Staff note: Even though this has been redone, the script below is still quiet insecure. Below releasing this to a production environment I highly advise a revision of much of the following code to ensure you are not vulnerable to security holes.

Hello all. I have come back from hiding to bring to you all another tutorial. This member system uses Mysql Databases, PHP, and COOKIES.

First thing we will want to do is create a database for our site. Go to your phpmyadmin, or whatever software your host is using to manage the mysql databases. Create a database with whatever name you want.

Next, we will create a table in our mysql database where we can store all our users info.

Copy the following code into the sql injection box in your phpmyadmin.

This will create a new table called 'users' in your database.

Now, we will create the main configuration file that will allow us to connect to our database.

Create a new file and call it 'config.php' and put the following code into it and save.

The above code will connect you to the server and will allow you to pull any information you want from any of the tables within the connected database.

Now that you have connected to the database, lets set some global variables for the users info and the site.

Insert the following code after the database connect code in your 'config.php' page.

That code pulls the data from the user that is currently logged in on that computer. Only if the computer has all 3 cookies will it withdraw the information.

Now, lets make sure the user is logged in. Insert the following into 'config.php'

This code checks to see if the users cookies are valid, and if so, sets the user as logged in. Otherwise, they are set as logged out. $logged_in will be our main variable to check to see if the user is logged in throughout the website.

Lets now create a php function that we will use later to validate any input that a user may input throughout the site.

This function gets the input that you want validated, and puts it through mysql_escape_string. This removes any bad characters that might be used for sql injection to hack your site. To use this function, all you need to do is type '$validate_input = safe($user_input);' where $input is the string you want validated, and $validated_input is the resulting clean string.

And now we are done with the 'config.php' file! If you have done the coding correctly, this should be what you have in your file.


Now we will move onto the 'index.php' page. This will be our main page, but will be relatively short.

First, create a new php file, and call it 'index.php'. After you have done this, lets create the main "skeleton" of the page by adding in the normal html code that goes with any index page.


Now, at the VERY top of the page, you will want to include our 'config.php' page we made earlier, so we can access all the variables from it and the database connect script.


Now that we have all our variables, we will want to make a nice page right? for now, lets just make some links and a message telling the person viewing the site what the site is about.

Add the following in between your <body> tags.

What this does is if you are on the main page, then it will show the welcome message. If 'id' equals anything else, it includes the php file with that value as the name of the file. For example, when id=example, the included file would be 'example.php'. This allows us to only have the websites theme on one page, allowing a much easier time editing it later on.

If you have coded it correctly, this is what the 'index.php' should look like.


Now that you have your main page where people can enter your site, lets create the registration page so people can sign up for your site.

To start off, lets create a file called 'register.php'. Lets put the following code into it and i will explain what it does afterwards.

The above code shows the registration form. When the submit button is pressed, it refreshes the page and then it activates the code inside the submit part of the if/else function. This then validates the users input, displaying an error message for any errors recieved, and then posts the users information into the database and tells the user that the registration was successful.

Now that we have a main page, and registration page so users can register, lets give them a way to login into your site. Create a file called 'login.php' and put the following code into it.


This code checks to see if the user is logged in with the variable $logged_in, and displays the users info if he is logged in, otherwise it shows the login form, which when submitted, will post the data to a different page, which we will create now.

Make a new page called 'process_login.php'. This will be where we actually set the cookies for the user.

The above code will validate the inputed values, and check to see if they are correct for the given username. If both are correct, it will set the cookie variables with different time depending on if the user wanted to be remembered or not.

Now that the user can register, and login, lets give them the ability to logout. Create a file called 'logout.php'.


Ok, so your user can now register, login, logout, and be remembered if he is logged in on his next visit. Now what if you want to create a page that is only visable to a logged in user? We will create a new page that you will just need to include into the top of any page you want to proctect to ensure they can not view that page unless they are logged in.

Create a file called 'login_check.php' and put the following code into it.

This will check to see if the user is logged in, and if not, redirect them to the login page. To protect any page, all you have to do is put the following code at the top of the page.

That simple.

And there you have it, a simple member and registration system that can be outfitted for almost any website, and is easy to update and tweak to your hearts content. I will be updating this periodically with a members page and edit account.

To add a Unique Member Page, please go onto my next tutorial: HERE

Hoped you enjoyed.

Hello everyone, i have redone this tutorial with some cleaner coding, and better methods and securer systems.

hey thanks for the tutorial its good nut i am getting no where with it

heres my clan sites url http://www.o4l-clan.clanteam.com/

the idea of this is so members can login and register on the site ect..

but ive did the guide the way you have and made all the php files and uploaded all of php files to the root and made the database with the sli injection thingy

but on the bottom of the site it just gives me cant find login page (or register page for that matter) any help would be great i am new to this stuff

am using dreamweaver cs4

i think i was ment to edit some of the php to fit with my site but i didnt its the same as in the tutorial

thanks

what do you mean it says cant find login page?

i tryed this tutorial and even got andrew on the irc chat too sort out alot of things in it such as host, user id ect..

but he called it poor php (his words not mine)

in the end i just pulled it from the site casue it wont work

thanks anyways

Ok, ill check out the coding and see what i can come up with.

Ok, found the error. Take out the following code from your register.php file. Its on line 81.

Also, i updated the process_login.php so copy the code from there again.

thank you very much i will try and report back

ok so far no different at all...

ive got an error at the top of the page and also were i placed the login/out bits

it say at the top cant find config.php yet i have checked its there in the root right beside the index.php

also in the config page is local host ment to be there after all my database and table are on the zymic sever so will i need the server ip instead?

um, keep it as localhost. That should not be changed. And, if it says can not find config.php, then it must not be in the same place as your index.php did you change the filename of config.php?

ok, code edited to work with zymic servers. Please let me know if you have any issues.

thanks for the fix

it works a treat now !!!!!!!!!

just got to learn php a hell of a lot better

your help was very good considering its was just over the irc lol

now just to make it clan member friendly with posting options, a personal area for each member and sum other kool stuff

thanks again

no problem, glad to help.

I added this to my page and everything works wonderfully, thank you for putting this up I've been looking for something like this for a long time. The only problem I have with it is that when I was testing the register page it just brings me right back to the index page and doesn't register anyone. If you could help out that would be awesome. Thank you.
I know a little bit about PHP and I alot about HTML but I cant seem to find a way to fix this.



i've tried changing the index.php?id=register to <?php echo $_SERVER['PHP_SELF']?> so it would send the information to itself but that brought up an error saying



Thanks for the code still. It is amazing and better then anything I could ever dream of doing so thank you.

**EDIT**
Okay I got it all fixed, I just added include 'config.php'; to the top of the page and that worked. If thats not what i needed to do or if that will cause a security breach let me know. Again thank you for this code.

yep, if you dont have the register.php included in the index, where the config.php is included, then you need to include it on the page like you did.

woah, what happened to all the posts?

hey

its me again

thanks for the last help but i need more

ok i tried to make a personal page for each member and when a member registers and logs in it will show them loged in on each page and even direct the to that page.

i also want to make a chat box that when you login into the site you can chat with your login id if thats possible

and finally on my main page you will see in the login box (bottom left) it states login

so you click the login button and it brings you to another page and in that box it has a place for a user name and password to be put in ect.. how can i make that come up on the home page so people can just enter there user and pass there?

thanks any help is welcome

oh! almost forgot heres the url for the site incase you dont have it anymore with all the pages being deleted for some strange reason??

http://www.o4l-clan.clanteam.com/

thanks again

I remember the last tutorial, this was better!!! Good Job!


Hello, I olso want help for that, but I have not finded it jet!

Thanks for the tutorial , great job !

I will utilize this for another site and see how it goes.


50cals

For the unique member page, you just have to have 1 page, and then get all the user info on the page based on the url info given, and the cookie settings of the user. So for instance, you would have them go to http://www.website.com/index.php?id=member_page&user=bob

Then, on the page you would have something like this:


That will display that users info. and if you want to make it where it will only show the information of the person looking at it, then you would do something like this:
Also, you would just need to go to the following url: http://www.website.com/index.php?id=member_page


For the chatbox, you could use javascript, ajax, flash, or any sort of different programming languages. Then just incorporate the php cookies for the user info.

for the login box to be on the actual page, all you have to do is put the following code:




Thanks! Im glad you like it.

hey thanks for the response i thought you gave up on us

i cant get this to work

<?php include "login.php"; ?>

i put it in the code of the website and on the uploaded page it just displays it (the code above) just like text so am doing something wrong

i havnt done website stuff in a while so i need a refresher course

also il try out the member page

let me know when ur on the chat so i can get help quicker thanks

(update)

i got it to work i tryed to put that php code inside another php code so yeah noob mistake XD

got it working

now on to the the member forum and then that chatbox




i dare say you have heard of a content management system? so... yeah i want a feature of one but i wonder if there is an easier way of getting it heres what i want it for

are clan leader wants a simple way to login (done) and then post in the results page the results of a matches. cms is away i have been told but are enoying to set up and arnt free so... no good to me or him. i would like it just so he can only post but if anyone can post in there we can manage with that because we try are best to act mature

i would like this feature for a front page such as co-leaders like me can post on the main page just like an event or a review on a game ect... and my clan friends can post under it.

to me it seems complex and more than likely is but your input is highly valued. after all i dont want to promise features to people in my clan if they cant even be done or at least without shelling out money.

thanks

if you in the local il buy you a pint

Hey, no problem. Ok, cms will take some work to create a good working system, but it is doable. To start off, you already have the member system. Now to create different types of users, you just need to add a row to your users table, you can call it "group". And then, you can use the following code to limit a certain function to a certain group.

damit....

is there any other way to have an editable region on a site like a page that are clan results can post on. because i know cms is hard to make especialy for me

maybe a flash based programe that takes the data from the cookies?

or

a php code that allows a peice of the website to be changed or written

cause i dont think this host "zymic" supports a content management system? so theres no point me looking at tring to make one...

any another ideas??

Zymic supports cms, as long as it doesnt use the mail() function, which unless your making a newsletter, shouldnt be an issue. To have a piece of the website changed or written by a php code, you can have a new table for all the info you want displayed, then display it by getting the info from the database, and using echo to display it on the webpage. To edit it, all you need is another page, with a form that when submitted, changes the info in the database to the new info you put in on the form.

so what your saying theres no easy way to do this then again we passed easy along time ago lol

ok so i want to have a go at this system but theres no tut for it from what i can see.... otherwise i would have to ask you every little question that pops into my head lol

so this host haas a website cms built in? or i have to make one? if i have to make one then its abit complex for me in all honesty...

its not that am lazy as such i just dont understand this well enough to make such a complex system. is there a pre built system i can use? also can anyone log into the cms or just the zymic account holder (me)

thanks

Im not saying this will be hard, in fact, if you know the basics, its pretty simple to make one, it will just take a lil bit of time.

If you want a pre-built cms, http://drupal.org/ is a good choice. Also, check out http://lmgtfy.com/?q=php+cms+tutorial

kool il take a look at the prebuilt one first. if i cant get it to suit my clan website then i will go for a built from scratch one

will i have to give them (my clan mates) my zymic account info to use the cms or can i make restrictions so their site user name and password should be all they need?

say i login to the site ok? will the cms load up automaticlly? or will it be optional to open like a popup button or will i have a special login name and password thay only can access the cms?

thanks

The CMS will be built into your site. So you can have the users login details work with the cms.

great it finally makes sence to me (in a way) lol

now to pick one and start adding it to the site

thanks for the help

No Problem.

hey, I wanted to make a system where there is NO registration (only I can input the registered accounts). Only people can login, and when they click on a page called 'Your Stats' it displays all the information about them (which is also hand inputed).

look up wordpress it does just that. it can be used as a cms and is very newbie friendly compared to the rest.

also very easy to install on zymic, you can do it in 10 mins tops with the info you need like your host name, admin acount details ect...

i would recommend it no problem

hope this helps

How to make a profile page!!!!

Use the SQL syntax:
And in the page body use these php syntax to show user info:

A tutorial coming!

Technically, the code you have written will not work, as you have not queried the server for selection, and have not set $rows to any sort of value, let alone the database. You would want to do something like this in your body:

This is of course you are using my member system, otherwise you would just have to change some variables around in this and possibly the table name.

SQL queries
I notice you are missing ` (back ticks) in all of your SQL queries. This is not a major issue if you are only using simple queries however using back ticks is a good habit to get into from the start. Not only does it help differentiate between the database and column names, it also allows you to use a larger variety of characters (. , - ; etc) in your database and column names (later in more complicated queries).

Using cookies
This point is very dependent on what your websites' purpose is but I have always found sessions to be more useful and safer for the user. Especially seeing how stupid users can be . e.g. Turning off cookies, clearly them often, etc.

User input
This is probably the most important of my points. I notice you are using mysql_real_escape_string in your "safe" function but apart from that, you are not validating or sanitizing the user input which is a big worry. Especially that I was able to sign up with a blank space for user name and password.
I would suggest you look at implementing some further validation and sanitizing such as trim, stripslashes, htmlspecialchars and empty to name a few.
Another thing that is really handy to use for validation and sanitizing is filter_var, which includes many filters like email, URL, and booleans. (full docs - validate_filters)

Error messages
You do have a form of error messages to show the user that something has not gone as planned but they are not very descriptive as to what actually happened. i.e. If they miss a field in the sign up, they just get a "You did not fill in a required field." message instead of telling them specifically what they missed and how to fix it to proceed.
One suggestion is to put your errors into an array for displaying them. That way you can be specific in case of multiple errors so the user can address them.

Code consistency
I myself have a bit of OCD when it comes to coding and layout of my code. Throughout your script you are using different layouts of statements and comments that make your code look really bad and n00b like. Stuff like:


The jumping backwards and forwards between single and double quotes may confuse readers and give a false impression of what the two actually do and what context they should be used.

Ok, thank you for your comments! I personally like using cookies because they can last longer in the system. I'll look into more security in the safe function.

Hmm, it works kind of. If I go to register.php, and then try submit my form, it takes me to index.php?=register.php (or something like that, I didn't copy and paste the exact code) where it's just blank.

Check what you have written, because the code in this tutorial works.

Of course, on my site: mittnett.zzl.org I using your system, and I have written that on my site. Forgot it now!

I'm glad you got it to work.

http://stellardissent.99k.org/index.php?

Everything is copied exactly. Maybe it's my browser, but I don't think so.

Um, works fine on my browser.

Thanks, this helped!

I'm a newb, and have no clue how to start this. I'm in the database, but I don't know what things I should fill out for the table.

index.php?id=register

doesn't work any suggestions :l

Croix - You will need to read a little on PHP and database management. I recommend you read the guide at http://php.net or at http://tizag.com

Ekutah - You can always use register.php

i like this turial just 1 problem the php files assume the files are on localhost. in my case they are not.
All files are in same folder but not local host, how do i fix that?

Hello,

Thanks for a comprehensive tutorial. I feel I have learnt a lot just by reading through it. I understand what I read, and I understand what the code does (except a lot of the punctuation!!) but that doesn't seem to help me much when it comes down to publishing and trying to work!

I have filled out everything, and edited the config.php page accordingly. I think I have typed in the $db_user and password / database correctly - yet whenever using a new host, you can never be sure that they're right or not.

"Warning: mysql_connect(): Access denied for user 'db_username'@'192.168.1.1' (using password: YES) in /www/zxq.net/m/a/j/majortrouble/htdocs/config.php on line 6 Couldn't connect to server."

That is the code I get. Noone seems to be talking on IRC (of the 20 ppl in there....) so if anyone else can help, I am grateful ;]
Hillyer

You need to update the database credentials to your correct ones for it to work.

A typo in my credentials was sorting the problem. Thanks to Dave in #zymic (irc) it is sorted :]

Well, I'm very new with PHP and MySQL.
First of all. I made all those files and then i uploaded them to my website, won't work.
Second, my website (http://mc-rp.zxq.net/) is coded in HTML and CSS. Is it possible to have this login working and that even though the site is coded in HTML?