40 replies to this topic

[vedran]

Whitey, could you please help me by showing me how to define user levels in config file, I'm really confuse right now

also, is this sql querry in ok:

 $query = $config->query("INSERT INTO members (id, username, password, email, userlevel VALUES (NULL, '$myusername', '$encrypt_password', '$email', DEFAULT)");  

[Whitey]

Message me on aim i have some files i create awhile back i can give you to learn from/

[choyaks]

works great! thanks for this dude! u rock!

[Brandon W]

Thanks mate. This was really helpful!! I read through the entire code and I believe I found something wrong.

In process.php.

        //Defines All The Users Inputs 

        $myusername=$_POST['myusername']; 

        $myusername2=$_POST['myusername']; 

        $mypassword=$_POST['mypassword'];     

        $mypassword2=$_POST['mypassword2']; 

        $email=$_POST['email']; 

        $passwordcount=$_POST['mypassword'];

With this line.

       $myusername2=$_POST['myusername']; 

Shouldn't in the POST be changed too myusername2?

[choyaks]

The variable $myusername2 is not used in this, you can confirm your username if you like just like the mypassword function ($mypassword != $mypassword2)

[Brandon W]

Oh I see. It just looked like a little mistake. My bad It was too late for anything xD

[Whitey]

I use 2 variables for several reasons.
If a user registers with lets say Jonny it could add a tag like )pH( to the front of the name so that it would be )pH(Jonny
So what this could do is they still would "Login" with Jonny but their display name would be )pH(Jonny

[Brandon W]

Oh. Now I understand. I come across some registration forms and it says Login name and display name.

Now I understand. Thanks

[laces12]

This was made probably cheaply but i learned alot while making this and it could possibly help people who are starting out in PHP.

config.php

<?php
class MySQLDB
{
   var $connection;         //The MySQL database connection

   /* Class constructor */
   function MySQLDB(){
      /* Make connection to database */
      $this->connection = @mysql_connect(localhost, whitey, abc123) or die(mysql_error());
      @mysql_select_db(blue, $this->connection) or die(mysql_error());
	}
	/**
    * query - Performs the given query on the database and
    * returns the result, which may be false, true or a
    * resource identifier.
    */
	//Use this function as query("Query line of code");
   function query($query){
      return mysql_query($query, $this->connection);
   }
};

$config = new MySQLDB;
?>

login.php

<?php
// Session Start is always needed when working with sessions.
session_start();
//Checks to see if the session error exist.. And if it does echo the error
if(session_is_registered(error))
{
echo ($_SESSION['error']);
session_unregister(error);
session_destroy();
}
?>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="process.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="0" bgcolor="#FFFFFF">
<tr>
<td colspan="4"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="68"><div align="right">Username</div></td>
<td width="3">:</td>
<td width="205"><input name="myusername" type="text" id="myusername"></td>
<td width="205">
<?php
// Checks to see if the Session Bad_char exist which is another error type.
if(session_is_registered(bad_char))
{
echo ($_SESSION['bad_char']);
session_unregister(bad_char);
session_destroy();
}
?></td>
</tr>
<tr>
<td><div align="right">Password</div></td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
<td> </td>
</tr>
<tr>
<td><input name="login" type="hidden" value="1"></td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
<td> </td>
</tr>
<tr>
  <td colspan="4"><div align="center"><a href="register.php">Register Account? </a></div></td>
  </tr>
</table>
</td>
</form>
</tr>
</table>

logout.php

<?
//Just in case the page was viewed it does a session_start or it would release an error. 
session_start();
//Destroys all the sessions
session_destroy();
//Unregisters your login
session_unregister(myusername);
//Redirects you back to the login page after 5 seconds
echo("<center><font size='4'>You are now logged out</font>");
echo("<br><a href='login.php'>Now redirecting you to home page or click here if you do not wish to wait.</a></center>");
echo("<META HTTP-EQUIV='refresh' CONTENT='5;login.php'>");

?>

main.php

<?
//Checks to see if you were logged in (if session myusername was registered or not)
//Redirects back to login.php if you aren't logged in and tryed viewing this page.
session_start();
if(!session_is_registered(myusername)){
header("location:login.php");
}
?>

<html>
<body>
<p>Login Successful<br>
  <a href="logout.php">Logout?</a></p>
</body>
</html>

process.php

<?php
include("config.php");
class Process
{
	function Process($connection){
		if(isset($_POST['login'])){
		$this->login();
		}
		elseif(isset($_POST['register'])){
		$this->register();
		}
		else{
		header("Location: login.php");
		}
	}
	//Member Login
	function login(){
	global $config;
		ob_start();
		
		// Define $myusername and $mypassword
		$myusername=$_POST['myusername'];
		$mypassword=$_POST['mypassword'];
		
		# Allows letters, numbers
		if(!preg_match('/^[a-zA-Z0-9]+$/i', $myusername)) 
		{
		session_register(bad_char);
		$_SESSION['bad_char'] = "<center><font color='red' size='1'>Invalid Charcter; Only Letters Or Numbers Can Be Used!</font></center>";
		header("location:login.php");
		}

		// To protect MySQL injection (more detail about MySQL injection)
		$myusername = stripslashes($myusername);
		$mypassword = stripslashes($mypassword);
		$myusername = mysql_real_escape_string($myusername);
		$mypassword = mysql_real_escape_string($mypassword);
		$encrypt_password = md5($mypassword);
		$query = $config->query("SELECT * FROM members WHERE username='".$myusername."' and password='".$encrypt_password."'");
		
		// Mysql_num_row is counting table row
		$count=mysql_num_rows($query);
		// If result matched $myusername and $mypassword, table row must be 1 row
		
		if($count==1){
		// Register $myusername, $mypassword and redirect to file "login_success.php"
		session_register("myusername");
		header("location:main.php");
		}
		else {
		session_register(error);
		$_SESSION['error'] = "<center><font color='red' size='4'>Wrong Username or Password</font></center>";
		header("location:login.php");
		}
		
		ob_end_flush();
	}
	
	//Register_Submit
	function register(){
	global $config;
	
		//Defines All The Users Inputs
		$myusername=$_POST['myusername'];
		$myusername2=$_POST['myusername'];
		$mypassword=$_POST['mypassword'];	
		$mypassword2=$_POST['mypassword2'];
		$email=$_POST['email'];
		$passwordcount=$_POST['mypassword'];
		
		# Allows letters, numbers
		if(!preg_match('/^[a-zA-Z0-9]+$/i', $myusername2)) 
		{
		session_register(bad_char);
		$_SESSION['bad_char'] = "<center><font color='red' size='1'>Invalid Charcter; Only Letters Or Numbers Can Be Used!</font></center>";
		header("location:register.php");
		}
    	
		
		//Stop SQL Injection
		$myusername = stripslashes($myusername);
		$mypassword = stripslashes($mypassword);
		$mypassword2 = stripslashes($mypassword2);
		$email = stripslashes($email);
		$myusername = mysql_real_escape_string($myusername);
		$mypassword = mysql_real_escape_string($mypassword);
		$mypassword2 = mysql_real_escape_string($mypassword2);
		$email = mysql_real_escape_string($email);
		
		//encrypt password variable
		$encrypt_password = md5($mypassword);
		
		$query = $config->query("SELECT * FROM members WHERE username='".$myusername."'");
		
		// Mysql_num_row is counting table row
		$count=mysql_num_rows($query);
		// If result matches $myusername then username is taken
		
		if($count===1){
		// Send error back to the register page if count = 1
		session_register(username_taken);
		$_SESSION['username_taken'] = "<center><font color='red' size='1'>The Username You Chose Is Already In Use</font></center>";
		header("location:register.php");
		}	
		elseif($mypassword != $mypassword2)
		{
		session_register(password_same);
		$_SESSION['password_same'] = "<center><font color='red' size='1'>Passwords Dont Match</font></center>";
		header("location:register.php");
		}
		elseif(strlen($mypassword) < "5")
		{
		session_register(password_less_then_5);
		$_SESSION['password_less_then_5'] = "<center><font color='red' size='1'>Password Must be Greater then 4 Charcters</font></center>";
		header("location:register.php");
		}
		else
		{
		$query = $config->query("INSERT INTO members (id, username, password, email) VALUES (NULL, '$myusername', '$encrypt_password', '$email')");
		session_register(welcome_screen);
		$_SESSION['welcome'] = 
		"Welcome, You are now a member of Corpal Uploads.<br>
		Reccommend us to your friends.<br>
		We are a free Upload site and WILL STAY FREE!<br>
		Thanks,<br>
		Whitey.<br>
		<a href='login.php'>Continue</a>";
		header("location: register.php");
		}
	
	}
};
$process = new Process($connection);
?>

register.php

<?php
session_start();
if(session_is_registered(welcome))
{
echo($_SESSION['welcome']);
session_unregister(welcome);
session_destroy();
}
else
{
?>
<table width="325" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form2" method="post" action="process.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="0" bgcolor="#FFFFFF">
<tr>
<td colspan="4"><strong>Member Register</strong></td>
</tr>
<tr>
<td width="61" height="28"><div align="right">Username</div></td>
<td width="3">:</td>
<td width="144"><input name="myusername" type="text" id="myusername"></td>
<td width="91">
<?php
if(session_is_registered(bad_char))
{
echo ($_SESSION['bad_char']);
session_unregister(bad_char);
session_destroy();
}
elseif(session_is_registered(username_taken))
{
echo ($_SESSION['username_taken']);
session_unregister(username_taken);
session_destroy();
}
?></td>
</tr>
<tr>
<td><div align="right">Password</div></td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
<td rowspan="2">
<?php
if(session_is_registered(password_same))
{
echo ($_SESSION['password_same']);
session_unregister(password_same);
session_destroy();
}
elseif(session_is_registered(password_less_then_5))
{
echo ($_SESSION['password_less_then_5']);
session_unregister(password_less_then_5);
session_destroy();
}
?></td>
</tr>
<tr>
  <td><div align="right">Password</div></td>
  <td>:</td>
  <td><input name="mypassword2" type="password" id="mypassword2"></td>
  </tr>
<tr>
  <td><div align="right">Email</div></td>
  <td>:</td>
  <td><input name="email" type="text" id="email" /></td>
  <td>
  <font color="#FF0000" size="2">Optional</font> </td>
</tr>
<tr>
  <td><input name="register" type="hidden" value="1" /></td>
  <td> </td>
  <td colspan="2"><input type="submit" name="Submit" value="Login" /></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<?php
}
?>

If you have any questions let me know. I will explain anything else if you need

can u get help with this?

[seyz4all]

you are the man

[Metaphiziks1]

Nice.

[ssSuave]

Thank you very much Whitey!

I am new to php, and I had the following question:

I know that to see if the user is logged in I use the following code:

if(session_is_registered(myusername))
{
echo "Display to member";
}

What i want to do is say "Welcome, (and the user's name)"

How do I get php to actually print the person's name.

I tried using this code

$myusername = $_SESSION[myusername];

and then simply saying

echo "Welcome, " .$myusername;

but that doesnt work

I would really appreciate it if someone could help me.
Thank you in advance