PHP - How To Create A User Management System
Hi Guys,
have you got an idea how I can create a user management system with login and pw, please? I tried the below, but when I click on the "ADD NEW USER" button nothing happens <div> <fieldset> <legend>USER DETAILS</legend> <table> <tr> <td align="right"><a title='NAME' href='user_edit.php?id=1'>NAME</a></td> <td> <input class="norm" type="text" name="name" id="name" /></div> </td> <td align="right"><a title='SURNAME' href='user_edit.php?id=2'>SURNAME</a></td> <td> <input class="norm" type="text" name="surname" id="surname" /></div> </td> </tr> <tr> <td align="right"><a title='E-MAIL ADDRESS' href='user_edit.php?id=3'>E-MAIL ADDRESS</a></td> <td colspan="4"> <input class="norm" type="text" size="57" name="e-mail" id="e-mail" /></div> </td> </tr> <tr> <td align="right"><a title='LOGIN' href='user_edit.php?id=4'>LOGIN</a></td> <td> <input type="text" name="login" id="login" /></div> </td> <td align="right"><a title='PASSWORD' href='user_edit.php?id=5'>PASSWORD</a></td> <td> <input class="norm" type="text" name="password" id="password" /></div> </td> </tr> </table> </fieldset> </div> <br /> <div> <fieldset> <input type='submit' name='delete' value='DELETE USER' onclick='confirm("ARE YOU SURE?");'/> <input type='submit' name='add' value='ADD NEW USER'/> </fieldset> </div> cheers, ozzo Similar TutorialsOkay, well for a site i want to make a user managment system. but i have no idea how to. ive already got the part where you type the user that you want to manage. Code: [Select] <?php /* Copyright (C) 2009 Murad <Murawd> Josh L. <Josho192837> This program is free softwa you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ // Must rewrite ?> <fieldset> <legend> Manage User </legend> <table border='0' style="height:100%;width:570px;border:solid 1px #BBB"> <tr class="navtitle" style="height:25px"> <th style="width:auto">Manage A User</th> </tr> <tr> <td align="center" class="tdbox"> Search for the profile name you wish to manage. </td> </tr> <tr> <td align="center"> <form method="post" action=''> <input type="text" name="name" /> <input type="submit" name="search" value="Search" /> </form> </td> </tr> <tr style="height:25px"> <td class="tdbox"> <span style="float:left"> <a href="?cype=admin">Back To Administration Control Panel</a> </span> </td> </tr> </table> </fieldset> But thats just to find the user you want to edit, i want to make it so i can edit there name, how much money and such they have. instead of going into the db. so if you could help or if you need more info just ask. i dont really no much to put up here. Hi all, I'm starting an new project where I'm making an Incident Management System and right from the start I don't know what to do. Could anyone get me on my way. I need to make a script where if I open a new incident the new page opens and automatically gets a new Incident number. This number is offcourse 1 number higher every time you make a incident. I thought about make a column with autoincremetn and then query the highest number. Problem with that is when you open a page at multiple computers at the same time they get the same number. Does anyone have an idea? Ryflex I'm going to MAKE this task very simple for you. I am just not that experienced with php yet to conquer this specific task. Let me get you started with some examples of how easy the client side of this is. Copy and paste this and run it as index.php on your dev server: <script src="http://code.interactjs.io/interact-1.2.2.min.js"></script> <script> function qs(expr){return document.querySelector(expr)} </script> <style> .fadeIn{animation-name:fadeIn;-webkit-animation-name:fadeIn;animation-duration:.7s;-webkit-animation-duration:.7s;animation-timing-function:ease-in-out;-webkit-animation-timing-function:ease-in-out;visibility:visible!important}@keyframes fadeIn{0%{transform:scale(0);opacity:0}60%{transform:scale(1.1)}100%{transform:scale(1);opacity:1}}@-webkit-keyframes fadeIn{0%{-webkit-transform:scale(0);opacity:0}60%{-webkit-transform:scale(1.1)}100%{-webkit-transform:scale(1);opacity:1}} .InventoryTest{ border:1px solid #D3D3D3;border-bottom:0;width:24px;height:24px;float:left;padding:3px;border-right:0; } .itemdrag{position:relative;z-index:1} .InventoryTest:nth-child(9n+9){ border-right:1px solid #D3D3D3 } .InventoryTest:nth-last-child(-n+9){ border-bottom:1px solid #D3D3D3; } .itemdrag{position:relative;z-index:1} </style> <?php error_reporting(E_ERROR); //Display 63 boxes (Fits with the css nth-child tags to look pretty! lol) for($i = 1; $i < 64; $i++){ if ($i == 1){ // Slot positions 1 Dimensions: 3x3 (lengthXwidth) $item1 = '<div class="itemdrag" item_id='.$i.' data-cslot='.$i.'><img src=http://i.imgur.com/3azYLNf.png></div>'; }elseif($i==4){ // Slot position 2 Dimensions 2x1 lengthXwidth) $item1 = '<div class="itemdrag" item_id='.$i.' data-cslot='.$i.'><img src=http://i.imgur.com/l3y0W7d.png></div>'; }else{$item1 = '';} $inventoryboxes .= '<div class="InventoryTest" data-slot='.$i.'>'.$item1.'</div>'; } ?> <div style="width:300px"> <?php echo $inventoryboxes ?> </div> <script> // target elements with the "draggable" class interact('.itemdrag') .draggable({ // enable inertial throwing inertia: true, onstart: function (event) { }, // call this function on every dragmove event onmove: function (event) { var target = event.target, // keep the dragged position in the data-x/data-y attributes x = (parseFloat(target.getAttribute('data-x')) || 0) + event.dx, y = (parseFloat(target.getAttribute('data-y')) || 0) + event.dy; // translate the element target.style.position = "relative"; target.style.zIndex="2500"; target.style.webkitTransform = target.style.transform ='translate(' + x + 'px, ' + y + 'px)'; // update the posiion attributes target.setAttribute('data-x', x); target.setAttribute('data-y', y); }, // call this function on every dragend event onend: function (event) { var target = event.target; target.removeAttribute("style"); target.removeAttribute("data-x"); target.removeAttribute("data-y"); } }); interact('.InventoryTest').dropzone({ // only accept elements matching this CSS selector accept: '.itemdrag', // Require a 75% element overlap for a drop to be possible overlap: 0.40, // listen for drop related events: ondropactivate: function (event) { var draggableid = event.relatedTarget; // add active dropzone feedback // Is this and item that can be equipped? if (event.relatedTarget.getAttribute('item-type') != "Misc"){ //qs('#shadow'+draggableid.getAttribute('item-type')+'').style.display='none'; } event.target.classList.add('drop-ACCEPT'); }, ondragenter: function (event) { var draggableElement = event.relatedTarget, dropzoneElement = event.target; // feedback the possibility of a drop dropzoneElement.classList.add('drop-target'); draggableElement.classList.add('can-drop'); //draggableElement.textContent = 'Dragged in'; }, ondragleave: function (event) { // remove the drop feedback style event.target.classList.remove('drop-target'); event.relatedTarget.classList.remove('can-drop'); //event.relatedTarget.textContent = 'Dragged out'; }, ondrop: function (event) { var dragid = event.relatedTarget; if (event.target.hasChildNodes()) { //console.log(event.target.childNodes[1]); return; } var slotp = event.target.getAttribute("data-slot"); var slotp2 = event.relatedTarget.getAttribute("data-cslot"); var shadowid = qs('#shadow'+dragid.getAttribute('item-type')+''); var item_id = event.relatedTarget.getAttribute("item_id"); // <-- The one being dragged //We need to show the shadow gear again. (shadowid) ? shadowid.style.display='inline-block': ''; qs('[data-slot="'+slotp2+'"]').innerHTML=''; qs('[data-slot="'+slotp+'"]').appendChild(event.relatedTarget); event.target.childNodes[0].setAttribute("data-cslot", slotp); //We do our ajax functions here, just log the information for now: console.log(" item_id="+item_id+"&slot_go="+slotp+" "); event.relatedTarget.className += ' fadeIn'; //console.log(event.relatedTarget); //console.log(event.target); //event.relatedTarget.textContent = 'Dropped'; }, ondropdeactivate: function (event) { // remove active dropzone feedback event.target.classList.remove('drop-ACCEPT'); event.target.classList.remove('drop-target'); } }); </script>Now, go there and drag and move the belt around in the inventory. They should update accordingly. Example: Press F12 and check your console. You should see upon each item being moved, it's logging their slot it was moved. What I need? I need this where items CANNOT overlap each other in the inventory. The items need to be piped from mysql and positioned to the appropriate position in the inventory. You need to be experienced in Javascript and PHP for this. InteractJS because if you check the example above, the armor is being dragged, but you cannot drop it on anything because interactjs doesn't know it's that big. If you look at Diablo 2's inventory system, and Path of Exile's or Diablo 3's, you can get an idea of what I'm looking for. Let me know if you're interested in this and what price. There is a field in my rpg_user_items table called slot_position and slot_size. slot_size represents the widthxheight of the item. (in this example and code above, it's 3x3 (armor) and 2x1 (belt). Edited by Monkuar, 24 January 2015 - 08:39 PM. Hey, all! I posted a thread before about a content management system for my news, and so far the php script works fine. I would like to add additional features to this system, though, and was wondering if anyone could help. Here's the code for all the files needed for the news content management system to work... 1.) First, is the mysql table, called "mynews" with the fields: "id" - primary key; auto-increment. "title" - the title of the news article. "user" - the person who posted the article (would be me in all cases) "message" - the body of the article; this would contain the actual news. "url" - the url to the full article. "time" - time and date the article was posted, or added to database. "type" - the type of news, like 'update', or 'random'. 2.) Next, is the code to connect to the database in mysql, called "dbconnect.php": Code: [Select] <?php $username = "your username"; //your username $password = "your password"; //your password $host = "your hostname"; //your mySQL server $database = "your database name"; //The name of the database your table is in mysql_connect($host,$username,$password) or die("Error connecting to Database!<br>" . mysql_error()); //connect, but if there is a problem, display an error message telling why there is a problem mysql_select_db($database) or die("Cannot select database!<br>" . mysql_error()); //Choose the database from your mySQL server, but if there is a problem, display an error telling why ?> 3.) Third, is the forms for posting new articles, called "postnews.php": Code: [Select] <form action="process.php" method="post" id="news"> <h1>Post New Article</h1> <p>Please fill out all of the following fields:</p> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="cmsNewsformText">Type*:</td> <td><font size="1"> <input name="type" type="text" class="cmsNewforms" size="50" /> </font></td> </tr> <tr> <td class="cmsNewsformText">News Topic/Title*: </td> <td><font size="1"> <input name="title" type="text" class="cmsNewforms" value="enter title of article" size="50" /> </font></td> </tr> <tr> <td class="cmsNewsformText">Username*:</td> <td><font size="1"> <input name="user" type="text" class="cmsNewforms" value="enter username" size="50" /> </font></td> </tr> <tr> <td class="cmsNewsformText">Url*:</td> <td><font size="1"> <input name="url" type="text" class="cmsNewforms" value="enter url of news article" size="50" /> </font></td> </tr> <tr> <td class="cmsNewsformText">Message*:</td> <td><font size="1"> <textarea name="message" cols="43" rows="10" class="cmsNewforms">enter body of article </textarea> </font></td> </tr> </table> <p> <font size="1"> <input name="Submit" type="submit" class="Button1" value="Submit" /> </font> </p> </form> 4.) Fourth, is process.php. This script sends the data entered by the administrator (me) on "postnews.php" to the database, and displays a message saying that the information was sent successfully. Code: [Select] <?php $user=$_POST['user']; $title=$_POST['title']; $message=$_POST['message']; $type=$_POST['type']; $url=$_POST['url']; mysql_connect("your hostname", "your database name", "your password") or die(mysql_error()); mysql_select_db("cmsnewsacp") or die(mysql_error()); $sql = sprintf("INSERT INTO mynews (user, title, message, type, url) VALUES ('%s', '%s', '%s', '%s', '%s')", mysql_real_escape_string($user), mysql_real_escape_string($title), mysql_real_escape_string($message), mysql_real_escape_string($type), mysql_real_escape_string($url)); $result = mysql_query($sql); Print "The article has successfully been posted"; ?> 5.) And lastly, here's the script for displaying the news on the home page: Code: [Select] <? include("dbconnect.php"); //include the file to connect to the database $getnews = mysql_query("SELECT * FROM mynews ORDER BY id DESC"); //query the database for all of the news while($r=mysql_fetch_array($getnews)){ //while there are rows in the table extract($r); //remove the $r so its just $variable echo(" <span class=NewsID>$type</span> <span class=h2>$title</span><br><br> <em>posted by <strong>$user</strong> on $time</em><br> <span class$message<br><br /> <font color=0099FF><a href=$url>Read more - $url</a></font><br><br><p>"); } ?> Now that you've got all the code, let's take a look back at the table "mynews" with its fields. See "url"? This variable would contain the url I type in the forms on "postnews.php" and would be called to form a "Read more" link at the end of each article displayed on the home page. The question I have here, is how can I modify this script to where everytime a new 'article' is added to the database, a new page is created with the article and the url I specified? Also, I want to limit the amount of characters of the article, so that it'll only display a little bit on the home page, with a "read more" link that takes them to that page. Now last but not least, how in the bloody fudge do I script pagination into this script? I've made a site for a client and they like it. They asked me who does the updates me or them? So I know they want to make the updates themselves. Do anyone know the best place I can learn how to create a CMS? I would prefer video tutorials. Thanks. I really need some serious help with the design of a PIN (Personal Identification Number) Management System. When a user (with ID) logs in with the PIN (which already exist in my database), i want the system to assign that PIN to that user (ID) alone. No other user (ID) can access that PIN, the PIN is only assigned to that User (ID). I need the PHP codes, MySQL database tables, and some lil' explanation. Thanks. I was wondering if there's any common method for user management. I'm not talking about basic stuff like DB management stuff I'm talking about registering new users with captcha, validating email addresses, password resets, etc. I can work all this stuff out by hand but it seems rather large and very repetitious so I was wondering if there's guides out there to develop this or a common script? I am working on an application and part of the requirements is to restrict the number of users that can log in based on a license. So on install, I will provide a license that allows for 10 user accounts to be created.
If the client requires 50, a different license will be provided that allows 50.
Regards I am looking for a Script 1- which has a new user registeration and lhe can log to the site after "ADMIN APROVAL" 2- Multiple levles ie, user had multiple levles under which he can register on registration page ( Paid,Trial or Free) and after aproval of their registration by admin they r redirected to thier respective area ie free page, paid page or Trial page Thnks to all Seniour for Earilier help Hello users: I am exploring the delightful world of PHP for web applications. I am in the stage where I need to use SESSIONS and COOKIES and MYSQL for a user/membership/profile structure. I understand most of the grammar behind PHP and am excited to apply this in application. I am searching for recommendations and comments about using: 1. COOKIES 2. SESSIONS 3. MYSQL/SQL Almost every website has an authentication mechanism, profile, and use information. My website required this similar structure, but I have been having some problems completing all of the technical steps for production. If anyone has code samples or places where I can review code on this topic, that would be wonderful. I am specifically searching for more advanced topics in these area for general robustness. Please kindly send me a message or respond to this post. Regards, Diamond Edited by Diamond, 30 December 2014 - 04:27 PM. Well so far i've found myself in a hole on a few different methods, basically my system is sold with a key. The issue i am having is, everyone that is purchasing the software uses free hosting, basically no PHP Curl allowed, and no file_get_contents with urls allowed. Now, i thought i had it and i was happy for a day. until i moved it to a different server just to find Javascript was not my answer by getting content from an iframe due to security issues its not allowed...yay.. So is there any other way i can get around this? i mean there are tons of scripts out there with key systems set, so if the key is changed on the users site or the website url is not the same as the installed url. then it blanks the website to text. Everything works fine, the functions are 100% go. i just can't get content from a url if the hosts won't allow it. there needs to be some other way this has to be possible? PHPCurl, is a no go, 80% free hosts block this. file_get_contents won't work if you place url's in majority of the free webservers. [stuck] Here's what I'm trying to do. 1. A user creates a calendar that shows which dates he's available. This calendar could showcase availability for up to a year. 2. Other users can do a search for a user that's available on a set date. For e.g. July 1st. 3. All the users available on July 1st will show up in the search results.
There is no booking for appointments involved. It simply needs to show the users available on set dates. I am wondering what's the best way to create this calendar feature? Hi I was curious as to if you guys could possibly point me in the right direction so I can learn what is needed in order to implement a system on my website that allows users to login and then I could make only certain users have access to certain pages and etc, I don't have any mysql knowledge at all and I'm pretty sure I'm going to need to know that so if anyone could point me in the right direction and put me on on the right track to learning this or a guide I could go off of and see how everything works, I appreciate it. Thanks! CLUEL3SS I'm trying to teach myself how to use functions and includes in my scripts. As an exercise I am trying to create a registration system that I can re-use on other future projects. I have my main register.php page as follows: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type" /> <title>Register</title> </head> <body> <?php ini_set('display_errors', 1); ini_set('log_errors', 1); ini_set('error_log', dirname(__FILE__) . '/error_log.txt'); error_reporting(E_ALL); // Check to see if query string is set, if not pass empty array to function. if((!isset($_GET['success'])) && (!isset($_GET['active'])) && (!isset($_GET['valid']))) { include ('registerform.php'); $invalidcode = array(); regform($invalidcode); } //If success is set, use value to determine response if(isset($_GET['success'])) { if($_GET['success'] == "false") { echo "There has been an error with your registration. You will be redirected to the registration page in 5 SECONDS."; echo "<meta http-equiv=refresh content =\"5; URL=index.php\">"; } if($_GET['success'] == "true") { echo "Thanks for registering. An activation email has been sent to your registered email address.<br />"; echo "Please check you email and follow the activation link contained within it."; } } //if active is set, determine response (note: code to be added here in future) if(isset($_GET['active'])) { if($_GET['active'] == "true") { echo "Thank you for activating this account.<br />"; echo "You may now return to the home page and login!"; } } //if valid is set there was a problem with the form validation. //get valid from query string, convert back to an array and pass array to the form display script if(isset($_GET['valid'])) { $invalidcode = $_GET['valid']; $invalidcode = unserialize(urldecode($invalidcode)); include ('registerform.php'); regform($invalidcode); } ?> </body> </html> When the page loads it first checks for any variables passed in the url to determine action. Heres the code for the function regform(): <?php function regform($errors) { //set variables to initial value to prevent undefined variable error $errors0 = 0; $errors1 = 0; $errors2 = 0; $errors3 = 0; $errors4 = 0; $errors5 = 0; $errors6 = 0; $errors7 = 0; //check to make sure the array that was passed was not empty //from my validation script the errors are in matching order to the display on this page. //I have only prepared 2 errors for this inital testing, there will be one for each field on the form. $i = count($errors); if($i > 0){ $errors0 = $errors[0]; $errors1 = $errors[1]; //$errors2 = $errors[2]; //$errors3 = $errors[3]; //$errors4 = $errors[4]; //$errors5 = $errors[5]; //$errors6 = $errors[6]; //$errors7 = $errors[7]; } echo "<form id='register' name='register' method='post' action='doreg.php' >"; echo "<table>"; //if the variable = 1 there was an error validating the field in the validate script if($errors0 == 1){ echo "<tr><td><font color='red'>First Name</font></td><td><input type='text' name='firstname' /></td><tr>"; } else { echo "<tr><td>First Name</td><td><input type='text' name='firstname' /></td><tr>"; } if($errors1 == 1){ echo "<tr><td><font color='red'>Last Name</font></td><td><input type='text' name='lastname' /></td><tr>"; } else { echo "<tr><td>Last Name</td><td><input type='text' name='lastname' /></td><tr>"; } //additional errors to be added, as per abov,e for the code below echo "<tr><td>Email Address</td><td><input type='text' name='email' /></td><tr>"; echo "<tr><td>Password</td><td><input type='password' name='password1' /></td><tr>"; echo "<tr><td>Confirm Password</td><td><input type='password' name='password2' /></td><tr>"; echo "<tr><td></td><td></td><tr>"; echo "<tr><td>Accept Terms?</td><td><input type='checkbox' name='accept' /></td><tr>"; echo "<tr><td>Security String</td><td><input type='text' name='secstring' /></td><tr>"; echo "<tr><td></td><td><input type='submit' name='submit' value='submit' /></td><tr>"; echo "<tr><td></td><td><input type='hidden' name='form_submit' value='1' /></td><tr>"; echo "</table>"; echo "</form>"; } ?> So the form takes the array ?valid passed to the register page and determines which fields had a validation error and highlights them red. (I'll modify this highlighting to be what ever I need later...just testing my logic ) The form then calls doreg.php on submit. This will firstly run the validate script, then perform DB actions if all ok, else it will return to register with the error array passed in a query string: <?php if($_POST['form_submit'] == 1) { include ('validate.php'); //the validate script returns $errorarray. Need to figure out better way to test values to determine if any error flags are set if(($errorarray[0]!=0) or ($errorarray[1]!=0) or ($errorarray[2]!=0)) { $errorarray = urlencode(serialize($errorarray)); echo "<meta http-equiv=refresh content=\"0; URL=register.php?valid=$errorarray\">" ; } echo "<meta http-equiv=refresh content=\"0; URL=register.php?success=true\">"; } ?> php] And finally there is the actual validation script. I was hoping to be able to use this for all form validations across the site. I'll just add if(isset) for the various form fields and make sure I standardize my field names across my sites forms. [php] <?php $errorarray = array(); if($_POST['firstname'] == "") { $errorarray[0] = 1; } else {$errorarray[0] = 0; } if($_POST['lastname'] == "") { $errorarray[1] = 1; } else {$errorarray[1] = 0; } if($_POST['email'] == "") { $errorarray[2] = 1; } else {$errorarray[2] = 0; } return $errorarray; ?> For this example I have just done simple empty string checks. I'd really appreciate any advice on the code I've written to date. Im quite sure there are more elegant ways to achieve what these scripts do and I would greatfully accept any feedback. (Be gentle...I'm new ) Thanks Hi guys, I am thinking of create an free email system by sending an messages using with a username. Would I have to store the messages via in mysql? If I can do that, then I just curious that how would a user delete their messages if their messages is display on php page? What method would I have to use? I'm trying to make a simple but secure login/user registration for this site I'm building. I'm new to php, so I followed some tutorials from www.newthinktank.com. http://www.newthinktank.com/2011/01/php-security-pt-2/ http://www.newthinktank.com/2011/01/php-security-pt-4-set-up-captcha// http://www.newthinktank.com/2011/01/web-design-and-programming-pt-21-secure-login-script/ But I'm having a couple of problems. On the registration.php file, whenever I type in wrong information, the validation error messages don't display and also whenever I click the submit button, the form doesn't do anything. It doesn't insert information into my database. It just shows the empty form. On my login.php file, again the validation errors don't display and I can't tell if I'm logged in or not. The form redirects to my index page, but the user box that shows the different menus depending on whether or not someone is logged in stays in guest mode. I don't get any php error messages on either file. Here's my code: register.php file: Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled</title> <link href="_css/page_layout.css" rel="stylesheet" type="text/css" /> <link href="_css/page_text.css" rel="stylesheet" type="text/css" /> <link href="_css/sidebarLeft.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="wrapper"> <?php include('_includes/template/header.php'); ?> <?php include('_includes/template/nav.php'); ?> <?php include('_includes/template/sidebar_left.php'); ?> <div id="mainContent"> <div class="content"> <?php require_once('_includes/connectvars.php'); if (isset($_POST['submitted'])) { if (preg_match ('%^[A-Za-z\.\' \-]{2,20}$%', stripslashes(trim($_POST['first_name'])))) { $firstname = escape_data($_POST['first_name']); } else { $firstname = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid first name!</font></p>'; } if (preg_match ('%^[A-Za-z\.\' \-]{2,40}$%', stripslashes(trim($_POST['last_name'])))) { $lastname = escape_data($_POST['last_name']); } else { $lastname = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid last name!</font></p>'; } if (preg_match ('%^(0?[1-9]|[12][0-9]|3[01])[-/. ](0?[1-9]|1[0-2])[-/.](19|20)\d{2}$%', stripslashes(trim($_POST['birth_date'])))) { $birthdate = escape_data($_POST['birth_date']); } else { $birthdate = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid date of birth!</font></p>'; } $gender = escape_data($_POST['gender']); if (preg_match ('%^[0-9]{5}$%', stripslashes(trim($_POST['zip_code'])))) { $zipcode = escape_data($_POST['zip_code']); } else { $zipcode = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid 5 digit zip code!</font></p>'; } if (preg_match ('%^[A-Za-z0-9._\%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$%', stripslashes(trim($_POST['email'])))) { $email = escape_data($_POST['email']); } else { $email = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid email address!</font></p>'; } if (preg_match ('%^[a-z\d_]{2,20}$%', stripslashes(trim($_POST['username'])))) { $username = escape_data($_POST['username']); } else { $username = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid username!</font></p>'; } if (preg_match ('%\A(?=[-_a-zA-Z0-9]*?[A-Z])(?=[-_a-zA-Z0-9]*?[a-z])(?=[-_a-zA-Z0-9]*?[0-9])\S{6,}\z%', stripslashes(trim($_POST['password1'])))) { if (($_POST['password1'] == $_POST['password2']) && ($_POST['password1'] != $_POST['username'])) { $password = escape_data($_POST['password1']); } elseif ($_POST['password1'] == $_POST['username']) { $password = FALSE; echo '<p><font color="red" size="+1″>Your password cannot be the same as the username!</font></p>'; } else { $password = FALSE; echo '<p><font color="red" size="+1″>Your password did not match the confirmed password!</font></p>'; } } else { $password = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid password!</font></p>'; } $captchchk = 1; require_once('_includes/recaptchalib.php'); $privatekey = "My private key goes here...i know"; $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { echo '<p><font color="red" size="+1″>The CAPTCHA Code wasn\'t entered correctly! </font></p>'; $captchchk = 0; } if ($firstname && $lastname && $birthdate && $gender && $zipcode && $email && $username && $password) { $query = "SELECT user_id FROM users WHERE username='$username'"; $result = mysql_query($query) or trigger_error("Sorry, that username is taken"); if(mysql_num_rows($result) == 0) { $a = md5(uniqid(rand(), true)); $query = "INSERT INTO users(zip_code, username, first_name, password, activation_code, join_date, last_name, gender, birth_date, email) VALUES ('$zipcode', '$username', '$firstname', SHA('$password'), '$a', NOW(), '$lastname', '$gender', '$birthdate', '$email')"; $result = mysql_query($query) or trigger_error("Sorry an error happened"); if(mysql_affected_rows() == 1) { $body = "Thanks for registering. Activate account by clicking this link: <br />"; $body .= "http://localhost/activate.php?x=" . mysql_insert_id() . "&y=$activationcode"; mail($email, 'Registration Confirmation', '$body', 'From: admin@mysite.com'); echo '<br /><br /><h1>Thank you for registering! A confirmation email has been sent to your address. Please click on the link in that email in order to activate your account.</h1>'; } exit(); } else { echo '<p><font color="red" size="+1″>You could not be registered due to a system error. We apologize for any inconvenience.</font></p>'; } } else { echo '<p><font color="red" size="+1″>That email address has already been registered. If you have forgotten your password, use the link to have your password sent to you.</font></p>'; } mysql_close(); } ?> <h1>Register</h1> <br /> <p>Please fill out the form below. All fields required.</p> <br /> <center><form action="register.php" method="POST" id="regform"> <table width="550" border="0"> <tr> <td width="200"><p>First Name:</p></td> <td width="200"><label for="first_name"></label> <input name="first_name" type="text" id="first_name" maxlength="20" value="<?php if (isset($_POST['first_name'])) echo $_POST['first_name']; ?>"/></td> <td width="200"> </td> </tr> <tr> <td><p>Last Name:</p></td> <td><label for="last_name"></label> <input name="last_name" type="text" id="last_name" maxlength="45" value="<?php if (isset($_POST['last_name'])) echo $_POST['last_name']; ?>"/></td> <td> </td> </tr> <tr> <td><p>Birthdate:</p></td> <td><label for="birth_date"></label> <input name="birth_date" type="text" id="birth_date" maxlength="10" value="<?php if (isset($_POST['birth_date'])) echo $_POST['birth_date']; ?>"/></td> <td><p>(Format: MM/DD/YYYY)</p></td> </tr> <tr> <td><p>Gender</p></td> <td><p> <label> <input type="radio" name="gender" value="F" id="gender_0" /> F </label> <label> <input type="radio" name="gender" value="M" id="gender_1" /> M </label> <input name="gender" type="hidden" value="" /> <br /> </p></td> <td> </td> </tr> <tr> <td><p>Zip Code</p></td> <td><label for="zip_code"></label> <input name="zip_code" type="text" id="zip_code" maxlength="5" value="<?php if (isset($_POST['zip_code'])) echo $_POST['zip_code']; ?>"/></td> <td> </td> </tr> <tr> <td><p>Email:</p></td> <td><label for="email"></label> <input name="email" type="text" id="email" maxlength="255" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>"/></td> <td> </td> </tr> <tr> <td><p>Username:</p></td> <td><label for="username"></label> <input name="username" type="text" id="username" maxlength="60" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>"/></td> <td> </td> </tr> <tr> <td><p>Choose New Password:</p></td> <td><label for="password1"></label> <input name="password1" type="password" id="password1" maxlength="40" /></td> <td> </td> </tr> <tr> <td><p>Confirm New Password:</p></td> <td><label for="password2"></label> <input name="password2" type="password" id="password2" maxlength="40" /></td> <td> </td> </tr> </table> </br> <?php require_once('_includes/recaptchalib.php'); $publickey = "my public key goes here...i know"; // you got this from the signup page echo recaptcha_get_html($publickey); ?> <br /> <input type="submit" name="submit_signup" id="submit_signup" value="Sign Up" /> <input type="hidden" name="submitted" value="TRUE" /> </form></center> <br /> <br /> </div> </div> <?php include('_includes/template/sidebar_right.php'); ?> <?php include('_includes/template/footer.php'); ?> </div> </body> </html> login.php file: Code: [Select] <?php session_start(); require_once('_includes/connectvars.php'); ?> <?php if (isset($_POST['submitLogin'])) { if (preg_match ('%^[A-Za-z0-9]\S{6,20}$%', stripslashes(trim($_POST['username'])))) { $username = escape_data($_POST['username']); } else { $username = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid username!</font></p>'; } if (preg_match ('%^[A-Za-z0-9]\S{6,20}$%', stripslashes(trim($_POST['password'])))) { $password = escape_data($_POST['password']); } else { $password = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid password!</font></p>'; } if ($username && $password) { $query = "SELECT user_id, level_access, username, password, join_date, first_name, last_name, birth_date, gender, zip_code, email, activation_code FROM users WHERE username='$username' AND password=SHA('$password')"; $result = mysql_query ($query) or trigger_error("Either the Username or Password are incorrect"); if (mysql_affected_rows() == 1) { $row = mysql_fetch_array ($result, MYSQL_NUM); mysql_free_result($result); $_SESSION['first_name'] = $row[5]; $_SESSION['username'] = $row[2]; $tokenId = rand(10000, 9999999); $query2 = "update users set tokenid = $tokenId where username = '$_SESSION[username]'"; $result2 = mysql_query ($query2); $_SESSION['token_id'] = $tokenId; session_regenerate_id(); header("Location: http://localhost/mysite/index.php"); mysql_close(); exit(); } } else { echo '<br><br><p><font color="red" size="+1″>Either the Username or Password are incorrect</font></p>'; mysql_close(); exit(); } echo '<br><br><p><font color="red" size="+1″>Either the Userid or Password are incorrect</font></p>'; mysql_close(); exit(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled</title> <link href="_css/page_layout.css" rel="stylesheet" type="text/css" /> <link href="_css/page_text.css" rel="stylesheet" type="text/css" /> <link href="_css/sidebarLeft.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="wrapper"> <?php include('_includes/template/header.php'); ?> <?php include('_includes/template/nav.php'); ?> <?php include('_includes/template/sidebar_left.php'); ?> <div id="mainContent"> <div class="content"> <h1>Login</h1> <form action="login.php" method="post" name="login" id="login"> <table width="200" border="0"> <tr> <td><p>Username:</p></td> <td><label for="username"></label> <input type="text" name="username" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>"/></td> </tr> <tr> <td><p>Password:</p></td> <td><label for="password"></label> <input type="password" name="password" id="password" /></td> </tr> </table> <br /> <p> <label> <input type="radio" name="remember_me" value="radio" id="remember_me_0" /> Keep me logged in </label> <br /> </p> <br /> <input type="submit" name="submitLogin" value="Login" /> <input type="hidden" name="submitted" value="TRUE" /> </form> <br /> <p>Not a member? <a href="register.php">Create an account!</a></p> <br /> <p>Forgot password?</p> </div> </div> <?php include('_includes/template/sidebar_right.php'); ?> <?php include('_includes/template/footer.php'); ?> </div> </body> </html> Here's the code that shows the different menus depending on if someone is logged in or not. Code: [Select] <div class="login"> <?php echo '<p>'; echo 'Welcome '; if (isset($_SESSION['first_name'])) { echo " {$_SESSION['first_name']}!</br></br>"; } else { echo 'Guest!'; } if (isset($_SESSION['username']) AND (substr($_SERVER['PHP_SELF'], -10) != 'logout.php')) { echo '<a href="add_event.php">Add an Event</a></br> <a href="my_profile.php">My Profile</a></br> <a href="logout.php"><p>Logout</a></br>'; } else { echo '</br> <a href="register.php">Register</a></br> <a href="login.php">Login</a></br>'; } echo'</p>'; ?> </div> Hello Friends, Iam in a little bit confused matter. Iam developing a website & it requires a user's banning system too so my question begin here that if i use user's IP to ban but they can easy access the website by using different proxy sites & almost ip address are dynamic not static. Banning their email is waste thing because they can create a new email within 1min. Anyone have experiences in these things ? How we can ban a user permanently from accessing the website ? Hi All, I have currently been working on a login/registration system for a university project and I am now struggling with the login section. The problem is with one particular function and an if statement. The function checks to see if the username and password entered matches the username and password in the database but each time I get it echoing username/password incorrect. the function is Code: [Select] function valid_credentials($user, $pass) { $user = mysql_real_escape_string($user); $pass = sha1($pass); $total = mysql_query("SELECT COUNT(`user_username`) FROM `users` WHERE `user_username` = '{$user}' AND `user_password` = '{$pass}'"); return (mysql_result($total, 0) == '1') ? true : false; } and the statement is Code: [Select] if (valid_credentials($_POST['username'], $_POST['password']) == false) { $errors = 'Username/Password incorrect.'; } Any help would be greatly appreciated as this has been bugging me for the past 5 days :/ Hi, I have a fully pledged membership system and want to integrate my own user referral system but want some tips, advice really on the logic of it. Basically already registered users on my site will have the option to refer people, only registered users. I will try to explain my logic and what i have done so far. My current registered users table is something like Quote users (table) - id (user id) - email (user email) - password (hash of users password) - reg_date (date user registered) I have some other fields but not relevant to what I want to do and to keep things as simple as possible I left them out. I am thinking of creating a new table called referrals and for example when a registered user on my site from the users table goes to a member only page called referral.php it will display a form so they can enter an email address of someone they want to refer and it also displays the people they referred. My referral table is like this so far and not sure if it's best way to go about the database logics and php logic. my table so far looks like this: Quote referrals (table) - id (auto incremented every time a new referral (row) is added to referrals table) - referrer_uid (id of referrer, this would be the unique id of a registered user from the users table) - referred_email (email address of person who has been referred) - status (when someone is first referred default will be `referred`, if they signup to site via referral link this will update to `completed`) - created_on (date the referral was made, unix timestamp) - updated_on (date the referred person actually clicks the referral link and completes signup) Currently i added the database table above to my site on local. added some sample data for testing and created a referral.php page where there's a form so a registered member can enter a persons email and refer them to my site to signup. On referral.php there is also the total people they referred and a table showing all the people they referred as follows: Referred Email | Referred Date | Status | Completed On Now so far everything is seems fine. I have my sample (pretend referrals i made) data showing in my test account. The part i am now not sure about is this: Obviously to stop abuse i do my usual validation checks like: check to ensure the email being entered on referrals page does not exist in users table (registered member), check to ensure the email has not already been referred previously (for spam reasons) only allowed to refer an email address once and not allowed to refer someone who has previously been referred by someone else to (again for spam reasons) Now onto the tracking the referral and link building. I was first thinking this: on sign up form have a hidden field. The sign up form would do a simple check to see if isset $_GET['ref'] like signup.php?ref=something_here if it is prefill the hidden field, when user then signs up if the ref=something_here matches what's in the database then update referral to complete so the referrer knows that their friend for example signed up via their referral, unix timestamp of when referred person completed signup. Now i was going to use the email address of referred person or username of person who made the referral signup.php?ref=username or signup.php?ref=referred_email . Now what i am thinking is what would be better and i guess stop random abuse is create another column and call it referred_id; this would be a random md5 hash that is unique to that referral and it will be appended to the url like signup.php?ref=md5_hash_here. So my questions a 1) Is there anything you think i should change, improve on, alter etc ? 2) Do you think i am going about it the rite way or making a mess of it ? 3) Have i left anything out that i may have not thought of that could cause the system to be abused ? Any suggestions, feedback, help on the whole logic would be great. I coded allot of it last night and won't take me long to do the rest but need some help in terms of ensuring i am doing it the best way possible etc, the logic behind it all. Thanks for any suggestions, help, advice, tips! PHPFAN I currently have a MyBB forum and I'm going to attempt to create a top list for it, but I'd like users that have already registered on my forum to be able to log into the top list area and either add or edit their website on the top list. How would I go about creating a login script with an already existing MySQL database that contains my MyBB users? |