Menu
hi friends i am new in php and i want to know that how can to make login and registration form with user profile.please let me know if any body know thanks in advance….
[email][email protected]
[code=php]
<?
// Replace the variable values below
// with your specific database information.
$host = "localhost";
$user = "UserName";
$pass = "Password";
$db = "dbName";
// This part sets up the connection to the
// database (so you don't need to reopen the connection
// again on the same page).
$ms = mysql_pconnect($host, $user, $pass);
if ( !$ms )
{
echo "Error connecting to database.n";
}
// Then you need to make sure the database you want
// is selected.
mysql_select_db($db);
?>
[/code]
[code=php]
<?php
// dbConfig.php is a file that contains your
// database connection information. This
// tutorial assumes a connection is made from
// this existing file.
include ("dbConfig.php");
//Input vaildation and the dbase code
if ( $_GET["op"] == "reg" )
{
$bInputFlag = false;
foreach ( $_POST as $field )
{
if ($field == "")
{
$bInputFlag = false;
}
else
{
$bInputFlag = true;
}
}
// If we had problems with the input, exit with error
if ($bInputFlag == false)
{
die( "Problem with your registration info. "
."Please go back and try again.");
}
// Fields are clear, add user to database
// Setup query
$q = "INSERT INTO dbUsers
(username
,password
,email
) "
."VALUES ('".$_POST["username"]."', "
."PASSWORD('".$_POST["password"]."'), "
."'".$_POST["email"]."')";
// Run query
$r = mysql_query($q);
// Make sure query inserted user successfully
if ( !mysql_insert_id() )
{
die("Error: User not added to database.");
}
else
{
// Redirect to thank you page.
Header("Location: register.php?op=thanks");
}
} // end if
//The thank you page
elseif ( $_GET["op"] == "thanks" )
{
echo "<h2>Thanks for registering!</h2>";
}
//The web form for input ability
else
{
echo "<form action="?op=reg" method="POST">n";
echo "Username: <input name="username" MAXLENGTH="16">n";
echo "Password: <input type="password" name="password" MAXLENGTH="16">n";
echo "Email Address: <input name="email" MAXLENGTH="25">n";
echo "<input type="submit">n";
echo "</form>n";
}
// EOF
?>
[/code]
[code=php]
<?php
session_start();
// dBase file
include "dbConfig.php";
if ($_GET["op"] == "login")
{
if (!$_POST["username"] || !$_POST["password"])
{
die("You need to provide a username and password.");
}
// Create query
$q = "SELECT * FROM dbUsers
"
."WHERE username
='".$_POST["username"]."' "
."AND password
=PASSWORD('".$_POST["password"]."') "
."LIMIT 1";
// Run query
$r = mysql_query($q);
if ( $obj = @mysql_fetch_object($r) )
{
// Login good, create session variables
$_SESSION["valid_id"] = $obj->id;
$_SESSION["valid_user"] = $_POST["username"];
$_SESSION["valid_time"] = time();
// Redirect to member page
Header("Location: members.php");
}
else
{
// Login not successful
die("Sorry, could not log you in. Wrong login information.");
}
}
else
{
//If all went right the Web form appears and users can log in
echo "<form action="?op=login" method="POST">";
echo "Username: <input name="username" size="15">";
echo "Password: <input type="password" name="password" size="8">";
echo "<input type="submit" value="Login">";
echo "</form>";
}
?>
[/code]
[code=php]
< ?php
session_start();
if (!$_SESSION["valid_user"])
{
// User not logged in, redirect to login page
Header("Location: login.php");
}
// Member only content
// ...
// ...
// ...
// Display Member information
echo "<p>User ID: " . $_SESSION["valid_id"];
echo "<p>Username: " . $_SESSION["valid_user"];
echo "<p>Logged in: " . date("m/d/Y", $_SESSION["valid_time"]);
// Display logout link
echo "<p><a href="logout.php">Click here to logout!</a></p>";
?>
[/code]
[code=php] <?php
session_start();
session_unset();
session_destroy();
// Logged out, return home.
Header("Location: index.php");
?>[/code]
[code=php]
<?php
//=============Configuring Server and Database=======
$host = 'localhost';
$user = 'root';
$password = 'vertrigo';
//=============Data Base Information=================
$database = 'dbsneaker';
$conn = mysql_connect($host,$user,$password) or die('Server Information is not Correct'); //Establish Connection with Server
mysql_select_db($database,$conn) or die('Database Information is not correct');
//===============End Server Configuration============
//=============Starting Registration Script==========
$userName = $_POST['txtUser'];
$password = $_POST['txtPassword'];
//=============To Encrypt Password===================
$password = md5($password);
//============New Variable of Password is Now with an Encrypted Value========
if(isset($_POST['btnRegister'])) //===When I will Set the Button to 1 or Press Button to register
{
$query = "insert into tbladmin(admin_usr_name,admin_pwd)values('$userName','$password')";
$res = mysql_query($query);
header('location:success_register.php');
}
?>
[/code]
[code=php]
//*********Server Information to establish a connection ******
$host = 'localhost'; // Server Host Name
$user = 'root'; // Server User Name
$password = 'vertrigo'; // Server Password
$db = 'dbsneaker'; // Your Database
//=======following function to establish a connection with server========================
$link = mysql_connect($host,$user,$password) or die('Error in Server information');
//=============================Select Your Database=======================================
mysql_select_db($db,$link) or die('Can not Select Databasse');
//***************End Connection Establishment***************************************
//*******Form Information********
$userName = $_POST['username']; //User Name sent from Form
$password = $_POST['password']; // Password sent from Form
//*********retrieving data from Database**********
$query = "select * from tbladmin where admin_usr_name='$userName' and admin_pwd='$password'";
$res = mysql_query($query); //Executing query and saving result in Result Set
//************mysql_num_rows is counting num of rows************
$rows = mysql_num_rows($res);
//**********if $userName and $password will match database, The above function will return 1 row
if($rows==1)
//***if the userName and password matches then register a session and redrect user to the Successfull.php
{
session_register("userName");
session_register("password");
header("location:success.php");
}
else
{
echo 'Data Does Not Match <br /> Re-Enter UserName and Password';
}
?>
[/code]
[code=php]
<?php
session_start();
//*****session_destroy() will destroy the session
session_destroy();
header("location:login_form.php");
?>
[/code]
<?
// Replace the variable values below
// with your specific database information.
$host = "localhost";
$user = "UserName";
$pass = "Password";
$db = "dbName";
// This part sets up the connection to the
// database (so you don't need to reopen the connection
// again on the same page).
$ms = mysql_pconnect($host, $user, $pass);
if ( !$ms )
{
echo "Error connecting to database.n";
}
// Then you need to make sure the database you want
// is selected.
mysql_select_db($db);
?> [/QUOTE]
if($Password == $result) {
//Password matches
}
else {
//Password doesn't match
}
<?php
$dbh=mysql_connect ("localhost", "pintotou_camilo", "********")
or die ('I cannot connect to the database.');
mysql_select_db ("pintotou_agents/");
?>[/QUOTE]
I've now tried to make it very simple and enter the code as per the JustHost page
I've played arounf with the passwords and there is only one that does not return errors, but displays a totally white page. I am starting to think that I did not create the database properly. I put in fields to mirror those in the html code for the webpage in question, but added nothing like indexes. Is that important?
Thank you[/QUOTE]
[code=php]<?php
$db = new mysqli("$host", "$username", "$password", "$database_name");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %sn", mysqli_connect_error());
exit();
}[/code]
[CODE]<?php
$db = new mysqli("$host", "$username", "*****", "$your_database");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %sn", mysqli_connect_error());
exit();
}[/CODE]
<?php
$db_name = "pintotou_agents";
$open = mysql_connect("localhost", "pintotou_camilo", "*******");
if($open)
echo "1. Successfully connected to MySQL";
echo "</br>";
$db = mysql_select_db($db_name, $open);
if($db)
echo "2. Successfully selected {$db_name} database";
echo "</br>";
$sql = "SHOW TABLES FROM"; {$db_name}
$result = mysql_query($sql);
$print = mysql_num_rows($result);
if($result)
echo "3. {$print} tables found in {$db_name}";
?> [/QUOTE]
Simple PHP login:
Create a database (mysqladmin)
Name the table "dbUsers." It will need 4 fields:
Name Type Addition
id int(10) Primary Key, AUTO_INCREMENT
username varchar(16) Unique
password char(16)
email varchar(25)
Create a new file and name it dbConfig.php This will file will connect to the database
[code=php]
<?
// Replace the variable values below
// with your specific database information.
$host = "localhost";
$user = "UserName";
$pass = "Password";
$db = "dbName";
// This part sets up the connection to the
// database (so you don't need to reopen the connection
// again on the same page).
$ms = mysql_pconnect($host, $user, $pass);
if ( !$ms )
{
echo "Error connecting to database.n";
}
// Then you need to make sure the database you want
// is selected.
mysql_select_db($db);
?>
[/code]
Registration name this file "register.php"
[code=php]
<?php
// dbConfig.php is a file that contains your
// database connection information. This
// tutorial assumes a connection is made from
// this existing file.
include ("dbConfig.php");
//Input vaildation and the dbase code
if ( $_GET["op"] == "reg" )
{
$bInputFlag = false;
foreach ( $_POST as $field )
{
if ($field == "")
{
$bInputFlag = false;
}
else
{
$bInputFlag = true;
}
}
// If we had problems with the input, exit with error
if ($bInputFlag == false)
{
die( "Problem with your registration info. "
."Please go back and try again.");
}
// Fields are clear, add user to database
// Setup query
$q = "INSERT INTOdbUsers
(username
,password
,
."VALUES ('".$_POST["username"]."', "
."PASSWORD('".$_POST["password"]."'), "
."'".$_POST["email"]."')";
// Run query
$r = mysql_query($q);
// Make sure query inserted user successfully
if ( !mysql_insert_id() )
{
die("Error: User not added to database.");
}
else
{
// Redirect to thank you page.
Header("Location: register.php?op=thanks");
}
} // end if
//The thank you page
elseif ( $_GET["op"] == "thanks" )
{
echo "<h2>Thanks for registering!</h2>";
}
//The web form for input ability
else
{
echo "<form action="?op=reg" method="POST">n";
echo "Username: <input name="username" MAXLENGTH="16">n";
echo "Password: <input type="password" name="password" MAXLENGTH="16">n";
echo "Email Address: <input name="email" MAXLENGTH="25">n";
echo "<input type="submit">n";
echo "</form>n";
}
// EOF
?>
[/code]
Login name this file "login.php"
[code=php]
<?php
session_start();
// dBase file
include "dbConfig.php";
if ($_GET["op"] == "login")
{
if (!$_POST["username"] || !$_POST["password"])
{
die("You need to provide a username and password.");
}
// Create query
$q = "SELECT * FROMdbUsers
"
."WHEREusername
='".$_POST["username"]."' "
."ANDpassword
=PASSWORD('".$_POST["password"]."') "
."LIMIT 1";
// Run query
$r = mysql_query($q);
if ( $obj = @mysql_fetch_object($r) )
{
// Login good, create session variables
$_SESSION["valid_id"] = $obj->id;
$_SESSION["valid_user"] = $_POST["username"];
$_SESSION["valid_time"] = time();
// Redirect to member page
Header("Location: members.php");
}
else
{
// Login not successful
die("Sorry, could not log you in. Wrong login information.");
}
}
else
{
//If all went right the Web form appears and users can log in
echo "<form action="?op=login" method="POST">";
echo "Username: <input name="username" size="15">";
echo "Password: <input type="password" name="password" size="8">";
echo "<input type="submit" value="Login">";
echo "</form>";
}
?>
[/code]
Members Area name this file "members.php", and include on pages that are only for registered users
[code=php]
< ?php
session_start();
if (!$_SESSION["valid_user"])
{
// User not logged in, redirect to login page
Header("Location: login.php");
}
// Member only content
// ...
// ...
// ...
// Display Member information
echo "<p>User ID: " . $_SESSION["valid_id"];
echo "<p>Username: " . $_SESSION["valid_user"];
echo "<p>Logged in: " . date("m/d/Y", $_SESSION["valid_time"]);
// Display logout link
echo "<p><a href="logout.php">Click here to logout!</a></p>";
?>
[/code]
logout name this file "logout.php"
[code=php] <?php
session_start();
session_unset();
session_destroy();
// Logged out, return home.
Header("Location: index.php");
?>[/code]
?[/QUOTE]
[code=php]$q = "SELECT * FROM dbUsers
"
."WHERE username
='".$_POST["username"]."' "
."AND password
=PASSWORD('".$_POST["password"]."') "
."LIMIT 1";[/code]
[code=php]$q = sprintf("SELECT * FROM dbUsers
"WHERE username
='%s' AND password
='%s') LIMIT 1;--",mysql_real_escape_string($_POST["username"]),mysql_real_escape_string(PASSWORD($_POST["password"])) );[/code]
IMHO
[code=php]$q = "SELECT * FROM
dbUsers
"
."WHEREusername
='".$_POST["username"]."' "
."ANDpassword
=PASSWORD('".$_POST["password"]."') "
."LIMIT 1";[/code]
should be
[code=php]$q = sprintf("SELECT * FROM
dbUsers
"WHEREusername
='%s' ANDpassword
='%s') LIMIT 1;--",mysql_real_escape_string($_POST["username"]),mysql_real_escape_string(PASSWORD($_POST["password"])) );[/code]
you should not use $_POST directly, this is a serious risk of allowing a malicious hack to crack the code and also hack the database.[/QUOTE]
[code=php]$q = sprintf("SELECT * FROM dbUsers
"WHERE username
='%s' AND
password
=PASSWORD('%s')) LIMIT 1;--",mysql_real_escape_string($_POST["username"]),
mysql_real_escape_string($_POST["password"]) ); [/code]
0.1.9 — BETA 5.5