Member Avatar for lwaterfo

Hello all,
I am a php newbie and I have a small project I need someone to work on (since I am totally frustrated at trying myelf). The project involves displaying a record within a table based on a user the is logged into my site. I also want fields of the record to be displayed in a textbox (if that is at all possible in php). I would also like to develop a function that allows a user to register for my site. Now I have to create the uer name and password myself, but I would like the user to be able to do this themselves.

I am willing to pay top dollars for anyone who can help since I am clueless. Please pm me asap and I will discuss this further...

Thanks.
-l.

  • 4 Contributors
  • 9 Replies
  • 302 Views
  • 9 Months Discussion Span
  • Latest Post Latest Post by veedeoo

Recommended Answers

All 9 Replies

Member Avatar for diafol

You should look at some online tutorials or search for ready made scripts. This is a relatively trivial bit of code.

Member Avatar for lwaterfo

Okay, I found a script on the internet that I think I can use. I have created the three files per the instructions, but when I go to access register.php to test the code via my site, there is a blank page. Can anyone recognize an error in the code for the three files below??

I currently have three files:

register.php:

<?php 
include("db.php"); 
if (isset($_POST['Username']) && isset($_POST['Password']) && isset($_POST['email']))

{ 
//Prevent SQL injections 
$Username = mysql_real_escape_string($_POST['Username']); 
$email = mysql_real_escape_string($_POST['email']); 


//Get MD5 hash of password 
$Password = md5($_POST['Password']); 

//Check to see if username exists 
$sql = mysql_query("SELECT Username FROM contractors WHERE Username = '".$Username."'");
if (mysql_num_rows($sql)>0) 
{ 
die ("Username taken."); 
} 


mysql_query("INSERT INTO contractors (Username, Password, email) VALUES ( '$Username', '$Password', '$Email')") or die (mysql_error()); echo "Account created.";) 

} 
?>

<html></html>
<form action="register.php" method="post">
Username: <input name="Username" type="text" />
Password: <input type="Password" name="Password" />
Email: <input name="email" type="text" />
<input type="submit" value="Submit" />
</form>

db.php:

<?php
session_start ();

mysql_connect("localhost", "xxxxx", "xxxxx");
mysql_select_db("contractors");

function user_login ($Username, $Password) 
{ 
//take the username and prevent SQL injections 
$username = mysql_real_escape_string($username); 
//begin the query 
$sql = mysql_query("SELECT * FROM contractors WHERE Username = '".$Username."' AND Password = '".$Password."' LIMIT 1"); 
//check to see how many rows were returned 
$rows = mysql_num_rows($sql); 
if ($rows<=0 )
{ 
echo "Incorrect username/password"; 
}
else 
{ 
//have them logged in 
$_SESSION['Username'] = $Username; 
} 
}



?>

...and login.php:

<?php
include("db.php"); 
if (isset($_POST['Username'] && isset($_POST['Password'])) 
{     
user_login($_POST['Username'], $_POST['Password']); 
} 
?>
<html></html>
<form action="login.php" method="post">
Username: <input name="username" type="text" />
Password: <input type="password" name="password" />
</form>
Member Avatar for diafol

EEK! I wouldn't use this script as is as the password is not escaped in db.php. In addition a more mature script will have email activation. I assume you need this. If not escape the password in db.php

I've only given this script a cursory glance so they may be other issues with it. You may need a 'remember me' feature and a reCapcha? Have a look at PHPclasses maybe.

Member Avatar for veedeoo

@lwaterfo

Here is the deal, you can unconditionally buy us a cup of starbucks coffee, a gallon will be greatly appreciated..:). I want mine colombian with brown sugar, and no creamer.

  1. Download this script Here.
  2. Unzipped the downloaded zip file.
  3. In the unzipped file, find membersite_config.php and load this file to your editor.

On membersite_config.php, you will find the following codes.

<?PHP
 require_once("./include/fg_membersite.php");

 $fgmembersite = new FGMembersite();

 //Provide your site name here
 $fgmembersite->SetWebsiteName('user11.com');

 //Provide the email address where you want to get notifications
 $fgmembersite->SetAdminEmail('user11@user11.com');

 //Provide your database login details here:
 //hostname, user name, password, database name and table name
 //note that the script will create the table (for example, fgusers in this case)
 //by itself on submitting register.php for the first time
 $fgmembersite->InitDB(/*hostname*/'localhost',
                  /*username*/'root',
                  /*password*/'',
                  /*database name*/'testlogin',
                  /*table name*/'member');

 //For better security. Get a random string from this link: http://tinyurl.com/randstr
 // and put it here
 $fgmembersite->SetRandomKey('qSRcVS6DrTzrPvr');

 ?>
  1. Let's set aside this file loaded in your editor. Direct your browser to your cpanel and login to your account. In the cpanel area, click on mysql database wizard and create a database called testlogin or whatever name you want. Create a user for this database giving it all the priviledges. If you will be running this on your localhost.. create a database testlogin if it does not exist. Otherwise, name it with something else.
  2. After creating the database, edit this part of the script above. DO nOT change the member. This script will automatically create the member table on the very first member registration.

First, we need to define your site's domain name

$fgmembersite->SetWebsiteName('user11.com');

Second, we define your email address this is your site admin email address. where you get all of your notification for newly registered users.

$fgmembersite->SetAdminEmail('user11@user11.com');

Third, we need to provide the connector with your database credentials.

$fgmembersite->InitDB(/*hostname*/'localhost',
                  /*username*/'root',
                  /*password*/'',
                  /*database name*/'testlogin',
                  /*table name*/'member');

  1. Save your changes ..Connect to your server (hosting account), create a new directory called login. Upload the contents of the unzipped directory to the login directory on your server.

  2. Direct your browser to YourDomainDotCom/login/. On this page, you will see a simple menu.. click on the register link, this should take you to the registration page. Register you first user account.. Make sure to provide the script with your acutal email account, otherwise you wont be able to retrieve the confirmation code to validate registration.

    If you will be running this on your locahost. There is a way of going around the confirmation code. Register a new account, as you would register on an online version of the script. Since that localhost will not be able to send an email notification to the outside world, you will get an confirmation email error notification. Just ignore this error. We can still test this script without it. In your localhost, go to your phpmyAdmin, locate the teslogin database, click on the member table, find the your newly registered username, copy the confirmcode value.. this is the md5 confirmation code.

After copying the confirmation code from the member table, direct your browser to localhost/login/confirmreg.php . On this page, paste the confirmation code and hit submit.

another way of bypassing this is to just replace the confirmation code with 'y'.

You should be able to login and logout.. the script comes with a sample access controlled page.

Upon successful installation of this script, we can modify it to your needs. Even to the point where the admin will have a different acess controlled page to moderate members.

Try it and let us know.... don't forget our coffee..( just joking).. Next time, we will extend the class to filter user previledges. e.g. admin, moderator, regular users all that stuff.

We can even create a new class to allow users post their content...BUT first, you need to have a layout of your site's logic.

Edited by veedeoo because: more info added
Member Avatar for RAPIDFIRE0311

I am working on building a .php site and came across this. Dowloaded this file set unpacked from github link above. Followed on the README.md file on their side and above. Couldn't get the email confirm link to work right. I assume I have latest edition so anyone new with this issue here: open fgmembersite.php and change the directory properly as in the structure folder login and didn't come with this...simple fix, overlooked... $confirm_url = $this->GetAbsoluteURLFolder().'/login/confirmreg.php?code='.$confirmcode; then the rest sems to work fine.

I see there is much more to put into this with all source code available. I am trying to create user login that I can make unique to each user and then that user will also be able to upload .jpg files on their end and I would need admin backend to each. Using sessions in each user.

Resources and help on this will be much appreciated.

Member Avatar for veedeoo

Hi,

Using the recommended script above, it can be easily done. It is simple as adding methods in the class.

First, you will need to modify your member's table and add another column. You can name this column as 'privs'.. Upon successful registration, make sure the privs value has been defined. For example, for regular member you can assign a privs value of 001 and 007 for the admin. In fact, you can even add designator for the moderator, contributor and so forth.

Lets assume that we assigned a membership priviliedges as follows admin=007, moderator = 300, regular member = 100.

We can modify the fg_membersite.php by adding the following codes. Add this just right after the closing curly bracket of the method function UserFullName().

###################################################
    ## user privs 
    function UserPrivs()
    {
     $this->userSess = $_SESSION['privs'];
        ## this is for the user privs
        if((isset($_SESSION['privs'])?$_SESSION['privs']:'')&& (isset($_SESSION['name_of_user'])?$_SESSION['name_of_user']:'') ){
         if($this->userSess == 7){
            $this->userType = 700;

        }
        ## moderator
        if($this->userSess == 3){
        $this->userType = 300;

        }
    if($this->userSess == 1){
        $this->userType = 100;

        }

    }
    return $this->userType;
    }

    function ShowUsername(){
        $this->user = $this->UserFullName();
        return $this->user;
    }
    #########################################################################

Scroll down the page and look for the method CheckLoginDB change this method to this

function CheckLoginInDB($username,$password)
    {
        if(!$this->DBLogin())
        {
            $this->HandleError("Database login failed!");
            return false;
        }          
        $username = $this->SanitizeForSQL($username);
        $pwdmd5 = md5($password);
        $qry = "Select name, email,privs from $this->tablename where username='$username' and password='$pwdmd5' and confirmcode='y'";

        $result = mysql_query($qry,$this->connection);

        if(!$result || mysql_num_rows($result) <= 0)
        {
            $this->HandleError("Error logging in. The username or password does not match");
            return false;
        }

        $row = mysql_fetch_assoc($result);


        $_SESSION['name_of_user']  = $row['name'];
        $_SESSION['email_of_user'] = $row['email'];
        $_SESSION['privs']         = $row['privs'];

        return true;
    }

Modify the function CreteTable() method into this

function CreateTable()
    {
        $qry = "Create Table $this->tablename (".
                "id_user INT NOT NULL AUTO_INCREMENT ,".
                "name VARCHAR( 128 ) NOT NULL ,".
                "privs int(11) NOT NULL,".
                "email VARCHAR( 64 ) NOT NULL ,".
                "phone_number VARCHAR( 16 ) NOT NULL ,".
                "username VARCHAR( 16 ) NOT NULL ,".
                "password VARCHAR( 32 ) NOT NULL ,".
                "confirmcode VARCHAR(32) ,".
                "PRIMARY KEY ( id_user )".
                ")";

        if(!mysql_query($qry,$this->connection))
        {
            $this->HandleDBError("Error creating the table \nquery was\n $qry");
            return false;
        }
        return true;
    }

Then on the access-controlled.php you may want to modify it like this to test if the modification is working.

<div id='fg_membersite_content'>
<h2>This is an Access Controlled Page</h2>
This page can be accessed after logging in only. To make more access controlled pages, 
copy paste the code between &lt;?php and ?&gt; to the page and name the page to be php.
<p>
Logged in as: <?= $fgmembersite->UserFullName() ?>
<?php 

$userPrivs = $fgmembersite->UserPrivs();
if($userPrivs == 700){
    echo "<br/>Hello Admin";
}

elseif($userPrivs == 300){
    echo "<br/> Hello Mod";
}

else{

    echo "<br/>You are not an Admin";
} 
echo "<br/>".$_SESSION['privs'];
echo "<br/>User Privs.".$userPrivs;
?>

Lastly, we need to modify the registration processs. I will do this later... something came up and I have to go.....I will look into this thread again to see how is your progress....

Member Avatar for RAPIDFIRE0311

I am caught up to this point-awaiting your conclusion on the above.

Member Avatar for RAPIDFIRE0311

I assume you do not know how to registration processs, as you never followed back on this.

Member Avatar for veedeoo

No, I am waiting for the original poster to respond. If you were following the thread since it was posted, then you should have let us know...

If you are referring to me.. YES, your assumption is correct I have no knowledge how the registration process, and your efforts will be greatly appreciated if you can teach me how... :).

Edited by veedeoo because: info added
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.