dont understand this well enough to make such a complex system. is there a pre built system i can use? also can anyone log into the cms or just the zymic account holder (me)

thanks

[uncled1023]

Im not saying this will be hard, in fact, if you know the basics, its pretty simple to make one, it will just take a lil bit of time.

If you want a pre-built cms, http://drupal.org/ is a good choice. Also, check out http://lmgtfy.com/?q=php+cms+tutorial

[guitarguy656]

kool il take a look at the prebuilt one first. if i cant get it to suit my clan website then i will go for a built from scratch one

will i have to give them (my clan mates) my zymic account info to use the cms or can i make restrictions so their site user name and password should be all they need?

say i login to the site ok? will the cms load up automaticlly? or will it be optional to open like a popup button or will i have a special login name and password thay only can access the cms?

thanks

[uncled1023]

The CMS will be built into your site. So you can have the users login details work with the cms.

[guitarguy656]

great it finally makes sence to me (in a way) lol

now to pick one and start adding it to the site

thanks for the help

[uncled1023]

No Problem.

[nbthskc]

hey, I wanted to make a system where there is NO registration (only I can input the registered accounts). Only people can login, and when they click on a page called 'Your Stats' it displays all the information about them (which is also hand inputed).

[guitarguy656]

look up wordpress it does just that. it can be used as a cms and is very newbie friendly compared to the rest.

also very easy to install on zymic, you can do it in 10 mins tops with the info you need like your host name, admin acount details ect...

i would recommend it no problem

hope this helps

[Edvin A.]

How to make a profile page!!!!

Use the SQL syntax:

CODE

<?php
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name="users"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Get the id from address bar!
$id=$_GET["id"];

$sql="SELECT * FROM $tbl_name WHERE id = '$id'";
$result=mysql_query($sql);
?>

And in the page body use these php syntax to show user info:

CODE

Username: <?php echo $rows["username"]; ?>

A tutorial coming!

[uncled1023]

Technically, the code you have written will not work, as you have not queried the server for selection, and have not set $rows to any sort of value, let alone the database. You would want to do something like this in your body:

CODE

$qry = mysql_query("SELECT * FROM users WHERE id='".safe($_COOKIE['id'])."'");
$rows = mysql_fetch_array($qry);
echo "Username: ".$rows['username']." <br />";
?>

This is of course you are using my member system, otherwise you would just have to change some variables around in this and possibly the table name.

[Jacob]

SQL queries
I notice you are missing ` (back ticks) in all of your SQL queries. This is not a major issue if you are only using simple queries however using back ticks is a good habit to get into from the start. Not only does it help differentiate between the database and column names, it also allows you to use a larger variety of characters (. , - ; etc) in your database and column names (later in more complicated queries).

Using cookies
This point is very dependent on what your websites' purpose is but I have always found sessions to be more useful and safer for the user. Especially seeing how stupid users can be . e.g. Turning off cookies, clearly them often, etc.

User input
This is probably the most important of my points. I notice you are using mysql_real_escape_string in your "safe" function but apart from that, you are not validating or sanitizing the user input which is a big worry. Especially that I was able to sign up with a blank space for user name and password.
I would suggest you look at implementing some further validation and sanitizing such as trim, stripslashes, htmlspecialchars and empty to name a few.
Another thing that is really handy to use for validation and sanitizing is filter_var, which includes many filters like email, URL, and booleans. (full docs - validate_filters)

Error messages
You do have a form of error messages to show the user that something has not gone as planned but they are not very descriptive as to what actually happened. i.e. If they miss a field in the sign up, they just get a "You did not fill in a required field." message instead of telling them specifically what they missed and how to fix it to proceed.
One suggestion is to put your errors into an array for displaying them. That way you can be specific in case of multiple errors so the user can address them.

Code consistency
I myself have a bit of OCD when it comes to coding and layout of my code. Throughout your script you are using different layouts of statements and comments that make your code look really bad and n00b like. Stuff like:

CODE

if($page=='' || $page=='index' || $page=='config')
{
   // code to run
}

CODE

if($rows != 1) {
   // code to run
}

The jumping backwards and forwards between single and double quotes may confuse readers and give a false impression of what the two actually do and what context they should be used.

[uncled1023]

Ok, thank you for your comments! I personally like using cookies because they can last longer in the system. I'll look into more security in the safe function.

[Paladin Kiwi]

Hmm, it works kind of. If I go to register.php, and then try submit my form, it takes me to index.php?=register.php (or something like that, I didn't copy and paste the exact code) where it's just blank.

[uncled1023]

Check what you have written, because the code in this tutorial works.

[Edvin A.]

Technically, the code you have written will not work, as you have not queried the server for selection, and have not set $rows to any sort of value, let alone the database. You would want to do something like this in your body:

CODE

$qry = mysql_query("SELECT * FROM users WHERE id='".safe($_COOKIE['id'])."'");
$rows = mysql_fetch_array($qry);
echo "Username: ".$rows['username']." <br />";
?>

This is of course you are using my member system, otherwise you would just have to change some variables around in this and possibly the table name.

Of course, on my site: mittnett.zzl.org I using your system, and I have written that on my site. Forgot it now!

[uncled1023]

I'm glad you got it to work.

[Paladin Kiwi]

Check what you have written, because the code in this tutorial works.

http://stellardissent.99k.org/index.php?

Everything is copied exactly. Maybe it's my browser, but I don't think so.