Login & Registration form with profile

@rexgenOct 03.2012

hi friends i am new in php and i want to know that how can to make login and registration form with user profile.please let me know if any body know thanks in advance….

~~[email]~~[email protected][/email]

to post a comment

PHP

19 Comments(s) _↴

@patrioticOct 03.2012 — #Simple PHP login:

Create a database (mysqladmin)

Name the table "dbUsers." It will need 4 fields:

Name Type Addition

id int(10) Primary Key, AUTO_INCREMENT

username varchar(16) Unique

password char(16)

email varchar(25)

Create a new file and name it dbConfig.php This will file will connect to the database

[code=php]
  <?
 // Replace the variable values below
 // with your specific database information.
 $host = "localhost";
 $user = "UserName";
 $pass = "Password";
 $db = "dbName";
 // This part sets up the connection to the
 // database (so you don't need to reopen the connection
 // again on the same page).
 $ms = mysql_pconnect($host, $user, $pass);
 if ( !$ms )
 {
 echo "Error connecting to database.n";
 }
 // Then you need to make sure the database you want
 // is selected.
 mysql_select_db($db);
 ?>
 
 [/code]

Registration name this file "register.php"

[code=php]
  <?php
 // dbConfig.php is a file that contains your
 // database connection information. This
 // tutorial assumes a connection is made from
 // this existing file.
 include ("dbConfig.php");
 //Input vaildation and the dbase code
 if ( $_GET["op"] == "reg" )
 {
 $bInputFlag = false;
 foreach ( $_POST as $field )
 {
 if ($field == "")
 {
 $bInputFlag = false;
 }
 else
 {
 $bInputFlag = true;
 }
 }
 // If we had problems with the input, exit with error
 if ($bInputFlag == false)
 {
 die( "Problem with your registration info. "
 ."Please go back and try again.");
 }
 // Fields are clear, add user to database
 // Setup query
 $q = "INSERT INTO dbUsers (username,password,email) "
 ."VALUES ('".$_POST["username"]."', "
 ."PASSWORD('".$_POST["password"]."'), "
 ."'".$_POST["email"]."')";
 // Run query
 $r = mysql_query($q);
 // Make sure query inserted user successfully
 if ( !mysql_insert_id() )
 {
 die("Error: User not added to database.");
 }
 else
 {
 // Redirect to thank you page.
 Header("Location: register.php?op=thanks");
 }
 } // end if
 //The thank you page
 elseif ( $_GET["op"] == "thanks" )
 {
 echo "<h2>Thanks for registering!</h2>";
 }
 //The web form for input ability
 else
 {
 echo "<form action="?op=reg" method="POST">n";
 echo "Username: <input name="username" MAXLENGTH="16">n";
 echo "Password: <input type="password" name="password" MAXLENGTH="16">n";
 echo "Email Address: <input name="email" MAXLENGTH="25">n";
 echo "<input type="submit">n";
 echo "</form>n";
 }
 // EOF
 ?>
 [/code]

[code=php]
  <?php
 session_start();
 // dBase file
 include "dbConfig.php";
 if ($_GET["op"] == "login")
 {
 if (!$_POST["username"] || !$_POST["password"])
 {
 die("You need to provide a username and password.");
 }
 // Create query
 $q = "SELECT * FROM dbUsers "
 ."WHERE username='".$_POST["username"]."' "
 ."AND password=PASSWORD('".$_POST["password"]."') "
 ."LIMIT 1";
 // Run query
 $r = mysql_query($q);
 if ( $obj = @mysql_fetch_object($r) )
 {
 // Login good, create session variables
 $_SESSION["valid_id"] = $obj->id;
 $_SESSION["valid_user"] = $_POST["username"];
 $_SESSION["valid_time"] = time();
 // Redirect to member page
 Header("Location: members.php");
 }
 else
 {
 // Login not successful
 die("Sorry, could not log you in. Wrong login information.");
 }
 }
 else
 {
 //If all went right the Web form appears and users can log in
 echo "<form action="?op=login" method="POST">";
 echo "Username: <input name="username" size="15">";
 echo "Password: <input type="password" name="password" size="8">";
 echo "<input type="submit" value="Login">";
 echo "</form>";
 }
 ?>
 [/code]

Members Area name this file "members.php", and include on pages that are only for registered users

[code=php]
 < ?php
 session_start();
 if (!$_SESSION["valid_user"])
 {
 // User not logged in, redirect to login page
 Header("Location: login.php");
 }
 // Member only content
 // ...
 // ...
 // ...
 // Display Member information
 echo "<p>User ID: " . $_SESSION["valid_id"];
 echo "<p>Username: " . $_SESSION["valid_user"];
 echo "<p>Logged in: " . date("m/d/Y", $_SESSION["valid_time"]);
 // Display logout link
 echo "<p><a href="logout.php">Click here to logout!</a></p>";
 ?>
 
 [/code]

logout name this file "logout.php"

[code=php]    <?php
 session_start();
 session_unset();
 session_destroy();
 // Logged out, return home.
 Header("Location: index.php");
 ?>[/code]

@engrmudasirOct 05.2012 — #To sign up use the following code and action this into your HTML FORM

[code=php]
 <?php
 //=============Configuring Server and Database=======
 $host        =    'localhost';
 $user        =    'root';
 $password    =    'vertrigo';
 //=============Data Base Information=================
 $database    =    'dbsneaker';
 
 $conn        =    mysql_connect($host,$user,$password) or die('Server Information is not Correct'); //Establish Connection with Server
 mysql_select_db($database,$conn) or die('Database Information is not correct');
 
 //===============End Server Configuration============
 
 //=============Starting Registration Script==========
 
 $userName    =    $_POST['txtUser'];
 
 $password    =    $_POST['txtPassword'];
 
 //=============To Encrypt Password===================
 $password    =    md5($password);
 //============New Variable of Password is Now with an Encrypted Value========
 
 if(isset($_POST['btnRegister'])) //===When I will Set the Button to 1 or Press Button to register
 {
 $query    =    "insert into tbladmin(admin_usr_name,admin_pwd)values('$userName','$password')";
 $res    =    mysql_query($query);
 header('location:success_register.php');
 }
 
 ?>
 [/code]

And to login a user

login.php

[code=php]
 //*********Server Information to establish a connection ******
 
 $host = 'localhost'; // Server Host Name
 $user = 'root'; // Server User Name
 $password = 'vertrigo'; // Server Password
 $db = 'dbsneaker'; // Your Database
 
 //=======following function to establish a connection with server========================
 $link = mysql_connect($host,$user,$password) or die('Error in Server information');
 //=============================Select Your Database=======================================
 mysql_select_db($db,$link) or die('Can not Select Databasse');
 
 //***************End Connection Establishment***************************************
 //*******Form Information********
 
 $userName = $_POST['username']; //User Name sent from Form
 $password = $_POST['password']; // Password sent from Form
 
 //*********retrieving data from Database**********
 
 $query = "select * from tbladmin where admin_usr_name='$userName' and admin_pwd='$password'";
 
 $res = mysql_query($query); //Executing query and saving result in Result Set
 
 //************mysql_num_rows is counting num of rows************
 
 $rows = mysql_num_rows($res);
 
 //**********if $userName and $password will match database, The above function will return 1 row
 
 if($rows==1)
 
 //***if the userName and password matches then register a session and redrect user to the Successfull.php
 {
 session_register("userName");
 session_register("password");
 header("location:success.php");
 }
 else
 {
 echo 'Data Does Not Match <br /> Re-Enter UserName and Password';
 }
 
 
 
 ?>
 [/code]

Now for the logout page

logout.php

[code=php]
 <?php
 session_start();
 //*****session_destroy() will destroy the session
 session_destroy();
 
 header("location:login_form.php");
 
 ?>
 [/code]

@mbaldwinOct 06.2012 — #Examples are good for seeing how the basics works, but i would not use them on a live site. The OP should do more research on mysqli or PDO instead of mysql, and validating form inputs. And it is not a good idea to store passwords in a session.

Michael

@qimMar 25.2013 — #Hi

I am brand-new to this business and am at a loss to contact the database at the server. I have a script in the server but it does not work and I believe that part of the problem is that I can't work oput exactlu what is what in database names, usernames, passwords...

If you are still watching this thread I will post my script to see where I have gone wrong. Thank you

I noticed above some code on this:

<?

// Replace the variable values below

// with your specific database information.

$host = "localhost";

$user = "UserName";

$pass = "Password";

$db = "dbName";

// This part sets up the connection to the

// database (so you don't need to reopen the connection

// again on the same page).

$ms = mysql_pconnect($host, $user, $pass);

if ( !$ms )

{

echo "Error connecting to database.n";

}

// Then you need to make sure the database you want

// is selected.

mysql_select_db($db);

?> [/QUOTE]

@qimMar 26.2013 — #Here is the code I have in a folder in public_html and which I call from the browser url. I get ERROR MESSAGE and nothing goes to the database

Could you see what is wrong, please?

<?php

//First, we check if the form was submitted

if(isset($_POST["submit"])) {

try {

//Connect to database with PDO

//Connection Data: "mysql:host=Your host name;dbname=Your database name", "Your database username", "Your database password"

$dbh = new PDO("mysql:host=localhost;dbname=pintotou_agents", "pintotou_camilo", "***********");

}

//Throw error if connection fails

catch (PDOException $e) {

print "Error!: " . $e->getMessage() . "<br/>";

die();

}

//Get the password from your database

//Replace usertable with the table where the users are saved

$query = $dbh->prepare("SELECT password FROM usertable WHERE user = :user");

$query->bindValue(":user", trim($_POST['Username']));

$query->execute();

//Since it should be only 1 password, we safe it into a string variable

$result = $query->fetchColumn();

//if $result is empty, there was no user found

if(empty($result)) {

echo "No user Found";

}

else {

$Password = trim($_POST["Password"]);

if($Password == $result) {
   //Password matches
  }
  else {
   //Password doesn't match 
  }

}

}

else {

echo "ERROR MESSAGE";

}

?>

@qimMar 26.2013 — #I've now tried to make it very simple and enter the code as per the JustHost page

<?php

$dbh=mysql_connect ("localhost", "pintotou_camilo", "********")

or die ('I cannot connect to the database.');

mysql_select_db ("pintotou_agents/");

?>[/QUOTE]

I've played arounf with the passwords and there is only one that does not return errors, but displays a totally white page. I am starting to think that I did not create the database properly. I put in fields to mirror those in the html code for the webpage in question, but added nothing like indexes. Is that important?

Thank you

@Strider64Mar 26.2013 — #I've now tried to make it very simple and enter the code as per the JustHost page

I've played arounf with the passwords and there is only one that does not return errors, but displays a totally white page. I am starting to think that I did not create the database properly. I put in fields to mirror those in the html code for the webpage in question, but added nothing like indexes. Is that important?

Thank you[/QUOTE]

If you are getting a totally white page then you are probably doing it right.

If you want to future proof your code DON'T use mysql, use mysqli or PDO as someone already suggestion. It's up to you though if you do or do not.

?

Here an example on how to connect using mysqli

[code=php]<?php
 $db = new mysqli("$host", "$username", "$password", "$database_name");
 /* check connection */
 if (mysqli_connect_errno()) {
 printf("Connect failed: %sn", mysqli_connect_error());
 exit();
 }[/code]

[CODE]<?php
 $db = new mysqli("$host", "$username", "*****", "$your_database");
 /* check connection */
 if (mysqli_connect_errno()) {
 printf("Connect failed: %sn", mysqli_connect_error());
 exit();
 }[/CODE]

@qimMar 26.2013 — #Thank you. I now got as far as checking my database tables. What I need now is a simple way of entering a couple of fields in a test table, eg username and password entred from html form. I ended up using a different code:

<?php

$db_name = "pintotou_agents";

$open = mysql_connect("localhost", "pintotou_camilo", "*******");

if($open)

echo "1. Successfully connected to MySQL";

echo "</br>";

$db = mysql_select_db($db_name, $open);

if($db)

echo "2. Successfully selected {$db_name} database";

echo "</br>";

$sql = "SHOW TABLES FROM {$db_name}";

$result = mysql_query($sql);

$print = mysql_num_rows($result);

if($result)

echo "3. {$print} tables found in {$db_name}";

?> [/QUOTE]

The test table is called 'users' and I have a couple of html forms which I can use. How can I transfer the content of a couple of fields into the table? I am not worried about security and other issues. This is just to see how it works. latwer I can change things around.

Thank you veruy much

qim

@garysherwoodJul 10.2013 — #hi when i try and register i keep getting (Error: User not added to database.) why would i be getting this

im new when it comes to doing logins and Registration

@garysherwoodJul 10.2013 — #dont worry ive fixed it

@jebrahimpourJul 13.2013 — #Dear all,

I have been an Access database developer. For a while I was away from programming. Now, back, and a friend asked me to make him a multi-user database web-based. It's a simple database to keep and update the information of the employees of his company. About 10 to 15 users should be able to access the database from different locations (from the web) and make new record / update the data. I have a domain (bought from Google) and host too.

Would I be able to make a database just by HTML coding? I read some guide and see to make Forms and Tables by HTML, but where the data will be recorded??

Could you please help me from the first step (a to z)? As I am new to HTML and web based database programming. What should I do? Is it more HTML or CSS??

In Aceess, I make Tables, Queries, and then Forms and Reports. I make some modules (coding) and then in a netwrok database is shared. Users have username and password and can connect, make records, and update in the same time.

How can do such thing in the web??

Thank you very much for your help.

Best Regards,

J.E.

@shampudinJul 26.2013 — #Hi I copied exactly given example. Managed to connect to databse because I managed to register using sample register.php page. BUT login page did not work. It just ignored my query and sending message

Sorry, could not log you in. Wrong login information. I checked in database the info is correct.

Thanks

Simple PHP login:

Create a database (mysqladmin)

Name the table "dbUsers." It will need 4 fields:

Name Type Addition

id int(10) Primary Key, AUTO_INCREMENT

username varchar(16) Unique

password char(16)

email varchar(25)

Create a new file and name it dbConfig.php This will file will connect to the database

[code=php]
  <?
 // Replace the variable values below
 // with your specific database information.
 $host = "localhost";
 $user = "UserName";
 $pass = "Password";
 $db = "dbName";
 // This part sets up the connection to the
 // database (so you don't need to reopen the connection
 // again on the same page).
 $ms = mysql_pconnect($host, $user, $pass);
 if ( !$ms )
 {
 echo "Error connecting to database.n";
 }
 // Then you need to make sure the database you want
 // is selected.
 mysql_select_db($db);
 ?>
 
 [/code]

Registration name this file "register.php"

[code=php]
  <?php
 // dbConfig.php is a file that contains your
 // database connection information. This
 // tutorial assumes a connection is made from
 // this existing file.
 include ("dbConfig.php");
 //Input vaildation and the dbase code
 if ( $_GET["op"] == "reg" )
 {
 $bInputFlag = false;
 foreach ( $_POST as $field )
 {
 if ($field == "")
 {
 $bInputFlag = false;
 }
 else
 {
 $bInputFlag = true;
 }
 }
 // If we had problems with the input, exit with error
 if ($bInputFlag == false)
 {
 die( "Problem with your registration info. "
 ."Please go back and try again.");
 }
 // Fields are clear, add user to database
 // Setup query
 $q = "INSERT INTO dbUsers (username,password,email) "
 ."VALUES ('".$_POST["username"]."', "
 ."PASSWORD('".$_POST["password"]."'), "
 ."'".$_POST["email"]."')";
 // Run query
 $r = mysql_query($q);
 // Make sure query inserted user successfully
 if ( !mysql_insert_id() )
 {
 die("Error: User not added to database.");
 }
 else
 {
 // Redirect to thank you page.
 Header("Location: register.php?op=thanks");
 }
 } // end if
 //The thank you page
 elseif ( $_GET["op"] == "thanks" )
 {
 echo "<h2>Thanks for registering!</h2>";
 }
 //The web form for input ability
 else
 {
 echo "<form action="?op=reg" method="POST">n";
 echo "Username: <input name="username" MAXLENGTH="16">n";
 echo "Password: <input type="password" name="password" MAXLENGTH="16">n";
 echo "Email Address: <input name="email" MAXLENGTH="25">n";
 echo "<input type="submit">n";
 echo "</form>n";
 }
 // EOF
 ?>
 [/code]

[code=php]
  <?php
 session_start();
 // dBase file
 include "dbConfig.php";
 if ($_GET["op"] == "login")
 {
 if (!$_POST["username"] || !$_POST["password"])
 {
 die("You need to provide a username and password.");
 }
 // Create query
 $q = "SELECT * FROM dbUsers "
 ."WHERE username='".$_POST["username"]."' "
 ."AND password=PASSWORD('".$_POST["password"]."') "
 ."LIMIT 1";
 // Run query
 $r = mysql_query($q);
 if ( $obj = @mysql_fetch_object($r) )
 {
 // Login good, create session variables
 $_SESSION["valid_id"] = $obj->id;
 $_SESSION["valid_user"] = $_POST["username"];
 $_SESSION["valid_time"] = time();
 // Redirect to member page
 Header("Location: members.php");
 }
 else
 {
 // Login not successful
 die("Sorry, could not log you in. Wrong login information.");
 }
 }
 else
 {
 //If all went right the Web form appears and users can log in
 echo "<form action="?op=login" method="POST">";
 echo "Username: <input name="username" size="15">";
 echo "Password: <input type="password" name="password" size="8">";
 echo "<input type="submit" value="Login">";
 echo "</form>";
 }
 ?>
 [/code]

Members Area name this file "members.php", and include on pages that are only for registered users

[code=php]
 < ?php
 session_start();
 if (!$_SESSION["valid_user"])
 {
 // User not logged in, redirect to login page
 Header("Location: login.php");
 }
 // Member only content
 // ...
 // ...
 // ...
 // Display Member information
 echo "<p>User ID: " . $_SESSION["valid_id"];
 echo "<p>Username: " . $_SESSION["valid_user"];
 echo "<p>Logged in: " . date("m/d/Y", $_SESSION["valid_time"]);
 // Display logout link
 echo "<p><a href="logout.php">Click here to logout!</a></p>";
 ?>
 
 [/code]

logout name this file "logout.php"

[code=php]    <?php
 session_start();
 session_unset();
 session_destroy();
 // Logged out, return home.
 Header("Location: index.php");
 ?>[/code]

?[/QUOTE]

@rootJul 26.2013 — #IMHO

[code=php]$q = "SELECT * FROM dbUsers "
 ."WHERE username='".$_POST["username"]."' "
 ."AND password=PASSWORD('".$_POST["password"]."') "
 ."LIMIT 1";[/code]

should be

[code=php]$q = sprintf("SELECT * FROM dbUsers "WHERE username='%s' AND password='%s') LIMIT 1;--",mysql_real_escape_string($_POST["username"]),mysql_real_escape_string(PASSWORD($_POST["password"])) );[/code]

you should not use $_POST directly, this is a serious risk of allowing a malicious hack to crack the code and also hack the database.

@shampudinJul 26.2013 — #Sorry, Code still not working after I replace with the new one. I think there is syntax error in the code cause the rest of the code turned red. Please help http://www.webdeveloper.com/forum/images/icons/icon9.png

IMHO

[code=php]$q = "SELECT * FROM dbUsers "
 ."WHERE username='".$_POST["username"]."' "
 ."AND password=PASSWORD('".$_POST["password"]."') "
 ."LIMIT 1";[/code]

should be

[code=php]$q = sprintf("SELECT * FROM dbUsers "WHERE username='%s' AND password='%s') LIMIT 1;--",mysql_real_escape_string($_POST["username"]),mysql_real_escape_string(PASSWORD($_POST["password"])) );[/code]

you should not use $_POST directly, this is a serious risk of allowing a malicious hack to crack the code and also hack the database.[/QUOTE]

@rootJul 28.2013 — #What is the PASSWORD supposed to do in your version as I assumed what I put would work, what about changing where PASSWORD is put

[code=php]$q = sprintf("SELECT * FROM dbUsers "WHERE username='%s' AND 
 password=PASSWORD('%s')) LIMIT 1;--",mysql_real_escape_string($_POST["username"]),
 mysql_real_escape_string($_POST["password"]) ); [/code]

@melhanzJul 29.2013 — #Sir. What is the "op" in your register.php this one [I]elseif ( $_GET["op"] == "thanks" )[/I]?

@melhanzJul 29.2013 — #Can i ask? what is the "op" in the registration? Thanks....

@rootJul 30.2013 — #I would guess that "op" is short for "Operation"

@murtazaaliNov 06.2013 — #Sir it does not working .when it fetch user name and password from db it does not supporting to connect with login

Also in #PHP _↴

Giving Away Tshirts Over Fixed Time PHP Script not shutting down? Or some other bug making it spawn lots of procs Show sub category when user checks on main category

Success!

Help @rexgen spread the word by sharing this article on Twitter...

Tweet This

Login & Registration form with profile

19 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

Login & Registration form with profile

19 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

19 Comments(s) _↴

Also in #PHP _↴