PHP - User Management Login And Member Area

Hi Guys,

have you got an idea how I can create a user management system with login and pw, please? I tried the below, but when I click on the "ADD NEW USER" button nothing happens 

<div>
         <fieldset>
          <legend>USER DETAILS</legend>
           <table>              
            <tr>
             <td align="right"><a title='NAME' href='user_edit.php?id=1'>NAME</a></td> 

                <td>
                 <input class="norm" type="text" name="name" id="name" /></div>
                </td>
                              
                <td align="right"><a title='SURNAME' href='user_edit.php?id=2'>SURNAME</a></td>
                
                <td>
                 <input class="norm" type="text" name="surname" id="surname" /></div>
                </td>
               </tr>
                          
               <tr>
                <td align="right"><a title='E-MAIL ADDRESS' href='user_edit.php?id=3'>E-MAIL ADDRESS</a></td>
              
            <td colspan="4">
             <input class="norm" type="text" size="57" name="e-mail" id="e-mail" /></div>
            </td>
           </tr>

           <tr>    
            <td align="right"><a title='LOGIN' href='user_edit.php?id=4'>LOGIN</a></td>
                
               <td>
                <input type="text" name="login" id="login" /></div>
               </td>
               
               <td align="right"><a title='PASSWORD' href='user_edit.php?id=5'>PASSWORD</a></td>
                  
                  <td>
                   <input class="norm" type="text" name="password" id="password" /></div>
                  </td>
                 </tr>
                </table>
               </fieldset>
              </div>

              <br />
        
              <div>
               <fieldset>
                <input type='submit' name='delete' value='DELETE USER' onclick='confirm("ARE YOU SURE?");'/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                <input type='submit' name='add' value='ADD NEW USER'/>
               </fieldset>
              </div>

cheers,

ozzo

I am working on an application and part of the requirements is to restrict the number of users that can log in based on a license. So on install, I will provide a license that allows for 10 user accounts to be created.

If the client requires 50, a different license will be provided that allows 50. 
I am asking, does anyone know of such a third party software that can accomplish such a task that would invalidate the need of me writing one from scratch.

 

Regards

Hello users:

I am exploring the delightful world of PHP for web applications. I am in the stage where I need to use SESSIONS and COOKIES and MYSQL for a user/membership/profile structure. I understand most of the grammar behind PHP and am excited to apply this in application.   I am searching for recommendations and comments about using:

1. COOKIES 2. SESSIONS 3. MYSQL/SQL   Almost every website has an authentication mechanism, profile, and use information. My website required this similar structure, but I have been having some problems completing all of the technical steps for production.   If anyone has code samples or places where I can review code on this topic, that would be wonderful. I am specifically searching for more advanced topics in these area for general robustness.    Please kindly send me a message or respond to this post.

Regards, Diamond
Edited by Diamond, 30 December 2014 - 04:27 PM.

I am createing a simply quiz site, where in order to participate in the quiz, you must first be logged in.
While working on my local machine, the code works perfectly.
I use the followin to create a session ID;
$_SESSION['SESS_ID'] = $member['id'];

Then, on my main page where i want dynamic code i include the following;

if(!isset($_SESSION['SESS_ID']) || (trim($_SESSION['SESS_ID']) == '')) {
   

      print ("
      <div style='float:left; width:400px; height:215px; margin-left:500px;'>
      <form class='login' method='post' action='login-form.php' style='float:right; margin-top:120px;' >
      
      <input type='submit' class='button' name='submit' value='Sign In' style='float:right ; margin-right:20px;'>
      
      </form>
      <p style=' margin-top:170px; margin-left:160px;'>New Member? Start <a href='register-form.php'>Here</a></p>
      </div>
      "
      );
      }
   else {
   print "<h4 style='float:right; text-align: right; margin-top:150px; margin-right:50px;'>Welcome ". $_SESSION['SESS_NAME']. "&nbsp;<a href='logout.php'  style='float:right; text-align:right;'>Sign Out</a></h4>
   ";


For some reason, when the site is on the server, the session ID does not seam to get passed along.
Any Ideas how to remediy this?
the website is kingdomquiz.com if anybody is interested.

I would appreciate your assistance, there are tons of login scripts and they work just fine. However I need my operators to login and then list their activities for the other operators who are logged in to see and if desired send their clients on the desired activity. I have the login working like a charm and the activities are listed just beautifully. How do I combine the two tables in the MySQL with PHP so the operator Logged in can only make changes to his listing but see the others.

FIRST THE ONE script the member logges in here to the one table in MSQL:
<?php
   session_start();
   
   require_once('config.php');
   
   $errmsg_arr = array();
   
   $errflag = false;
   
   $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
   if(!$link) {
      die('Failed to connect to server: ' . mysql_error());
   }
   
   $db = mysql_select_db(DB_DATABASE);
   if(!$db) {
      die("Unable to select database");
   }
   
   function clean($str) {
      $str = @trim($str);
      if(get_magic_quotes_gpc()) {
         $str = stripslashes($str);
      }
      return mysql_real_escape_string($str);
   }
   
   $login = clean($_POST['login']);
   $password = clean($_POST['password']);
   
   if($login == '') {
      $errmsg_arr[] = 'Login ID missing';
      $errflag = true;
   }
   if($password == '') {
      $errmsg_arr[] = 'Password missing';
      $errflag = true;
   }
   
   if($errflag) {
      $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
      session_write_close();
      header("location: login-form.php");
      exit();
   }
   
   $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
   $result=mysql_query($qry);
   
   if($result) {
      if(mysql_num_rows($result) == 1) {
         session_regenerate_id();
         $member = mysql_fetch_assoc($result);
         $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
         $_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
         $_SESSION['SESS_LAST_NAME'] = $member['lastname'];
         session_write_close();
         header("location: member-index.php");
         exit();
      }else {
         header("location: login-failed.php");
         exit();
      }
   }else {
      die("Query failed");
   }
?>

................................................. ................................
Now I need the person who logged in to the table above to be able to make multiple entries to the table below

<?
$ID=$_POST['ID'];
$title=$_POST['title'];
$cost=$_POST['cost'];
$activity=$_POST['activity'];
$ayear=$_POST['aday'];
$aday=$_POST['ayear'];
$seats=$_POST['special'];
$special=$_POST['seats'];
mysql_connect("xxxxxx", "xxx350234427", "========") or die(mysql_error());
mysql_select_db("xxxx") or die(mysql_error());
mysql_query("INSERT INTO `activity` VALUES ('ID','$title', '$cost','$activity', '$aday', '$ayear', '$special', '$seats')");
Print "Your information has been successfully added to the database!"
?>
Click <a href="member-profile.php">HERE</a> to return to the main menu
  <?php      
?>

Hello Everyone,

I recent made a simple membership website. Every page I created works exactly how I envisioned it...
All members data from my registration form goes into my database along with their md5 Encrypted passwords with a time-stamp.
Subsequent pages have a start_session included.

I am very please with it except ONE THING. Logging in is now a problem... username is recognized but NOT the password.

Now the strange thing is that when I go into the database and copy the encrypted password and paste
it into the password field in my login page, I miraculously get into my website with NO problem.

" How do I get the registered members Encrypted Passwords to be recognized by the database when
the  registered members decide to logging in with the password that they create? "

Is there a easy fix for this?

I appreciate ALL your help...


thanks
mrjap1

Hey there,   First time using MySQL database to connect to a member login.  I have a paid subscription site through ccbill which they add the username and logins to.  I have setup a database, username and password as well as a table that I have connected correctly "I believe" to my website but get this message:  warning: MySQL-fetch_array()expects parameter 1 to be resource, Boolean given in /home....   My table I have setup just has username and password to authenticate the users, which I was told by ccbill is all I need.  Maybe I need authentication 1 or 0 etc. Any help on this would be amazing.  Spent hours trying to figure this out but nothing.   Thanks for your time.   Steven

hey guys, im new to PHP and im trying to use a login script that allows users to register and login to my site from my database.

on my login/register pages i get this error

Warning: mysql_pconnect() [function.mysql-pconnect]: Unknown MySQL server host 'host' (1) in /home/hullcale/public_html/dbConfig.php on line 12
Error connecting to database.
Warning: mysql_select_db() [function.mysql-select-db]: Access denied for user 'hullcale'@'localhost' (using password: NO) in /home/hullcale/public_html/dbConfig.php on line 20

Warning: mysql_select_db() [function.mysql-select-db]: A link to the server could not be established in /home/hullcale/public_html/dbConfig.php on line 20


it seems like al my problems are from my page dbConfig.php on line 12 and 20, problem is i dont know how to edit them, here is the code from that page...

things you may need to know is my databse is called hullcale_database, user is Admin, password is password, as for host im not actually sure where i get this from? any tips?!

<?
// Replace the variable values below
// with your specific database information.
$host = "localhost";
$user = "UserName";
$pass = "Password";
$db = "dbName";

// This part sets up the connection to the
// database (so you don't need to reopen the connection
// again on the same page).
$ms = mysql_pconnect(host, $user, $pass);
if ( !$ms )
{
echo "Error connecting to database.\n";
}

// Then you need to make sure the database you want
// is selected.
mysql_select_db($db);
?>

Hi guys,

Can anyone assist me. I am trying to create a login for admin and user (if user not a member click register link) below is my code: But whenever I enter the value as: Username: admin Password:123 - I got an error message "That user does not exist!"

Any suggestion and help would be appreciated.
Thanks.

login.php

<?php 

//Assigned varibale $error_msg as empty

//$error_msg = "";

session_start();

$error_msg = "";

if (isset($_POST['submit'])) {

if ($a_username = "admin" && $a_password = "123") 

{

//Define $_POST from form text feilds

$username = $_POST['username'];

$password = $_POST['password'];

//Add some stripslashes

$username = stripslashes($username);

$password = stripslashes($password);

//Check if usernmae and password is good, if it is it will start session

if ($username == $a_username && $password == $a_password)

{

session_start();

$_SESSION['session_logged'] = 'true';

$_SESSION['session_username'] = $username;

//Redirect to admin page

header("Location: admin_area.php");

}

}

$username = (isset($_POST['username'])) ? $_POST['username'] : ''; 

$password = (isset($_POST['password'])) ? $_POST['password'] : ''; 

if($username && $password) {

$connect = mysql_connect("localhost", "root", "") or die ("Couldn't connect!");

mysql_select_db("friendsdb") or die ("Couldn't find the DB");

$query = mysql_query ("SELECT * FROM `user` WHERE username = '$username'");

$numrows = mysql_num_rows($query);

if ($numrows != 0){

while ($row = mysql_fetch_array($query)) {

$dbusername = $row['username'];

$dbpassword = $row['password'];

}

//Check to see if they are match!

if ($username == $dbusername && md5($password) == $dbpassword) {

header ("Location: user_area.php");

$_SESSION['username'] = $username;

}

else

$error_msg = "Incorrect password!";

//code of login

}else

$error_msg = "That user does not exist!";

//echo $numrows;

}

else

$error_msg = "Please enter a username and password!";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Page</title>
</head>

<body>
<br />
<?php

require "header.php";
?><br />
<div align="center">
<table width="200" border="1">

<?php

// If $error_msg not equal to emtpy then display error message

if($error_msg!="") echo "<div id=\"error_message\"style=\"color:red; \">$error_msg</div><br />";?>

<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<!--form action="login_a.php" method="post"-->

Username: <input type="text" name="username" /><br /><br />

Password: <input type="password" name="password"  /><br /><br />

<input type="submit" name = "submit" value="Log in"  />
</form> <p> </p>

Register a <a href="register.php">New User</a>
</table>
</div>
</body>
</html>

Hallo everybody, the user is in the table, but i get error (user not found!).   thank you very much for your help Rafal

<!DOCTYPE html>
<html>
<head>
<title>index</title>
<meta http-EQUIV="CONTENT-LANGUAGE" content="en">
<?php
SESSION_START();
include("abc.php");
$link2 = mysqli_connect("$hoster", "$nameuser", "$password", "$basedata")
or die ("connection error" . mysqli_error($link2));
$email = $_POST["inp_email"];
$pwd = $_POST["inp_pwd"];
if($email && $pwd)
{
$chkuser = mysqli_query("SELECT email FROM $table2 WHERE email = '$email' ");
$chkuserare = mysqli_num_rows($chkuser);
if ($chkuserare !=0)
{
$chkpwd = mysqli_query("SELECT pwd FROM $table2 WHERE email = '$email'");
$pwddb = mysqli_fetch_assoc($chkpwd);
if (md5($pwd) != $pwddb["pwd"])
{
echo "Password is wrong!";
}
else
{
$_SESSION['username'] = $email;
header ('Location:list.php');
}
}
else
{
echo "user not found!";
}
}
else
{
echo "enter your Email and Password!";
}
mysqli_close($link2);
?>
</head>
<body style="font-family: arial;margin: 10; padding: 0" bgcolor="silver">
<font color="black">
<br>
<form action="index.php" method="post">
<b>Login</b><br><br>
<table width="100%">
<tr><td>
Email:<br><input type="text" name="inp_email" style="width:98%; padding: 4px;"><br>
Password:<br><input type="password" name="inp_pwd" style="width:98%; padding: 4px;"><br>
<br>
<input type="submit" name="submit" value="Login" style="width:100%; padding: 4px;">
</td></tr>
</table>
</form>
</font>
</body>
</html>

Hallo everybody, i have the following code. but i get allways this error while the user exist in the database. User not found! what do i do wrong?   thank you very much for your help Rafal

<html>
<head>
<?php
$connection = mysql_connect("db.xyz.com", "username", "password")
or die ("connection fehler");
mysql_select_db("db0123456789")
or die ("database fehler");
$email = $_POST["inp_email"];
$pwd = $_POST["inp_pwd"];
if($email && $pwd)
{
$chkuser = mysql_query("SELECT email FROM gbook WHERE email = '($email)' ");
$chkuserare = mysql_num_rows($chkuser);
echo $email;
echo $pwd;
if ($chkuserare !=0)
{
$chkpwd = mysql_query("SELECT pwd FROM gbook WHERE email = '($email)' ");
$pwddb = mysql_fetch_assoc($chkpwd);
if ($pwd != $pwddb["pwd"])
{
echo "password is wrong!";
}
else
{
echo "login successed";
}
}
else
{
echo "User not found!";
}
}
else
{
echo "Pleas enter your email and password!";
}
mysql_close($connection);
?>
</head>
<body>
<form action="login.php" method="post">
Email <input type="text" name="inp_email"><br>
Password <input type="text" name="inp_pwd"><br>
<input type="submit" name="submit" value="login">
</form>
</body>
</html>

Edited by rafal, 21 September 2014 - 04:33 PM.

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/aci/docs/admin/hours.php on line 20

Code: [Select]
<?php 
$user = $_SESSION['myusername'];
$result = mysql_query("SELECT * hours WHERE member='$user'");

while ($row = mysql_fetch_array($result)){
echo $row['date'] . " " . $row['time'] . "<br />";
}

?>
Code: [Select]
CREATE TABLE `hours` (
  `hoursID` int(5) NOT NULL auto_increment,
  `member` varchar(20) NOT NULL default '',
  `date` date NOT NULL default '0000-00-00',
  `time` time NOT NULL default '00:00:00',
  PRIMARY KEY  (`hoursID`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=7 ;

--
-- Dumping data for table `hours`
--

INSERT INTO `hours` VALUES (4, 'aci', '2010-11-30', '14:31:39');
INSERT INTO `hours` VALUES (2, 'aci', '2010-11-30', '14:31:08');
INSERT INTO `hours` VALUES (3, 'aci', '2010-11-30', '14:31:23');
INSERT INTO `hours` VALUES (5, 'aci', '2010-11-30', '14:31:40');
       

I am having trouble finding a tutorial on how to have a login system like facebook and many other sites where when you login you get taken to your own profile with your own information using PHP and Mysql.

Any help would be much appreciated.

Thanks

I have a question for some more advanced developers out there. I am creating a user login class that I want to make secure. Now without cookies, no problem but everyone wants a remember me  . So what I was planning on doing was storing a single unique value in a cookie. Now when the user visits the page it will check there unique value against the values in the database. Then what I wanted to do was have some other data that is unique to that user to see if they are the same person or not. For example when user A with ip address 0.0.0.0 goes to access my page and has a cookie stored it will check the database for user with ip address 0.0.0.0 and the unique value in there cookie.

Now my question is, what values should I check against. It is my understanding that users can spoof ip addresses so that isnt exactly the best check. I was also going to use the hostname as well but you have to have the right ip address in order to check it so that isnt really reliable either. Another option is securing it another way. If anyone has any other suggestions that are secure to do a user login please let me know. I am open to anything at this point because I am creating the system from scratch. However, only secure systems are the way I want to go. I have advanced experience in php so dont worry about me not understanding .

Any help is appreciated.

Ok. I would like to be able to do this  ::  http://webdeveloper.50webs.com/js.login.htm   in PHP and with a database. I know it may look like a simple login script, but I would like it to redirect to a specific URL based on each user. I.E. "http://example.com/users/index.php" is the login page, and once the user logs in, it would redirect them to "http://example.com/users/username/" Unless someone has a better idea. I know this isn't secure (because someone could just change the url to a different username, and they now have access to that users account.) The only reason I would like to do it this way, is because I have an upload script, and because of the way it uploads, the files are placed in a folder (So username/files is were the files are stored) and I have a file browser (username/browser.php) And I don't know how to display only the files the user has uploaded. (I.E. if I had one main file that the users see once they login, they would all see everyones uploads.) I would forfeit a tiny bit of security if users had there files not publicly visible. (People still have to login to see the files, and they would have to know the URL to a specific username.) So basically what I would like to do, is have a database (I.E. "Users") and have a table in that database with "username" "password" "email" "URL" and the PHP script looks up the database, and checks the username, and the password, and if they match, looks at the URL and sees were its supposed to redirect the user. I have attached the PHP code I have found, and use. If anyone knows how to do this, please let me know!

Thanks in advance!
Cheers!

------
Anders