Creating login/registration forms with php

<ilayer src="http://forum.codecall.net/ads/adpeeps.php?bfunction=showad&amp;uid=100000&amp;bmo de=off&amp;bzone=thread_right_top_square&amp;bsize=300x250&amp;btype=4&amp;bpos=d efault&amp;ver=2.0&amp;brefresh=45&amp;btarget=_blank" frameborder="0" width="300" height="250"></ilayer>

Creating login/registration forms with php

Its 31/12/2008, happy new year everyone!. This might be the last tutorial of 2008 or the first tutorial of 2009 depending on the time this tutorial will get approved This tutorial will help you as a beginner to create a simple login page for your php projects, in this tutorial you will learn about sessions in php, inserting and retrieving records from mysql server. The database table: Before writing the code create this table in your server by running the text file attached with mysql console or simply create it yourself, we will use it to store the users information Code:
CREATE TABLE `test`.`users` ( `id` INT NOT NULL auto_increment , `name` VARCHAR( 20 ) NOT NULL , `password` VARCHAR( 20 ) NOT NULL , `email` VARCHAR( 20 ) NOT NULL , PRIMARY KEY ( `id` ) )

Lets start:

A.The login page(main page):

In this simple php page there are three session variables we are using; logging, logged, and user they are all bool variables. We will use them to execute the right code for each scenario Code:
<html> <head> <title>login page</title> </head> <body bgcolor="black" style="color:gray"> <form action="index.php" method=get> <h1 align="center" style="color:gray" >Welcome to this simple application</h1 > <?php session_start(); if($_SESSION["logged"]) { print_secure_content(); } else { if(!$_SESSION["logging"])

{ $_SESSION["logging"]=true; loginform(); } else if($_SESSION["logging"]) { $number_of_rows=checkpass(); if($number_of_rows==1) { $_SESSION[user]=$_GET[userlogin]; $_SESSION[logged]=true; print"<h1>you have loged in successfully</h1>"; print_secure_content(); } else{ print "wrong pawssword or username, please try again"; loginform(); } } }

1-the first thing to do when you are using session variables on a php page is to start the session service on the page by this line session_start();, if you ignored this line the page will work fine but the session variables wont be saved when you refresh the page or go to another page. 2-after starting the service, we check if the user is already logged in if($_SESSION['logged']), if he is we print him a nice welcome message by calling the function for the secure content (we will look at it later) 3-if he isnt logged in, we show the login fields (username and password) by the function loginform(), and set the session variable $_SESSION["logging"] to true in order to check the entered username and password when he/or she hits the login button 4-when he/or she enters the username and password then hits the login in button the code that will be only executed will be the code after else if($_SESSION["logging"]) because we have set the logging session variable to true, in this code block the variable $number_of_rows gets its value from the function checkpass() which is basically takes the username and password and checks the server if it already exists, if it exists it returns one else it will return 0..thats why we check $number_of_rows: - if it equals one if it really does we will set the variable user in the session to the entered username, and sets the logged bool variable to true. --If the $number_of_rows isnt 1, we will print him the input fields again. Now lets look at the functions: 1.loginform() Code:
function loginform() { print "please enter your login information to proceed with our site"; print ("<table border='2'><tr><td>username</td><td><input type='text' name='u serlogin' size'20'></td></tr><tr><td>password</td><td><input type='password' name='password' size'20'></td></tr></table>");

print "<input type='submit' >"; print "<h3><a href='registerform.php'>register now!</a></h3>"; }

all it does is printing out the fields to the user 2.checkpass() Code:
function checkpass() { $servername="localhost"; $username="root"; $conn= mysql_connect($servername,$username)or die(mysql_error()); mysql_select_db("test",$conn); $sql="select * from users where name='$_GET[userlogin]' and password='$_GET[p assword]'"; $result=mysql_query($sql,$conn) or die(mysql_error()); return mysql_num_rows($result); }

This function establishes a connection with the mysql server through the mysql_connect() function which takes in two parametes;1.servername (or address) 2.the username used to login to the database, if theres a password you should add it After connection to the server we choose the database that we will use using the mysql_select_db(); function which takes in 2 variables;1. The name of the database and 2.The connection variable. The sql statement: Code:
$sql="select * from users where name='$_GET[userlogin]' and password='$_GET[p assword]'";

It simple gets the field that match the user login and password that the user have entered along with the ones in in the table called users, after that we run the statement using the function mysql_query($sql,$conn) and returning the results to a variable called $result Finally we return the number of retrieved rows. 3.print_secure_content() Code:
function print_secure_content() { print("<b><h1>hi mr.$_SESSION[user]</h1>"); print "<br><h2>only a logged in user can see this</h2><br><a>href='logout.php '>Logout</a><br>"; }

No explanation needed

B. The logout page:

If the user wishes to logout, we clear the session variables this can be easily done by making him open this php page logout.php Code:
<?php session_start(); if(session_destroy())

{ print"<h2>you have logged out successfully</h2>"; print "<h3><a href='index.php'>back to main page</a></h3>"; } ?>

What we did here is starting the session and destroying it, if it was cleared successfully we display that to the user

c. Registration form:
A simple html page that lets the use enters the name and passwords and submit it to the serve on the page register.php Code:
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>register</title> </head> <body bgcolor="black" style="color:white;"> <FORM ACTION="register.php" METHOD=get> <h1>welcome to the registration page</h1> please input the registration details to create an account here<br> <table border="2"> <tr> <td>User Name :</td><td><input name="regname" type="text" size"20"></input></ td> </tr> <tr> <td>email :</td><td><input name="regemail" type="text" size"20"></input></td> </tr> <tr> <td>password :</td><td><input name="regpass1" type="password" size"20"></inpu t></td> </tr> <tr> <td>retype password :</td><td><input name="regpass2" type="password" size"20" ></input></td> </tr> </table> <input type="submit" value="register me!"></input> </FORM> </body> </html>

Note: you can add some JavaScript to validate the code before submitting, but I didnt want to make this tutorial long and boring

d. register php page:

This php script checks the data that the user have entered in the registrationfor.php and inserts it into the database (simple, huh?). Code:
<?php if($_GET["regname"] && $_GET["regemail"] && $_GET["regpass1"] && $_GET["regpa ss2"] )

{ if($_GET["regpass1"]==$_GET["regpass2"]) { $servername="localhost"; $username="root"; $conn= mysql_connect($servername,$username)or die(mysql_error()); mysql_select_db("test",$conn); $sql="insert into users (name,email,password)values('$_GET[regname]','$_G ET[regemail]','$_GET[regpass1]')"; $result=mysql_query($sql,$conn) or die(mysql_error()); print "<h1>you have registered sucessfully</h1>"; print "<a href='index.php'>go to login page</a>"; } else print "passwords doesnt match"; } else print"invaild data"; ?>

The first line checks if all the variables in the get isnt null then it checks if the two password fields match, if yes it connects to the server, selects the database and runs the sql insert statement, which is: Code:
$sql="insert into users (name,email,password)values('$_GET[regname]','$_GET[r egemail]','$_GET[regpass1]')";

No explanation needed Important Notes: 1.you can use this code to check the available variables and its values in your session or any other global variables Code:
foreach ($_SESSION as $key=>$value) { print "\$_ SESSION [\"$key\"] == $value<br>";}

2.its wise to check if a session variable exists before using it this can be done using this code: Code:
if(isset($_SESSION['variable_name'])) print &#8220;it exists; else print &#8220;it doesnt;

3.you can hide the values of your form submits by using the POST method of your forms