This tutorial will demonstrate how to implement a user login/membership system in your website. Though implementing login/membership system appears to be a herculean task, it is actually lot more simpler than you think. In fact, all you need is a single table in your database, and a PHP-supported Server. To begin with, here is an outline of what this tutorial will show you how to do:
- User registration
- Gather username, password, email, and store in table
- User login
Before we can begin, we need to do the backend work with MySQL. First you can create a database, and in this case, let us call it "myDB" and this name will be used in example queries and code.
First, we need to create the table. Within the table, we have a structure similar to this:
- userid (auto increment)
- username password (MD5 hash)
- email address
Now that we have the basic structure of our table, we can go ahead and run a query through either your MySQL console, or through PHPMyAdmin. The query for creating myDB table is given below:
CREATE TABLE `myDB`.`usersystem` (
`userid` INT NOT NULL AUTO_INCREMENT ,
`username` VARCHAR( 50 ) NOT NULL ,
`password` VARCHAR( 32 ) NOT NULL ,
`email` VARCHAR( 50 ) NOT NULL ,
PRIMARY KEY ( `userid` )
)
After running the above query you will have your database and table all ready to go.
The Structure File (db.php)
The first PHP file will be the "structure" file. This is the file that will have our functions and database connectivity in it. This file will later be included at the top of every single PHP file on your website.
First we place session_start() on the first line. This function allow us to maintain our sessions with the login fields later. your PHP file will look like this:
<?phpsession_start();
?>
The next thing we want to do is to make a connection to the database. We use the mysql_connect() and mysql_select_db() functions. After adding these two lines, the PHP script will look like this:
<?phpsession_start();
mysql_connect("localhost", "username of your database", "password of database");
mysql_select_db("myDB");
?>
Now we create our user_login() function so we can use it every time the users enter their login information. We create the function name and the parameters (username and password) as shown below:
function user_login($username, $password)
{}
Let us now write the code that is actually needed to log in. We need to take the hash of the password and check it against the username. As long as there are more than 0 entries in the database for that username/password combination, we will allow the user to log in.
<?phpsession_start();
mysql_connect("localhost", "username of your database", "password of database");
mysql_select_db("myDB");
function user_login ($username, $password)
{//take the username and prevent SQL injections$username = mysql_real_escape_string($username);
//begin the query$sql = mysql_query("SELECT * FROM usersystem WHERE username = '".$username."' AND password = '".$password."' LIMIT 1");
//check to see how many rows were returned$rows = mysql_num_rows($sql);
if ($rows<=0 )
{echo "Incorrect username/password";
}else{//have them logged in$_SESSION['username'] = $username;
}}?>
Now that we have the db.php file, let us make the user registration part.
User Registration (register.php)
Now we can have a page where the user can register their account. It will be part HTML and part PHP. It can look as follows:
<html></html><form action="register.php" method="post">Username: <input name="username" type="text" />Password: <input type="password" name="password" />Email: <input name="email" type="text" /><input type="submit" value="Submit" /></form>
The basic HTML structure of the registration form is shown above. We can add some PHP code to handle the actual registration part. The form will send the information through POST, and we can handle it with PHP. We will take the username, make sure it does not exist, then create the account using mysql_query() to place the values within the database.
<?phpinclude("db.php");
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']))
{//Prevent SQL injections$username = mysql_real_escape_string($_POST['username']);
$email = mysql_real_escape_string($_POST['email']);
//Get MD5 hash of password$password = md5($_POST['password']);
//Check to see if username exists$sql = mysql_query("SELECT username FROM usersystem WHERE username = '".$username."'");
if (mysql_num_rows($sql)>0)
{die ("Username taken.");
}mysql_query("INSERT INTO usersystem (username, password, email) VALUES ( '$username', '$password', '$email')") or die (mysql_error()); echo "Account created.";)
}?>
<html></html>
<form action="register.php" method="post">
Username: <input name="username" type="text" />
Password: <input type="password" name="password" />
Email: <input name="email" type="text" />
<input type="submit" value="Submit" />
</form>
The login page (login.php)
Final let us create the login page. For login.php, we can have a form for the username and password, then we pass those values to the user_login() function we made earlier in the db.php script.
We can once again have a basic HTML structure for login.php
<html></html><form action="login.php" method="post">Username: <input name="username" type="text" />Password: <input type="password" name="password" /><input type="submit" value="Submit" /></form>
Now, we can add the PHP code before the HTML again to process the login, just like with the registration.
We do not really need to add much code, because most of it was done in the db.php page. Here is what you need:
<?phpinclude("db.php");if (isset($_POST['username'] && isset($_POST['password'])){user_login($_POST['username'], $_POST['password']);}?><html></html><form action="login.php" method="post">Username: <input name="username" type="text" />Password: <input type="password" name="password" /></form>
You now have everything you need for your user system. For all of the pages on your website, you must place this line at the very first line for this to work:
<?php include "db.php";?>
You can then show their username like so:
<?php echo "Logged in as: " . $_SESSION['username'];?>
That completes the demonstration on how to implement a user login/membership system in your website.
