 |
| A Complete Membership System |
pages (4): 1 [2] 3 4 |
|
 |
 |
Login Script (login.php)
<?php
session_start();
include 'config.php';
if(isset($_POST['login']))
{
$username = trim(addslashes($_POST['username']));
$password = md5(trim($_POST['password']));
$query = mysql_query("SELECT * FROM Users WHERE Username =
'$username' AND Password = '$password' LIMIT 1") or die(mysql_error());
$row = mysql_fetch_array($query);
// now we check if they are activated
if(mysql_num_rows($query) > 0)
{
if($row['Activated'] > 0)
{
$_SESSION['s_logged_n'] = 'true';
$_SESSION['s_username'] = $username;
$_SESSION['s_name'] = $row['Name'];
header("Location: member.php");
} else {
echo '
<html>
<head>
<title>Login</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="error"><p>Sorry, you must activate your account first.
Please check your email for the email.</p>
<p>Didn'."'".'t get your validation email? <a href="resend.php">Click
here</a> to resend the validation email.</p></div>
</body>
</html>
';
}
} else {
echo '
<html>
<head>
<title>Login</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="error"><p>There was an error processing your login, it
appears that your username and/or password was incorrect. Please try
again.</p>
<p>Didn'."'".'t get your validation email? <a href="resend.php">Click
here</a> to resend the validation email.</p>
</div>
</body>
</html>
';
}
} else {
?>
<html>
<head>
<title>Login</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="wrapper">
<div id="head">the login page</div><br>
<div id="main">
<p>You must login to view this page. Enter your username and
password below and hit submit:</p>
<form method="post" action="<?= $_SERVER['PHP_SELF'] ?>">
<p>Username:<br>
<input name="username" type="text" Cid="username">
<p>Password:<br>
<input name="password" type="password" id="password">
</p>
<p>
<input name="login" type="submit" id="login" value="Submit">
</p>
</form>
<p>Didn't get your validation email? <a href="resend.php">Click
here</a> to resend the validation email.</p>
<p>Need an account? <a href="register.php">Click here</a> to
register, it's completely free! </p>
</div>
</div>
</body>
</html>
<? } mysql_close($l); ?>
|
As you can probably guess, this script utilizes PHP
SESSIONS, so a session is started with the session_start()
command, and then config.php is included as before. We then
check whether the user has submitted the form or not. If they
have, it is processed, login details are checked, and the session
variables are set to confirm that he/she is logged in. If this is not
the case, the user is presented with a nice form instead. Nice and
simple!
Activation Script (activate.php)
Not
many membership systems include activation scripts, but I wanted to show
you how to make yours “unspammable” and this is the easiest way. To put it
simply, the user must
enter a valid e-mail address otherwise he/she will not be able to validate their
account and will not be able to login! Its a nice way to ensure that all your
e-mail addresses are valid. Here’s the code you need:
<?php
include 'config.php';
$id = $_GET['id'];
$query = mysql_query("SELECT * FROM Users WHERE Actkey = '$id' LIMIT
1") or die(mysql_error());
$row = mysql_fetch_array($query);
if(mysql_num_rows($query) > 0){
$user = $row['id'];
$do = mysql_query("UPDATE Users SET Activated = 1 WHERE id = '$user'
LIMIT 1") or die(mysql_error());
$send = mail($row['Email'] , "Activation Confirmation" , "Thank you
for activating your account, you are now fully registered and able
to use our services.\n\nTo login, click the link below:\nhttp://CHANGETHISURL.COM/login.php"
, "FROM: auto@mailer.com");
if(($do)&&($send))
{
echo '<link href="style.css" rel="stylesheet" type="text/css">
<div id="success">
<p>Activation successful! A confirmation email has been dispatched.
You can now login!</p>
<p><a href="login.php">Click here</a> to goto the login page.</p>
</div>';
} else {
echo '<link href="style.css" rel="stylesheet" type="text/css">
<div id="error">
<p>We are sorry, there appears to be an error processing your
activation. Please try again later.</p>
</div>';
}
} else {
echo '<link href="style.css" rel="stylesheet" type="text/css">
<div id="error">
<p>Sorry, your activation code was incorrect. Please try again.</p>
</div>';
}
mysql_close($l);
?>
|
This script takes the header
variable “id” which is (when the script is run properly) a 40 character
sha1() hash of a randomly generated number and some random letters.
There is no need to process individual ID numbers in this script as we
can just search through the database to
find a user with the exact same activation key - the chances of two
users awaiting validation having the same hashed code is infinitesimally
small. Of course, once the appropriate user has been found,
his/her Activated value will be set to 1, thus activating/validating
them. If not, the
user gets an error message.
The most important thing to remember in this script is that you must
edit the mail() function and change the URL to your URL instead of the
text “CHANGETHISURL.COM” - otherwise the user will not know where or how
to login!
That was simple wasn't it? Activation is just
there so that the registration form can’t be spammed, and ensures an
authentic registrant. If
you want to be superior, you could write yourself an administration
panel with a function to delete all unactivated accounts that have been
sitting for X amount of time, because when you register, it logs the
date! This opens up a world of possibility for future modifications!
- Tutorial written by Scrowler
| |  | |  | | Last 5 User Comments | | |
There are no comments for this tutorial yet.
You can place a comment by clicking here. |
|
|
|
|
|
|
Forum Threads
|
|
|
 Deactivate Account
Author: jerinian
Posted: Oct 02nd, 11:16am
Activity: 1 replies, 887 views
|  |  changes....
Author: supertackyman
Posted: Sep 12th, 2:56am
Activity: 2 replies, 1052 views
| |
| | |
