Hey there, this is the first part in a chain of usersystem tutorials I’m going to make. This can be used for any type of website!
Step 1. The SQL.
Without the SQL and the database, there would be nowhere to store all of the precious user information! With that in mind, create yourself a new database and call it whatever you want. Then go back to your home and find phpMyAdmin, click that. Find your database and run this SQL:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| CREATE TABLE `users` (
`id` INT( 11 ) NOT NULL AUTO_INCREMENT ,
`username` VARCHAR( 50 ) NOT NULL ,
`password` VARCHAR( 100 ) NOT NULL ,
`email` VARCHAR( 100 ) NOT NULL ,
`status` VARCHAR( 10 ) NOT NULL DEFAULT '1',
PRIMARY KEY ( `id` )
) ENGINE = MYISAM ;
INSERT INTO `users` (
`id` ,
`username` ,
`password` ,
`email` ,
`status`)
VALUES ('1', 'Admin', 'c3284d0f94606de1fd2af172aba15bf3', 'admin@domain.com', '1'); |
Step 2. The Database file.
A database file is a massive part of any usersystem. It defines where information will be stored in which database, and what functions should be used. Here is ours:
db.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| <?php
session_start();
$dbhost = 'localhost'; // This usually stays the same.
$dbuser = 'USER'; // Change this to your mySQL User.
$dbpass = 'PASSWORD'; // Change this to your mySQL Password.
$dbname = 'DATABASENAME'; // Change this to the Database you have created.
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die('Sorry, there was a problem while connecting to the mySQL!'); // This connects to the database using the information you entered above.
mysql_select_db($dbname); // This will select the database and use it.
// Do not edit from here on!
$username = $_SESSION['username'];
$user1 = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'");
$user = mysql_fetch_array($user1);
?> |
Just read the comments and replace what’s needed, then you can continue to step 3.
Step 3. The Login.
The most obvious, and needed, file of the usersystem is the Login file. In this tutorial, we will use the Login file for both the logged in area, and the user login area.
There are many ways to do this, for example with AJAX, but for this tutorial we will be using HTML, PHP & mySQL. For example:
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
| <?php
session_start(); // Starts the users session.
include "db.php"; // Includes the database file we created earlier.
switch($_GET['action']) { // This switches to the specified action we give it, like a new page.
default: // The default page to display when visiting the file.
if($user['username']) { // If the user is logged in...
echo "You are being redirected now. If this appears for more than 3 seconds, <a href='login.php?action=members'>click here</a>."; // Redirect them to the Members case.
echo "<meta http-equiv='refresh' content='3;url=login.php?action=members' />";
}else{ // If theyre not logged in...
echo "<form action='login.php?action=submit' method='post'>
Username:<br />
<input type='text' maxlength='50' name='username' id='username'><br />
Password:<br />
<input type='password' maxlength='50' name='password' id='password'><br />
<input type='submit' value='Login!'>
</form>"; // Show the Login form!
} // End the else.
break; // Finish the case.
case 'members': // The Members area case.
if (!$user['username']) { // If the user isnt logged in...
echo "You are not logged in! Please wait...";
echo "<meta http-equiv='refresh' content='3;url=login.php' />"; // Redirect them.
}else{ // Or if they are...
echo "Welcome back, " . $user['username'] . "!<br />
<a href='login.php?action=logout'>Logout</a>"; // Welcome them, and give them links to the other members area options!
} // End the else.
break; // Finish the case.
case 'submit': // The submit case, where the login data gets processed!
$username = $_POST['username']; // Define what the username is from the form.
$password = md5(md5($_POST['password'])); // Define what the password is from the form.
$sql1 = mysql_query("SELECT * FROM `users` WHERE `username` = '$username' && `password` = '$password'"); // Check if the user exists...
$sql = mysql_fetch_array($sql1);
if(!$sql) { // If they dont exist...
echo "This user does not exist, or you have entered an incorrect password. Please try again!";
}else{ // Or if they do exist...
$check1 = mysql_query("SELECT * FROM `users` WHERE `username` = '$username' && `password` = '$password'"); // Check them again...
$check = mysql_fetch_array($check1);
if(!$check) { // If there was an error...
echo "Sorry, this user does not exist or you have entered an incorrect password. Please try again!";
}else{ // Else if they DO exist with the correct info entered...
$_SESSION['username'] = $username; // Set the SESSION username.
$_SESSION['password'] = $password; // Set the SESSION password.
echo "Thanks for logging in! Please wait...";
echo "<meta http-equiv='refresh' content='3;url=login.php?action=members' />"; // Redirect them to the members area!
} // End!
} // Another End.
break; // End the case.
case 'logout': // The logout area.
unset($_SESSION['username']); // Destroy the users session.
unset($_SESSION['password']);
echo "You have been logged out, come back soon!"; // Nice message!
break; // End the logout case.
} // End the switch, dont code outside of this.
?> |
Step 4. Signup.
All of the work we’ve done so far would be a waste unless we had an area for users to signup at!
Here’s our code:
signup.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
| <?php
session_start(); // Starts the users session.
include "db.php"; // Include our database file.
switch($_GET['action']) { // Switch.
default: // Default display.
// Echo the signup form...
echo "<form action='signup.php?action=done' method='post'>
Username:<br />
<input type='text' name='username' maxlength='50' id='username'><br />
Password:<br />
<input type='password' name='password' id='password' maxlength='100'><br />
Email:<br />
<input type='text' name='email' id='email'><br />
<input type='submit' value='Signup!'>
</form>";
break; // End default.
case 'done': // Finish signup case.
$username = $_POST['username']; // Finds the username entered.
$password = md5(md5($_POST['password'])); // Finds the password entered.
$email = $_POST['email']; // Finds the email entered.
$select1 = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'"); // Find out if the username is already in use...
$select = mysql_fetch_array($select1);
if($select['username']) { // If the users username exists...
echo "Sorry, this username is already in use! Please try again.";
}else{ // Else if its a free username...
$insert = mysql_query("INSERT INTO `users` (`username`,`password`,`email`) VALUES ('$username', '$password', '$email')"); // Insert them into the database.
echo "Thanks for signing up! You may now log in.";
} // End the else.
break; // End done case.
} // End switch.
?> |
Thats all for now, I’ll be adding more to this part of the tutorial later on soon.
NOTE: This has not been tested, if you get any errors post them here and we will deal with them asap!
Also, this was made for educational purposes only, due to security it should not be used on any live site, and it is my coding, you may use it for personal use only without permission.
Regards,
Tom.