CREATE TABLE IF NOT EXISTS `users` (
`id` INT unsigned NOT NULL AUTO_INCREMENT,
`username` varchar(20) NOT NULL,
`email` varchar(75) NOT NULL,
`password` char(64) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE(`username`),
UNIQUE(`email`)
) Engine=MyISAM;
<?php //mysql_info.php
define( 'DBHOST', 'localhost');
define( 'DBUSER', 'derokorian');
define( 'DBPASS', 'derokorian');
define( 'DBNAME', 'derokorian'); ?>
<?php //userRegister.php
// Check if the form was submitted
// check that all fields are filled in
// check the validity of the entered data
// add user to the database
// show errors
// show form
// show form
?>
<!DOCTYPE html>
<html>
<head>
<title>Derokorian User Registration</title>
</head>
<body>
<form action="" method="post">
<label for="username">Username:</label><input type="text" name="username" value=""/><br />
<label for="email">Email:</label><input type="text" name="email" value=""/><br />
<label for="pass1">Password:</label><input type="password" name="pass1" /><br />
<label for="pass2">Confirm Pass:</label><input type="password" name="pass2" /><br />
<input type="submit" value="Register" />
</form>
</body>
</html>
// Check if the form was submitted
if( count($_POST) > 0 ) {
// check that all fields are filled in
// check the validity of the entered data
// add user to the database
}
// check that all fields are filled in, one at a time using empty()
if( empty($_POST['username']) ) {
$errors[] = 'You must supply a username.';
}
if( empty($_POST['email']) ) {
$errors[] = 'You must supply an email.';
}
if( empty($_POST['pass1']) ) {
$errors[] = 'You must supply a password.';
}
if( empty($_POST['pass2']) ) {
$errors[] = 'You must confirm your password.';
}
// If there are not already errors from missing fields
if( count($errors) == 0 ) {
// check the validity of the entered data
// Check the username
if( !preg_match('/^[a-z][a-z0-9]+$/i',$_POST['username']) ) {
$errors[] = 'Your username must begin with a letter, and only contain letters and numbers.';
}
// Check the email
if( !filter_var($_POST['email'],FILTER_VALIDATE_EMAIL) ) {
$errors[] = 'You must supply a valid email.';
}
// Check the passwords
if( $_POST['pass1'] != $_POST['pass2'] ) {
$errors[] = 'You must supply matching passwords.';
}
// add user to the database
}
// Check for errors in validity
if( count($errors) == 0 ) {
// connect to mysql
include 'mysql_info.php';
$conn = mysqli_connect(DBHOST,DBUSER,DBPASS,DBNAME);
// Check if the connection failed
if( !$conn ) {
//connection failed
die('Failed to connect '.mysqli_connect_error());
}
// prepare data for database
$username = mysqli_real_escape_string($conn,$_POST['username']);
$email = mysqli_real_escape_string($conn,$_POST['email']);
$pass = hash('sha256',strtolower($_POST['username']).$_POST['pass1']);
}
// Create the insert query
$sql = sprintf("INSERT INTO `users` (`username`,`email`,`password`) VALUES ('%s','%s','%s')",
$username,$email,$pass);
// Attempt insert the new user
if( mysqli_query($conn,$query) ) {
die('You have successfully registered as '.$_POST['username'].'<br /><a href="/userLogin.php">Click here</a> to log in.');
} else {
// Insert failed, set error message
$errors[] = 'Error adding user to database, MySQL said:<br>
('.mysqli_errno($conn).') '.mysqli_error($conn).'</span>';
}
//output the form
?>
<!DOCTYPE html>
<html>
<head>
<title>Derokorian User Registration</title>
</head>
<body>
<?php echo isset($errors) && count($errors) > 0 ? '<span style="color:red">'.implode('<br>',$errors).'</span><br>' : ''; ?>
<form action="" method="post">
<label for="username">Username:</label><input type="text" name="username" value="<?php echo isset($_POST['username']) ? $_POST['username'] : ''; ?>"/><br>
<label for="email">Email:</label><input type="text" name="email" value="<?php echo isset($_POST['email']) ? $_POST['email'] : ''; ?>"/><br>
<label for="pass1">Password:</label><input type="password" name="pass1" /><br>
<label for="pass2">Confirm Pass:</label><input type="password" name="pass2" /><br>
<input type="submit" value="Register" />
</form>
</body>
</html>
<?php //userLogin.php
// Start the session
// check if the user is logged in
// check if the form was submitted
// verify fields are filled in
// check the given username / password against the database
// tell the user they are logged in, if they are
// tell them why they aren't logged in, if they tried, and show the form
// Start the session
session_start();
// check if the user is logged in
if( isset($_SESSION['username']) ) {
die('You are already logged in');
}
// Output the form
?>
<!DOCTYPE html>
<html>
<head>
<title>Derokorian User Login</title>
</head>
<body>
<form action="" method="post">
<label for="username">Username:</label><input type="text" name="username" value=""/><br>
<label for="password">Password:</label><input type="password" name="password" /><br>
<input type="submit" value="Log in" />
</form>
</body>
</html>
// check if the form was submitted
if( count($_POST) > 0 ) {
// verify fields are filled in
// check the given username / password against the database
// tell the user they are logged in, if they are
}
// verify fields are filled in
$errors = array();
if( empty($_POST['username']) ) {
$errors[] = 'You must enter a username.';
}
if( empty($_POST['password']) ) {
$errors[] = 'You must enter your password.';
}
if( count($errors) == 0 ) {
// Connect to mysql
include 'mysql_info.php';
$conn = mysqli_connect(DBHOST,DBUSER,DBPASS,DBNAME);
// Check if the connection failed
if( !$conn ) {
//connection failed
die('Failed to connect '.mysqli_connect_error());
}
// prepare data for database
$username = mysqli_real_escape_string($conn,$_POST['username']);
$pass = hash('sha256',strtolower($_POST['username']).$_POST['password']);
}
// Build the query
$sql = sprintf("SELECT 1 FROM `users` WHERE `username` = '%s' AND `password` = '%s'",$username,$pass);
// check the given username / password against the database
$res = mysqli_query($conn,$sql);
// Check if the query was successful
if( !$res ) {
$errors[] = 'Error selecting user from database, MySQL said:<br>
('.mysqli_errno($conn).') '.mysqli_error($conn);
} else {
// Check if the result returned a row
if( mysqli_num_rows($res) > 1 ) {
// Successfully logged in
$_SESSION['username'] = $_POST['username'];
die('You have successfully logged in.');
} else {
// Username/password mismatch
$errors[] = 'Your username and password combination wasn\'t found. Please try again.';
}
}
// Output the form
?>
<!DOCTYPE html>
<html>
<head>
<title>Derokorian User Login</title>
</head>
<body>
<?php echo isset($errors) && count($errors) > 0 ? '<span style="color:red">'.implode('<br>',$errors).'</span><br>' : ''; ?>
<form action="" method="post">
<label for="username">Username:</label><input type="text" name="username" value="<?php echo isset($_POST['username']) ? $_POST['username'] : ''; ?>"/><br>
<label for="password">Password:</label><input type="password" name="password" /><br>
<input type="submit" value="Log in" />
</form>
</body>
</html>
<?php //userLogout.php
session_destroy();
echo 'You have been logged out.';
?>
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (6)
Commented:
Author
Commented:Commented:
Author
Commented:Commented:
View More