Announcement

Collapse
No announcement yet.

User Database...um?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • User Database...um?

    Ok this is a huge question i suppose, but i'm really not confident of trying to master this by just pure guess work.

    Basically, im trying to make a community in php...(no not a forum)

    I just want a simple log in system, where ppl can register, and browse the site as a member name. I know this must be a major task, but i wonder if anyone can point me in the direction of a tutorial for this in php?

    Sorry if this is such a noob question lol im just really in a process of making a good site, but not exactly masterful in the php department.

    Cheers anyway any feedback would be cool.

    Judd

  • #2
    Here's some info on a simple community system. This is as basic as it gets. Usually, each page wouldn't connect to the database independently, but there would be a configuration file that does it automatically, yada yada yada. This isn't supposed to be a tutorial, but I'll get as close to it as i can

    User Info Table

    This is a simple user information table, only used for storing user names and passwords.

    Code:
    CREATE TABLE users (
        userid varchar(20) primary key not null,
        password char(32) not null
    );
    This creates the table users, which is able to store a user name of up to 20 characters and an MD5 encrypted password, which is always 32 characters in length.

    The Registration Page

    First of all, you want users to register. The info gathered will go in the table described above. Here's a very simple user registration script.

    Works with the latest PHP version...

    PHP Code:
    <?

    @mysql_connect("host""user""password") or die(mysql_error());
    @
    mysql_select_db("database");

    if (isset(
    $_GET['action']) && $_GET['action'] == 'register') {
        echo 
    'Creating user account...';
        if (!
    $_POST['userid'] || !$_POST['password']) {
            die(
    "Not enough information entered.");
        }
        @
    mysql_query("INSERT INTO user (userid, password) VALUES (\"$_POST[userid]\", MD5(\"$_POST[password]\"))") or die(mysql_error());
        echo 
    'done!';
        exit;
    }

    ?>

    <html>
    <body>
    <form action="<?=$_SERVER['PHP_SELF']?>?action=register" method="post">
    Choose user name: <input type="text" name="userid"><br>
    Choose password: <input type="password" name="password"><br>
    <input type="submit" value="Create account"><br>
    <a href="login.php">Login</a>
    </form>
    </body>
    </html>
    And a little explanation...

    The 3rd and 4th line connect to MySQL and select your database.
    The 6th line checks to see if you've clicked the submit button by looking at the query string.
    The 8th, 9th, and 10th lines check to see if you entered a user and password.
    The 11th enters your information into the user table.
    The 13th exits the script.
    The HTML page that follows is the registration form, with the user and password fields, and the submit button.

    Visit http://dan.thehardwire.com/php_help/register.php to see it in action.

    The login page

    This checks the user's authorization and sets cookies with their user information.

    PHP Code:
    <?

    @mysql_connect("host""user""password") or die(mysql_error());
    @
    mysql_select_db("database");

    if (isset(
    $_GET['action']) && $_GET['action'] == 'login') {
        
    $result = @mysql_query("SELECT * FROM user WHERE userid = \"$_POST[userid]\" AND password = MD5(\"$_POST[password]\")") or die(mysql_error());
        if (
    mysql_num_rows($result) == 0) {
            die(
    'You are not authorized.');
        }
        
    $user_info mysql_fetch_array($result);
        
    setcookie('userid'$user_info['userid'], time() + (60 60 24 365 20));
        
    setcookie('password'$user_info['password'], time() + (60 60 24 365 20));
        echo 
    "You are authorized, $user_info[userid]!";
        exit;
    }

    ?>
    <html>
    <body>
    <form action="<?=$_SERVER['PHP_SELF']?>?action=login" method="post">
    User name: <input type="text" name="userid"><br>
    Password: <input type="password" name="password"><br>
    <input type="submit" value="Login"><br>
    <a href="register.php">Register</a>
    </form>
    </body>
    </html>
    The 3rd/4th lines connect to the database.
    The 6th checks to see if the submit button was pressed.
    The 7th queries the user table to see if the user's record exists, and if they have the right password.
    The 8th, 9th, and 10th kill the script if they're not authorized.
    The 11th gets the info as it appears in the database. This is useful since the user might enter their username in lower case letters into the form, but may have registered with caps. This way it shows how they want it to look.
    The 12th/13th set the cookies to expire 20 years from now.
    The 14th/15th say they're authorized and exit the script.
    The HTML is the login form, with a link to the registration page.

    See it at http://dan.thehardwire.com/php_help/login.php

    You can expand from here anyway you want. The user table could hold profile information, like signatures and options. It's up to you, as long as you know how to do it

    Comment


    • #3
      Wow, cheers buddy, managed to set that one up. That's pretty nifty. Better then most tutorials ive seen for a simple login.

      Now i just gotta figure out how to make profiles and how to incorporate it into my site

      Thanks again

      Judd.

      Comment


      • #4
        Since I like writing tutorials or whatever, I guess I'll continue on what to do next

        For profiles you would just add some fields to the user table...

        Code:
        CREATE TABLE user (
            userid varchar(20) primary key not null,
            password char(32) not null,
            signature varchar(200) not null,
            email varchar(200) not null,
            aim varchar(15),
            icq bigint,
            msn varchar(100),
            yahoo varchar(15)
        );
        The email fields don't really have to be that long, but some people are smartasses and make junk email boxes with really long names...like me The extra fields can be added to the regitration page.

        And all of the info would be accessable in the $user_info array...and you could get the info for whoever you want:

        PHP Code:
        <?

        @mysql_connect("host""user""password") or die(mysql_error());
        @
        mysql_select_db("database");

        if (isset(
        $_GET['action']) && $_GET['action'] == 'viewprofile') {
            if (!isset(
        $_GET['userid']) || !$_GET['userid']) {
                die(
        "No user name selected! If you followed a link, then the link's screwed up!");
            }
            
        $result = @mysql_query("SELECT * FROM user WHERE userid = '$_GET[userid]'") or die(mysql_error());
            
        $user_info mysql_fetch_array($result);
        ?>
        <html>
        <body>
        <b>User name:</b> <?=$user_info['userid']?><br>
        <b>E-Mail:</b> <?=$user_info['email']?><br>
        <b>Signature:</b><br>
        <blockquote><?=$user_info['signature']?></blockquote>
        <b>AIM SN:</b> <?=$user_info['aim']?><br>
        <b>ICQ UIN:</b> <?=$user_info['icq']?><br>
        <b>Passport:</b> <?=$user_info['passport']?><br>
        <b>Yahoo!:</b> <?=$user_info['yahoo']?>
        </body>
        </html>
        <?
            
        exit;
        }

        echo 
        "<html><body>Pick someone:<br><br>";
        $result = @mysql_query("select * from user") or die(mysql_error());
        while (
        $user_info mysql_fetch_array($result)) {
            echo 
        "<a href=\"$_SERVER[PHP_SELF]?action=viewprofile&userid=" urlencode($user_info[userid]) . "\">$user_info[userid]</a><br>";
        echo 
        "</body></html>";
        }

        @
        mysql_close();
        ?>
        Here's are the steps:

        1. Connect to database
        2. Check to see if they clicked a username
        3. Get the user's info from the database
        4. Display it
        5. Exit if they chose to see a profile, otherwise keep going
        6. Select all of the profiles in the database
        7. Echo them one by one as links to the profiles, URL encoding the username, just in case.
        8. Done

        http://dan.thehardwire.com/php_help/profiles.php for the page itself (I erased the other table)

        Now lets say you want only registered users to see the page. Add this little bit to the beginning, after the MySQL connection, and you're all set:

        PHP Code:
        if (!isset($_COOKIE['userid']) || !$_COOKIE['userid'] || !isset($_COOKIE['password'])|| !$_COOKIE['password']) {
            die(
        "You're not authorized! <a href=\"login.php\">Login</a>");
        } else {
            
        $result = @mysql_query("select userid, password from user where userid = \"$_COOKIE[userid]\" and password = \"$_COOKIE[password]\"") or die(mysql_error());
            if (
        mysql_num_rows($result) == 0) {
                die(
        "You're not authorized! <a href=\"login.php\">Login</a>");
            } else {
                echo 
        "You're authorized!<br><br>";
            }

        If you're gonna check for their log state on many pages, I would suggest putting this all in a "user_logged_in()" function.

        The first line checks to see if the cookies exist, and if they don't, say they're not authorized.
        If they do exist, check to see if the user and password matches up in the database -- anyone could snoop into the cookie and try to pretend they're authorized.
        If the records match, they're authorized and the page continues, if they don't, they're not authorized and the script kills itself

        http://dan.thehardwire.com/php_help/auth_profiles.php - requires you to register or login.

        And that's it for this installment I don't care if you don't want more, I'll keep going

        Edit: You can view the source files at http://dan.thehardwire.com/php_help/source, and the file name is whatever file you want to see with the phps extension, like http://dan.thehardwire.com/php_help/..._profiles.phps
        Last edited by Dan615; Mon 12 Aug '02, 9:05am.

        Comment

        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
        Working...
        X