Creating login/registration forms with php

[rahmat]

Creating login/registration forms with php


Its 31/12/2008, happy new year everyone!. This might be the last tutorial of 2008 or the first tutorial of 2009 depending on the time this tutorial will get approved
This tutorial will help you as a beginner to create a simple login page for your php projects, in this tutorial you will learn about sessions in php, inserting and retrieving records from mysql server.
The database table:
Before writing the code create this table in your server by running the text file attached with mysql console or simply create it yourself, we will use it to store the users information

Code:

CREATE TABLE `test`.`users` (
`id` INT NOT NULL auto_increment ,
`name` VARCHAR( 20 ) NOT NULL ,
`password` VARCHAR( 20 ) NOT NULL ,
`email` VARCHAR( 20 ) NOT NULL ,
PRIMARY KEY ( `id` ) 
)

Let’s start:
A.The login page(main page):
In this simple php page there are three session variables we are using; “logging”, “logged”, and “user” they are all bool variables. We will use them to execute the right code for each scenario

Code:

<html>
<head>
<title>login page</title>
</head>
<body bgcolor="black" style="color:gray">
<form action="index.php" method=get>
<h1 align="center" style="color:gray" >Welcome to this simple application</h1>
<?php
session_start(); 
if($_SESSION["logged"])
{
     print_secure_content();
}
else {
    if(!$_SESSION["logging"])
    {  
    $_SESSION["logging"]=true;
    loginform();
    }
     else if($_SESSION["logging"])
       {
         $number_of_rows=checkpass();
         if($number_of_rows==1)
            {	
	         $_SESSION[user]=$_GET[userlogin];
	         $_SESSION[logged]=true;
	         print"<h1>you have loged in successfully</h1>";
	         print_secure_content();
            }
            else{
               	print "wrong pawssword or username, please try again";	
                loginform();
            }
        }
     }

1-the first thing to do when you are using session variables on a php page is to start the session service on the page by this line “session_start();”, if you ignored this line the page will work fine but the session variables wont be saved when you refresh the page or go to another page.

2-after starting the service, we check if the user is already logged in “if($_SESSION['logged'])“, if he is we print him a nice welcome message by calling the function for the secure content (we will look at it later)

3-if he isn’t logged in, we show the login fields (username and password) by the function “loginform()”, and set the session variable” $_SESSION["logging"]” to true in order to check the entered username and password when he/or she hits the login button

4-when he/or she enters the username and password then hits the login in button the code that will be only executed will be the code after “else if($_SESSION["logging"])“ because we have set the logging session variable to true, in this code block the variable “$number_of_rows” gets its value from the function “checkpass()” which is basically takes the username and password and checks the server if it already exists, if it exists it returns one else it will return 0…..thats why we check “$number_of_rows”:
- if it equals one if it really does we will set the variable “user” in the session to the entered username, and sets the logged bool variable to true.
--If the “$number_of_rows” isn’t 1, we will print him the input fields again.

Now let’s look at the functions:
1.loginform()

Code:

function loginform()
{
print "please enter your login information to proceed with our site";
print ("<table border='2'><tr><td>username</td><td><input type='text' name='userlogin' size'20'></td></tr><tr><td>password</td><td><input type='password' name='password' size'20'></td></tr></table>");
print "<input type='submit' >";	
print "<h3><a href='registerform.php'>register now!</a></h3>";	
}

all it does is printing out the fields to the user

2.checkpass()

Code:

function checkpass()
{
$servername="localhost";
$username="root";
$conn=  mysql_connect($servername,$username)or die(mysql_error());
mysql_select_db("test",$conn);
$sql="select * from users where name='$_GET[userlogin]' and password='$_GET[password]'";
$result=mysql_query($sql,$conn) or die(mysql_error());
return  mysql_num_rows($result);
}

This function establishes a connection with the mysql server through the “mysql_connect()” function which takes in two parametes;1.servername (or address) 2.the username used to login to the database, if theres a password you should add it
After connection to the server we choose the database that we will use using the “mysql_select_db();” function which takes in 2 variables;1. The name of the database and 2.The connection variable.
The sql statement:

Code:

$sql="select * from users where name='$_GET[userlogin]' and password='$_GET[password]'";

It simple gets the field that match the user login and password that the user have entered along with the ones in in the table called “users”, after that we run the statement using the function “mysql_query($sql,$conn)” and returning the results to a variable called $result
Finally we return the number of retrieved rows.

3.print_secure_content()

Code:

function print_secure_content()
{
print("<b><h1>hi mr.$_SESSION[user]</h1>");
print "<br><h2>only a logged in user can see this</h2><br><a>href='logout.php'>Logout</a><br>";	
	
}

No explanation needed

B. The logout page:
If the user wishes to logout, we clear the session variables this can be easily done by making him open this php page “logout.php”

Code:

<?php
session_start(); 
if(session_destroy())
{
print"<h2>you have logged out successfully</h2>";
print "<h3><a href='index.php'>back to main page</a></h3>";
}
?>

What we did here is starting the session and destroying it, if it was cleared successfully we display that to the user

c. Registration form:
A simple html page that lets the use enters the name and passwords and submit it to the serve on the page “register.php”

Code:

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>register</title>
</head>
<body  bgcolor="black"    style="color:white;">
<FORM ACTION="register.php" METHOD=get>
<h1>welcome to the registration page</h1>
please input the registration details to create an account here<br>
<table border="2">
<tr>
<td>User Name :</td><td><input name="regname" type="text" size"20"></input></td>
</tr>
<tr>
<td>email :</td><td><input name="regemail" type="text" size"20"></input></td>
</tr>
<tr>
<td>password :</td><td><input name="regpass1" type="password" size"20"></input></td>
</tr>
<tr>
<td>retype password :</td><td><input name="regpass2" type="password" size"20"></input></td>
</tr>
</table>
 <input type="submit" value="register me!"></input>
</FORM>
</body>
</html>

Note: you can add some JavaScript to validate the code before submitting, but I didn’t want to make this tutorial long and boring

d. register php page:
This php script checks the data that the user have entered in the “registrationfor.php” and inserts it into the database (simple, huh?).

Code:

<?php
if($_GET["regname"] && $_GET["regemail"] && $_GET["regpass1"] && $_GET["regpass2"] )
{
	if($_GET["regpass1"]==$_GET["regpass2"])
	{
	$servername="localhost";
    $username="root";
    $conn=  mysql_connect($servername,$username)or die(mysql_error());
    mysql_select_db("test",$conn);
    $sql="insert into users (name,email,password)values('$_GET[regname]','$_GET[regemail]','$_GET[regpass1]')";
    $result=mysql_query($sql,$conn) or die(mysql_error());		
    print "<h1>you have registered sucessfully</h1>";
   
    print "<a href='index.php'>go to login page</a>";
	}
	else print "passwords doesnt match";
}
else print"invaild data";
?>

The first line checks if all the variables in the get isn’t null then it checks if the two password fields match, if yes it connects to the server, selects the database and runs the sql insert statement, which is:

Code:

$sql="insert into users (name,email,password)values('$_GET[regname]','$_GET[regemail]','$_GET[regpass1]')";

No explanation needed

Important Notes:
1.you can use this code to check the available variables and its values in your session or any other global variables

Code:

foreach ($_SESSION as $key=>$value) {
  print "\$_ SESSION [\"$key\"] == $value<br>";}

2.its wise to check if a session variable exists before using it this can be done using this code:

Code:

if(isset($_SESSION['variable_name'])) print “it exists”;
else print “it doesn’t”;

3.you can hide the values of your form submits by using the POST method of your forms


That’s all, I hope that you find this tutorial helpful and don’t hesitate to ask or comment here.

All the files above are attached in this thread

goood

[rahmat]

good

[urduworld]

very nice bro very nice:
but here is some problem i 'm using free hosting which is not providing me SQL database. so please can you tell me any script like this but no database require.

urduworld.110mb.com

[amrosama]

you can use regular text files instead of database. its not gonna be easy, because you will have to write your own inserting, searching(quires) functions.
the files may look like this:
users.txt
usernameassword
test:testpass

[kartikssj]

nice!

[hudbarnett]

Hi there

I am totally new to php and i have setup the database and created a user and password. I have seen in the script where i put the username and databse name but i can't see where the password goes. Can anyone help...

Code:

<?php
 session_start();session_destroy();
 session_start();
if($_GET["regname"] && $_GET["regemail"] && $_GET["regpass1"] && $_GET["regpass2"] )
{
    if($_GET["regpass1"]==$_GET["regpass2"])
    {
    $servername="localhost";
    $username="root";
    $conn=  mysql_connect($servername,$username)or die(mysql_error());
    mysql_select_db("test1",$conn);
    $sql="insert into users (name,email,password)values('$_GET[regname]','$_GET[regemail]','$_GET[regpass1]')";
    $result=mysql_query($sql,$conn) or die(mysql_error());        
    print "<h1>you have registered sucessfully</h1>";
   
    print "<a href='index.php'>go to login page</a>";
    }
    else print "passwords doesnt match";
}
else print"invaild input data";

?>

[k1net1cs]

@hudbarnett

I don't really get what you're trying to ask, but I'll try to answer.

Code:

$sql="insert into users (name,email,password) values ('$_GET[regname]','$_GET[regemail]','$_GET[regpass1]')"; 


According to the SQL syntax above, the data from the registration form is inserted to a table named users, which has fields (or columns) named name, email & password.

$_GET[regname]'s value goes to the name column.
$_GET[regemail]'s value goes to the email column.
$_GET[regpass1]'s value goes to the password column.

Also, if I may enhance that rough code of yours :

Code:

<?php
session_start();
session_unset();

if(isset($_GET["regname"],$_GET["regemail"],$_GET["regpass1"],$_GET["regpass2"]))
{
  if($_GET["regpass1"] == $_GET["regpass2"])
  {
    $servername = "localhost";
    $username   = "root";
    $conn       = mysql_connect($servername,$username) or die('Could not connect : ' . mysql_error());

    mysql_select_db("test1");

    $sql    = "INSERT INTO `users` VALUES ('$_GET[regname]','$_GET[regemail]','$_GET[regpass1]')";
    $result = mysql_query($sql) or die('Could not insert values : ' . mysql_error());

    mysql_close();

    print "<h1>You have registered sucessfully.</h1><br><br>";
    print "Go to <a href='index.php'>login page</a>.";
  }
  else
    print "Passwords don't match.";
}
else
  print "Invalid input data.";
?>

Of course, these amendments of mine may not be optimal and/or may contain an error or two, but please do correct me if I'm wrong.

[so1i]

Hi there

I am totally new to php and i have setup the database and created a user and password.

You put the password for the database in the connection string along with $servername and $username, so it would be in this line:

Code:

$conn = mysql_connect($servername,$username,$password) or die('Could not connect : ' . mysql_error()); 


Hope that helps!

[Jaan]

Well.. I suggest if you have finished your code, remove those "mysql()" errors because they are good information for hackers

[k1net1cs]

@so1i
Ah, so that's what he really meant...
Nothing screws my head more than hours of Dragon Age, I guess... =b

@hudbarnett
Like Jaan said, those die() functions should not contain mysql_error() function anymore if the website is accessible by the public.
It's still fine if you just want to test things out in your own computer, though.
Might as well looking up some techniques in input validation, especially using regular expressions (regex).