Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
* * * * * 2 votes

Creating login/registration forms with PHP

registration form registration login

  • Please log in to reply
105 replies to this topic

#13 amrosama

amrosama

    CC Mentor

  • VIP Member
  • PipPipPipPipPipPipPipPip
  • 2765 posts

Posted 05 April 2009 - 04:07 AM

well, thnx for the advice ill consider that on my next tutorial
  • 0
yo homie i heard you like one-line codes so i put a one line code that evals a decrypted one line code that prints "i love one line codes"
eval(base64_decode("cHJpbnQgJ2kgbG92ZSBvbmUtbGluZSBjb2Rlcyc7"));
www.amrosama.com | the unholy methods of javascript

#14 bb2

bb2

    CC Lurker

  • Just Joined
  • Pip
  • 1 posts

Posted 14 April 2009 - 11:39 PM

How secure is this form? Should i be afraid for any sql injections or such?
  • 0

#15 amrosama

amrosama

    CC Mentor

  • VIP Member
  • PipPipPipPipPipPipPipPip
  • 2765 posts

Posted 15 April 2009 - 07:27 AM

its not secure at all! its for beginners Posted via CodeCall Mobile
  • 0

#16 arragonx

arragonx

    CC Lurker

  • Just Joined
  • Pip
  • 1 posts

Posted 17 April 2009 - 10:51 PM

Great tutorial ;)
  • 0

#17 amribrahim2000

amribrahim2000

    CC Lurker

  • Just Joined
  • Pip
  • 1 posts

Posted 08 June 2009 - 05:10 AM

thanks amr :)
  • 0

#18 amrosama

amrosama

    CC Mentor

  • VIP Member
  • PipPipPipPipPipPipPipPip
  • 2765 posts

Posted 09 June 2009 - 09:15 PM

you are welcome Amr!
  • 0
yo homie i heard you like one-line codes so i put a one line code that evals a decrypted one line code that prints "i love one line codes"
eval(base64_decode("cHJpbnQgJ2kgbG92ZSBvbmUtbGluZSBjb2Rlcyc7"));
www.amrosama.com | the unholy methods of javascript

#19 lin

lin

    CC Lurker

  • Just Joined
  • Pip
  • 2 posts

Posted 14 August 2009 - 06:23 PM

hopefully.. can solve my problem..
  • 0

#20 lin

lin

    CC Lurker

  • Just Joined
  • Pip
  • 2 posts

Posted 14 August 2009 - 06:56 PM

i run it... it succesfully run... but why it appeared error

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\Program Files\xampp\htdocs\test\index.php:8) in C:\Program Files\xampp\htdocs\test\index.php on line 9

in log in page (index.php)... someone can help me???
  • 0

#21 rahmat

rahmat

    CC Lurker

  • Just Joined
  • Pip
  • 2 posts

Posted 27 August 2009 - 11:45 PM

Creating login/registration forms with php


Its 31/12/2008, happy new year everyone!. This might be the last tutorial of 2008 or the first tutorial of 2009 depending on the time this tutorial will get approved
This tutorial will help you as a beginner to create a simple login page for your php projects, in this tutorial you will learn about sessions in php, inserting and retrieving records from mysql server.
The database table:
Before writing the code create this table in your server by running the text file attached with mysql console or simply create it yourself, we will use it to store the users information

CREATE TABLE `test`.`users` (
`id` INT NOT NULL auto_increment ,
`name` VARCHAR( 20 ) NOT NULL ,
`password` VARCHAR( 20 ) NOT NULL ,
`email` VARCHAR( 20 ) NOT NULL ,
PRIMARY KEY ( `id` ) 
)


Let’s start:
A.The login page(main page):
In this simple php page there are three session variables we are using; “logging”, “logged”, and “user” they are all bool variables. We will use them to execute the right code for each scenario
<html>
<head>
<title>login page</title>
</head>
<body bgcolor="black" style="color:gray">
<form action="index.php" method=get>
<h1 align="center" style="color:gray" >Welcome to this simple application</h1>
<?php
session_start(); 
if($_SESSION["logged"])
{
     print_secure_content();
}
else {
    if(!$_SESSION["logging"])
    {  
    $_SESSION["logging"]=true;
    loginform();
    }
     else if($_SESSION["logging"])
       {
         $number_of_rows=checkpass();
         if($number_of_rows==1)
            {	
	         $_SESSION[user]=$_GET[userlogin];
	         $_SESSION[logged]=true;
	         print"<h1>you have loged in successfully</h1>";
	         print_secure_content();
            }
            else{
               	print "wrong pawssword or username, please try again";	
                loginform();
            }
        }
     }

1-the first thing to do when you are using session variables on a php page is to start the session service on the page by this line “session_start();”, if you ignored this line the page will work fine but the session variables wont be saved when you refresh the page or go to another page.

2-after starting the service, we check if the user is already logged in “if($_SESSION['logged'])“, if he is we print him a nice welcome message by calling the function for the secure content (we will look at it later)

3-if he isn’t logged in, we show the login fields (username and password) by the function “loginform()”, and set the session variable” $_SESSION["logging"]” to true in order to check the entered username and password when he/or she hits the login button

4-when he/or she enters the username and password then hits the login in button the code that will be only executed will be the code after “else if($_SESSION["logging"])“ because we have set the logging session variable to true, in this code block the variable “$number_of_rows” gets its value from the function “checkpass()” which is basically takes the username and password and checks the server if it already exists, if it exists it returns one else it will return 0…..thats why we check “$number_of_rows”:
- if it equals one if it really does we will set the variable “user” in the session to the entered username, and sets the logged bool variable to true.
--If the “$number_of_rows” isn’t 1, we will print him the input fields again.

Now let’s look at the functions:

1.loginform()
function loginform()
{
print "please enter your login information to proceed with our site";
print ("<table border='2'><tr><td>username</td><td><input type='text' name='userlogin' size'20'></td></tr><tr><td>password</td><td><input type='password' name='password' size'20'></td></tr></table>");
print "<input type='submit' >";	
print "<h3><a href='registerform.php'>register now!</a></h3>";	
}
all it does is printing out the fields to the user

2.checkpass()
function checkpass()
{
$servername="localhost";
$username="root";
$conn=  mysql_connect($servername,$username)or die(mysql_error());
mysql_select_db("test",$conn);
$sql="select * from users where name='$_GET[userlogin]' and password='$_GET[password]'";
$result=mysql_query($sql,$conn) or die(mysql_error());
return  mysql_num_rows($result);
}
This function establishes a connection with the mysql server through the “mysql_connect()” function which takes in two parametes;1.servername (or address) 2.the username used to login to the database, if theres a password you should add it
After connection to the server we choose the database that we will use using the “mysql_select_db();” function which takes in 2 variables;1. The name of the database and 2.The connection variable.
The sql statement:
$sql="select * from users where name='$_GET[userlogin]' and password='$_GET[password]'";
It simple gets the field that match the user login and password that the user have entered along with the ones in in the table called “users”, after that we run the statement using the function “mysql_query($sql,$conn)” and returning the results to a variable called $result
Finally we return the number of retrieved rows.

3.print_secure_content()
function print_secure_content()
{
print("<b><h1>hi mr.$_SESSION[user]</h1>");
print "<br><h2>only a logged in user can see this</h2><br><a>href='logout.php'>Logout</a><br>";	
	
}
No explanation needed

B. The logout page:
If the user wishes to logout, we clear the session variables this can be easily done by making him open this php page “logout.php”
<?php
session_start(); 
if(session_destroy())
{
print"<h2>you have logged out successfully</h2>";
print "<h3><a href='index.php'>back to main page</a></h3>";
}
?>
What we did here is starting the session and destroying it, if it was cleared successfully we display that to the user

c. Registration form:
A simple html page that lets the use enters the name and passwords and submit it to the serve on the page “register.php”
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>register</title>
</head>
<body  bgcolor="black"    style="color:white;">
<FORM ACTION="register.php" METHOD=get>
<h1>welcome to the registration page</h1>
please input the registration details to create an account here<br>
<table border="2">
<tr>
<td>User Name :</td><td><input name="regname" type="text" size"20"></input></td>
</tr>
<tr>
<td>email :</td><td><input name="regemail" type="text" size"20"></input></td>
</tr>
<tr>
<td>password :</td><td><input name="regpass1" type="password" size"20"></input></td>
</tr>
<tr>
<td>retype password :</td><td><input name="regpass2" type="password" size"20"></input></td>
</tr>
</table>
 <input type="submit" value="register me!"></input>
</FORM>
</body>
</html>
Note: you can add some JavaScript to validate the code before submitting, but I didn’t want to make this tutorial long and boring

d. register php page:
This php script checks the data that the user have entered in the “registrationfor.php” and inserts it into the database (simple, huh?).
<?php
if($_GET["regname"] && $_GET["regemail"] && $_GET["regpass1"] && $_GET["regpass2"] )
{
	if($_GET["regpass1"]==$_GET["regpass2"])
	{
	$servername="localhost";
    $username="root";
    $conn=  mysql_connect($servername,$username)or die(mysql_error());
    mysql_select_db("test",$conn);
    $sql="insert into users (name,email,password)values('$_GET[regname]','$_GET[regemail]','$_GET[regpass1]')";
    $result=mysql_query($sql,$conn) or die(mysql_error());		
    print "<h1>you have registered sucessfully</h1>";
   
    print "<a href='index.php'>go to login page</a>";
	}
	else print "passwords doesnt match";
}
else print"invaild data";
?>

The first line checks if all the variables in the get isn’t null then it checks if the two password fields match, if yes it connects to the server, selects the database and runs the sql insert statement, which is:
$sql="insert into users (name,email,password)values('$_GET[regname]','$_GET[regemail]','$_GET[regpass1]')";
No explanation needed

Important Notes:
1.you can use this code to check the available variables and its values in your session or any other global variables
foreach ($_SESSION as $key=>$value) {
  print "\$_ SESSION [\"$key\"] == $value<br>";}


2.its wise to check if a session variable exists before using it this can be done using this code:
if(isset($_SESSION['variable_name'])) print “it exists”;
else print “it doesn’t”;

3.you can hide the values of your form submits by using the POST method of your forms


That’s all, I hope that you find this tutorial helpful and don’t hesitate to ask or comment here.

All the files above are attached in this thread


goood
  • 0

#22 rahmat

rahmat

    CC Lurker

  • Just Joined
  • Pip
  • 2 posts

Posted 27 August 2009 - 11:52 PM

good
  • 0

#23 urduworld

urduworld

    CC Lurker

  • Just Joined
  • Pip
  • 1 posts

Posted 15 September 2009 - 08:21 AM

very nice bro very nice:
but here is some problem i 'm using free hosting which is not providing me SQL database. so please can you tell me any script like this but no database require.

urduworld.110mb.com
  • 0

#24 amrosama

amrosama

    CC Mentor

  • VIP Member
  • PipPipPipPipPipPipPipPip
  • 2765 posts

Posted 15 September 2009 - 08:28 AM

you can use regular text files instead of database. its not gonna be easy, because you will have to write your own inserting, searching(quires) functions.
the files may look like this:
users.txt
username:password
test:testpass
  • 0
yo homie i heard you like one-line codes so i put a one line code that evals a decrypted one line code that prints "i love one line codes"
eval(base64_decode("cHJpbnQgJ2kgbG92ZSBvbmUtbGluZSBjb2Rlcyc7"));
www.amrosama.com | the unholy methods of javascript





Also tagged with one or more of these keywords: registration form, registration, login