Building your own Myspace.com with PHP Part III: Register and log in with sessions
In this third part of the tutorial we are going to create an important part of the application. We will learn how to register a new user and save this user to the database, when a user is created it should of course be possible for him to log in. We will accomplish the login part by using session variables.
Well lets start with how to register a user. The first thing we will need is some text boxes with html to put in the desired username and password.
This code creates two text boxes that is supposed to hold the username and password, when the form is submitted the contents of the text boxes is forwarded to the file signup.php.
connect(); // Connect to the database
$query = "SELECT * FROM members WHERE username='".$_POST["username"]."'";
$result = $db->query($query);
$result = mysql_num_rows($result);
if($result!="0")
echo "Username already exists!";
else
{
// Create a query that inserts the data from the form to the database
$query = "INSERT INTO members(username,password) VALUES('".$_POST["username"]."','".$_POST["password"]."')";
$result = $db->query($query);
echo "Signed up succesfully you can now log in";
}
}
else
{
echo "Error: No username or password supplied, try again.";
}
}
else
echo "Error: please fill in the signup form";
}
?>
The first thing this file does is to check if we have valid data submitted from the html form we created above we do this using the php functions $_GET and $_POST. Get is used to get variables passed from file to file with php as from our example above (signup.php?submit) we set the variable submit as the forms submit button is pressed. Post is used to get data passed from a form in the example above we get the values of the text boxes where the username and password is written.
When we have made sure we have valid data in these variables we proceed and sets up a connection to the database and trues to select the username from the database. We do this to make sure we don get any duplicate entries. If the username does not exist we can proceed and insert the new data into the database.
The next step is to log in, as mentioned above we will use sessions for this task. First we create a html form like above but instead of calling signup.php we call login.php
connect();
$query = "SELECT * FROM members WHERE username='$username' AND password='$password'";
$result = $db->query($query);
$result = mysql_num_rows($result); // Does the row exists?
if($result!="0"){
// authenication correct lets login
$_SESSION["password"] = $password;;
$_SESSION["username"] = $username;
header("Location: member.php?id=$username");
}
else
{
echo "Wrong username or password. Please try again!";
}
}
?>
This code first checks to see if the username exists if it does it goes on to make sure the password is correct. If everything looks correct it registers two session variables with $_SESSION called username and password and forwards the user to our main page member.php.
Next part: Presentation
Make your session stronger by:
session_start(); // Start the session
// Simple protection of session attacks.
if(!isset($_SESSION['init']))
{
session_regenerate_id();
$_SESSION['init'] = 1;
}
There’s a security hole in the login!
I wrote ‘ as username and – as password and voila – logged in.
You should use mysql_real_escape_string() around the variables
not working for me
made some one can do for me im new to code
Email me If you can help me dksnowdon@googlemail.com
Thanks Dale
I must be missing something i got it to register into the database. But for login and for member.php it just goes to a blank white page so obviously the echo’s arent working. Anyone have any related problems or ideas on how to fix it
I think its hard to understand what i’m going to save the different files as.
Great Tutorial!!!
and for the people having trouble figuring out which file is which, you can always download the files and check
It’s never a good idea to store the password ina session and there should be a need