 |
Hello, ladies and gentleman, to one of my biggest tutorials yet!
In this multi-page article I’m going to
show you how to set up the server side scripting for a complete
membership system, including everything from registration, to changing your
password, validation emails, etc.
First of all I'll outline what I’m going to cover in this tutorial:
-
MySQL Table Configuration
-
Registration script
-
Login script
-
Activation script
-
Members page
-
Resending validation emails
-
Logout script
-
Processing member commands
This set of scripts includes 32bit md5() password
encryption and the use of sha1() 40bit encryption to generate a 40 digit hash
that we can use for the activation code. You can download all scripts used in
this tutorial
here,
although you should be aware that I've added a nice CSS layout and
collapsing
menus into the final scripts to make things look a bit more spanky. MySQL Table Configuration
The first step is to set up your MySQL database. If you have access via
control panel software (i.e. cPanel), you should set everything up through there,
and add your user as usual. Otherwise, use
phpMyAdmin,
or write some SQL syntax to do it, as I will only be providing you with SQL to
set up the table.
Our database setup consists of a single table with 9 fields: User ID, Username, Password, Full
name, Email, Date, IP when registering, Whether activated and the Activation
key.
In the same order, we will be using these data types: int(11) PRIMARY auto_increment, Text, VARCHAR(32), Text, Text, Text, Text, int(1) DEFAULT 0,
VARCHAR(40). Bamboozled? Not to worry, here’s the SQL syntax you can use to
do it automatically for you:
CREATE TABLE `Users` (
`id` int(11) NOT NULL auto_increment,
`Username` text NOT NULL,
`Password` varchar(32) NOT NULL default '',
`Name` text NOT NULL,
`Email` text NOT NULL,
`Date` text NOT NULL,
`IP` text NOT NULL,
`Actkey` varchar(40) NOT NULL default '',
`Activated` int(1) NOT NULL default '0',
PRIMARY KEY (`id`)
)
With the database now set up, all we have to do is connect to it! In our
scripts this is controlled by a single file, config.php, which connects
to the server and opens the correct database. Configuration Script (config.php)
<?php
$l = mysql_connect ( "localhost" , "yourmysqlUser" , "password" ) or
die("Error connecting: <br><br>".mysql_error());
mysql_select_db( "yourdatabase" ) or die("Error getting db: <br><br>".mysql_error());
?>
|
The connection is defined in a variable because we
want to close it later, and we need a link identifier to use in
mysql_close(). So, with the basics covered, its on to the coding of the
individual scripts...
Registration Script (register.php)
I
think the best way for me to do this is to give you a big lump of code,
then tell you what each part does. So, let’s do that:
<?php
include 'config.php';
if(isset($_POST['submit']))
{
$first = addslashes(trim($_POST['firstname']));
$surname = addslashes(trim($_POST['surname']));
$username = addslashes(trim($_POST['username']));
$email = addslashes(trim($_POST['email']));
$pass = addslashes(trim($_POST['password']));
$conf = addslashes(trim($_POST['confirm']));
$ip = $_SERVER['REMOTE_ADDR'];
$date = date("d, m y");
if ( $_POST['password'] == $_POST['confirm'] )
{}else{
echo '<script>alert("Your passwords were not the same, please enter
the same password in each field.");</script>';
echo '<script>history.back(1);</script>';
exit;
}
$password = md5($pass);
if ((((( empty($first) ) || ( empty($surname) ) || ( empty($username)
) || ( empty($email) ) || ( empty($password) )))))
{
echo '<script>alert("One or more fields was left empty, please try
again.");</script>';
echo '<script>history.back(1);</script>';
exit;
}
if((!strstr($email , "@")) || (!strstr($email , ".")))
{
echo '<script>alert("You entered an invalid email address. Please
try again.");</script>';
echo '<script>history.back(1);</script>';
exit;
}
$q = mysql_query("SELECT * FROM Users WHERE Username = '$username'")
or die(mysql_error());
if(mysql_num_rows($q) > 0)
{
echo '<script>alert("The username you entered is already in use,
please try again.");</script>';
echo '<script>history.back(1);</script>';
exit;
}
$name = $first . ' ' . $surname;
$actkey = mt_rand(1, 500).'f78dj899dd';
$act = sha1($actkey);
$query = mysql_query("INSERT INTO Users (Username, Password, Name,
Email, Date, IP, Actkey) VALUES
('$username','$password','$name','$email','$date','$ip','$act')") or
die(mysql_error());
$send = mail($email , "Registration Confirmation" , "Thank you for
registering with YourWebsite.\n\nYour username and password is
below, along with details on how to activate your account.\n\nUser:
".$username."\nPass: ".$pass."\n\nClick the link below to activate
your account:\nhttp://EDITTHISURL.COM/activate.php?id=".$act."\n\nPlease
do not reply, this is an automated mailer.\n\nThanks", "FROM: auto@mailer.com");
if(($query)&&($send))
{
echo ' <html>
<head>
<title>Success</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="success">
<p>Thank you for registering, you will recieve an email soon with
your login details and your activation link so that you can activate
your account.</p>
<p><a href="login.php">Click here</a> to login once you have
activated.</p>
</div>
</body>
</html>
';
} else {
echo '
<html>
<head>
<title>Error</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="error">
<p>We are sorry, there appears to be a problem with our script at
the moment.</p>
<p>Your data was not lost. Username: '.$username.' | Password:
'.$pass.' | Email: '.$email.' | Full name: '.$name.'</p>
<p>Please try again later.</p>
</div>
</body>
</html>
';
}
} else {
?>
<html>
<head>
<title>Register</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="wrapper">
<div id="head">the registration page</div>
<br>
<div id="main">
<p>Welcome to the registration, fill out the form below and hit
Submit. All fields are required,so fill them all out! </p>
<form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="50%">First name </td>
<td width="50%"><input name="firstname" type="text" id="firstname"></td>
</tr>
<tr>
<td>Surname</td>
<td><input name="surname" type="text" id="surname"></td>
</tr>
<tr>
<td>Email Address </td>
<td><input name="email" type="text" id="email"></td>
</tr>
<tr>
<td>Username</td>
<td><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>Password</td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td>Confirm Password </td>
<td><input name="confirm" type="password" id="confirm"></td>
</tr>
<tr>
<td>Register</td>
<td><input name="submit" type="submit" class="textBox"
value="Submit"></td>
</tr>
</table>
</form>
Upon confirmation of your details, you will be sent an email
containing your username, password and details on how to activate
your account so as to be able to use this website. </div>
</div>
</body>
</html>
<? } mysql_close($l); ?>
|
Our script starts with the essential first step - i.e. including the connection file
config.php. The rest of the script is then fairly simple, and takes user
submitted data, inserts it into pre-defined variables, and then TRIMs off each
variable to remove any characterless space at either end of the values.
Once these simple variable-handling steps have been performed, the script then
runs through a few basic IF statements to protect the integrity of our data. In
our case, these statements ensure that the email address has an @ and a . in it,
the passwords are the same, the username is not already taken, and no fields are
empty. Then it processes the registration and inserts all the data, including our
newly generated activation key, which is a sha1() hash of a randomly generated
number between 1 and 500 with some random letters added onto the end of it.
Since the table’s column “Activated” has a default value of 0, the user is not
activated until he/she clicks his link with this value in it.
With all these steps complete, the script then sends out the confirmation
e-mail. You must make sure you change some of the details if you directly
use our scripts though - just look for YourWebsite and CHANGETHISURL.COM,
and change them accordingly.
Depending on the data entered, the script will finally display a message from a variety of errors or confirmation messages
reporting any pertinent information (or just a nice big 'thank you' message).
- Tutorial written by Scrowler
| |
TUTORIALS SUBMENU
