User Membership With PHP

User Membership With PHP

Nov 10th in PHP by Tom Cameron

A tutorial for the very beginners! No matter where you go on the internet, there's a staple that you find almost everywhere - user registration. Whether you need your users to register for security or just for an added feature, there is no reason not to do it with this simple tutorial. In this tutorial we will go over the basics of user management, ending up with a simple Member Area that you can implement on your own website.

PG

Author: Tom Cameron

This is a NETTUTS contributor who has published 1 tutorial(s) so far here. Their bio is coming soon!

Introduction

In this tutorial we are going to go through each step of making a user management system, along with an inter-user private messaging system. We are going to do this using PHP, with a MySQL database for storing all of the user information. This tutorial is aimed at absolute beginners to PHP, so no prior knowledge at all is required - in fact, you may get a little bored if you are an experienced PHP user!

This tutorial is intended as a basic introduction to Sessions, and to using Databases in PHP. Although the end result of this tutorial may not immediately seem useful to you, the skills that you gain from this tutorial will allow you to go on to produce a membership system of your own; suiting your own needs.

Before you begin this tutorial, make sure you have on hand the following information:

  • Database Hostname - this is the server that your database is hosted on, in most situations this will simply be 'localhost'.
  • Database Name, Database Username, Database Password - before starting this tutorial you should create a MySQL database if you have the ability, or have on hand the information for connecting to an existing database. This information is needed throughout the tutorial.

If you don't have this information then your hosting provider should be able to provide this to you.

Now that we've got the formalitiies out of the way, let's get started on the tutorial!

Step 1 - Initial Configuration

Setting up the database

As stated in the Introduction, you need a database to continue past this point in the tutorial. To begin with we are going to make a table in this database to store our user information.

The table that we need will store our user information; for our purposes we will use a simple table, but it would be easy to store more information in extra columns if that is what you need. In our system we need the following four columns:

  • UserID (Primary Key)
  • Username
  • Password
  • EmailAddress

In database terms, a Primary Key is the field which uniquely identifies the row. In this case, UserID will be our Primary Key. As we want this to increment each time a user registers, we will use the special MySQL option - auto_increment.

The SQL query to create our table is included below, and will usually be run in the 'SQL' tab of phpMyAdmin.

CREATE TABLE `users` (
`UserID` INT(25) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`Username` VARCHAR(65) NOT NULL ,
`Password` VARCHAR(32) NOT NULL ,
`EmailAddress` VARCHAR(255) NOT NULL
);

Creating a base file

In order to simplify the creation of our project, we are going to make a base file that we can include in each of the files we create. This file will contain the database connection information, along with certain configuration variables that will help us out along the way.

Start by creating a new file: base.php, and enter in it the following code:

<?php
session_start();

$dbhost = "localhost"; // this will ususally be 'localhost', but can sometimes differ
$dbname = "database"; // the name of the database that you are going to use for this project
$dbuser = "username"; // the username that you created, or were given, to access your database
$dbpass = "password"; // the password that you created, or were given, to access your database

mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error());
mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());
?>

Let's take a look at a few of those lines shall we? There's a few functions here that we've used and not yet explained, so let's have a look through them quickly and make sense of them -- if you already understand the basics of PHP, you may want to skip past this explanation.

session_start();

This function starts a session for the new user, and later on in this tutorial we will store information in this session to allow us to recognise users who have already logged in. If a session has already been created, this function will recognise that and carry that session over to the next page.

mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error());
mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());

Each of these functions performs a separate, but linked task. The mysql_connect function connects our script to the database server using the information we gave it above, and the mysql_select_db function then chooses which database to use with the script. If either of the functions fails to complete, the die function will automatically step in and stop the script from processing - leaving any users with the message that there was a MySQL Error.

Step 2 - Back to the Frontend

What do we need to do first?

The most important item on our page is the first line of PHP; this line will include the file that we created above (base.php), and will essentially allow us to access anything from that file in our current file. We will do this with the following line of of PHP code. Create a file named index.php, and place this code at the top.

<?php include "base.php"; ?>

Begin the HTML page

The first thing that we are going to do for our frontend is to create a page where users can enter their details to login, or if they are already logged in a page where they can choose what they then wish to do. In this tutorial I am presuming that users have basic knowledge of how HTML/CSS works, and therefore am not going to explain this code in detail; at the moment these elements will be unstyled, but we will be able to change this later when we create our CSS stylesheet.

Using the file that we have just created (index.php), enter the following HTML code below the line of PHP that we have already created.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">  
<head>  
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />  
<title>User Management System (Tom Cameron for NetTuts)</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>  
<body>  
<div id="main">

What shall we show them?

Before we output the rest of the page we have a few questions to ask ourselves:

  1. Is the user already logged in?
    • Yes - we need to show them a page with options for them to choose.
    • No - we continue onto the next question.
  2. Has the user already submitted their login details?
    • Yes - we need to check their details, and if correct we will log them into the site.
    • No - we continue onto the next question.
  3. If both of the above were answered No, we can now assume that we need to display a login form to the user.

These questions are in fact, the same questions that we are going to implement into our PHP code. We are going to do this in the form of if statements. Without entering anything into any of your new files, lets take a look at the logic that we are going to use first.

<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
{
	// let the user access the main page
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
	// let the user login
}
else
{
	// display the login form
}
<?>

Looks confusing, doesn't it? Let's split it down into smaller sections and go over them one at a time.

if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
{
	// let the user access the main page
}

When a user logs into our website, we are going to store their information in a session - at any point after this we can access that information in a special global PHP array - $_SESSION. We are using the empty function to check if the variable is empty, with the operator ! in front of it. Therefore we are saying:

If the variable $_SESSION['LoggedIn'] is not empty and $_SESSION['Username'] is not empty, execute this piece of code.

The next line works in the same fashion, only this time using the $_POST global array. This array contains any data that was sent from the login form that we will create later in this tutorial. The final line will only execute if neither of the previous statements are met; in this case we will display to the user a login form.

So, now that we understand the logic, let's get some content in between those sections. In your index.php file, enter the following below what you already have.

<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
{
	 ?>

	 <h1>Member Area</h1>
     <pThanks for logging in! You are <b><?=$_SESSION['Username']?></b> and your email address is <b><?=$_SESSION['EmailAddress']?></b>.</p>
     
     <?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
	$username = mysql_real_escape_string($_POST['username']);
    $password = md5(mysql_real_escape_string($_POST['password']));
    
	$checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
    
    if(mysql_num_rows($checklogin) == 1)
    {
    	$row = mysql_fetch_array($checklogin);
        $email = $row['EmailAddress'];
        
        $_SESSION['Username'] = $username;
        $_SESSION['EmailAddress'] = $email;
        $_SESSION['LoggedIn'] = 1;
        
    	echo "<h1>Success</h1>";
        echo "<p>We are now redirecting you to the member area.</p>";
        echo "<meta http-equiv='refresh' content='=2;index.php' />";
    }
    else
    {
    	echo "<h1>Error</h1>";
        echo "<p>Sorry, your account could not be found. Please <a href=\"index.php\">click here to try again</a>.</p>";
    }
}
else
{
	?>
    
   <h1>Member Login</h1>
    
   <p>Thanks for visiting! Please either login below, or <a href="register.php">click here to register</a>.</p>
    
	<form method="post" action="index.php" name="loginform" id="loginform">
	<fieldset>
		<label for="username">Username:</label><input type="text" name="username" id="username" /><br />
		<label for="password">Password:</label><input type="password" name="password" id="password" /><br />
		<input type="submit" name="login" id="login" value="Login" />
	</fieldset>
	</form>
    
   <?php
}
?>

</div>
</body>
</html>

Hopefully, the first and last code blocks won't confuse you too much. What we really need to get stuck into now is what you've all come to this tutorial for - the PHP code. We're now going to through the second section one line at a time, and I'll explain what each bit of code here is intended for.

	 $username = mysql_real_escape_string($_POST['username']);
    $password = md5(mysql_real_escape_string($_POST['password']));

There are two functions that need explaining for this. Firstly, mysql_real_escape_string - a very useful function to clean database input. It isn't a failsafe measure, but this will keep out the majority of the malicious hackers out there by stripping unwanted parts of whatever has been put into our login form. Secondly, md5. It would be impossible to go into detail here, but this function simply encrypts whatever is passed to it - in this case the user's password - to prevent prying eyes from reading it.

	 $checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
    
    if(mysql_num_rows($checklogin) == 1)
    {
    	 $row = mysql_fetch_array($checklogin);
        $email = $row['EmailAddress'];
        
        $_SESSION['Username'] = $username;
        $_SESSION['EmailAddress'] = $email;
        $_SESSION['LoggedIn'] = 1;

Here we have the core of our login code; firstly, we run a query on our database. In this query we are searching for everything relating to a member, whose username and password match the values of our $username and $password that the user has provided. On the next line we have an if statement, in which we are checking how many results we have received - if there aren't any results, this section won't be processed. But if there is a result, we know that the user does exist, and so we are going to log them in.

The next two lines are to obtain the user's email address. We already have this information from the query that we have already run, so we can easily access this information. First, we get an array of the data that has been retrieved from the database - in this case we are using the PHP function mysql_fetch_array. I have then assigned the value of the EmailAddress field to a variable for us to use later.

Now we set the session. We are storing the user's username and email address in the session, along with a special value for us to know that they have been logged in using this form. After this is all said and done, they will then be redirect to the Member Area using the META REFRESH in the code.

So, what does our project currently look like to a user?

Great! It's time to move on now, to making sure that people can actually get into your site.

Let the people signup

It's all well and good having a login form on your site, but now we need to let user's be able to use it - we need to make a login form. Make a file called register.php and put the following code into it.

<?php include "base.php"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">  
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />  

<title>User Management System (Tom Cameron for NetTuts)</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>  
<body>  
<div id="main">
<?php
if(!empty($_POST['username']) && !empty($_POST['password']))
{
	$username = mysql_real_escape_string($_POST['username']);
    $password = md5(mysql_real_escape_string($_POST['password']));
    $email = mysql_real_escape_string($_POST['email']);
    
	 $checkusername = mysql_query("SELECT * FROM users WHERE Username = '".$username."'");
     
     if(mysql_num_rows($checkusername) == 1)
     {
     	echo "<h1>Error</h1>";
        echo "<p>Sorry, that username is taken. Please go back and try again.</p>";
     }
     else
     {
     	$registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress) VALUES('".$username."', '".$password."', '".$email."')");
        if($registerquery)
        {
        	echo "<h1>Success</h1>";
        	echo "<p>Your account was successfully created. Please <a href=\"index.php\">click here to login</a>.</p>";
        }
        else
        {
     		echo "<h1>Error</h1>";
        	echo "<p>Sorry, your registration failed. Please go back and try again.</p>";    
        }    	
     }
}
else
{
	?>
    
   <h1>Register</h1>
    
   <p>Please enter your details below to register.</p>
    
	<form method="post" action="register.php" name="registerform" id="registerform">
	<fieldset>
		<label for="username">Username:</label><input type="text" name="username" id="username" /><br />
		<label for="password">Password:</label><input type="password" name="password" id="password" /><br />
        <label for="email">Email Address:</label><input type="text" name="email" id="email" /><br />
		<input type="submit" name="register" id="register" value="Register" />
	</fieldset>
	</form>
    
    <?php
}
?>

</div>
</body>
</html>

So, there's not much new PHP that we haven't yet learnt in that section. Let's just take a quick look at that SQL query though, and see if we can figure out what it's doing.

$registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress) VALUES('".$username."', '".$password."', '".$email."')");

So, here we are adding the user to our database. This time, instead of retrieving data we're inserting it; so we're specifying first what columns we are entering data into (don't forget, our UserID will go up automatically). In the VALUES() area, we're telling it what to put in each column; in this case our variables that came from the user's input. So, let's give it a try; once you've made an account on your brand-new registration form, here's what you'll see for the Member's Area.

Make sure that they can logout

We're almost at the end of this section, but there's one more thing we need before we're done here - a way for user's to logout of their accounts. This is very easy to do (fortunately for us); create a new filed named logout.php and enter the following into it.

<?php include "base.php; $_SESSION = array(); session_destroy(); ?>
<meta http-equiv="refresh" content="0;index.php">

In this we are first resetting our the global $_SESSION array, and then we are destroying the session entirely.

And that's the end of that section, and the end of the PHP code. Let's now move onto our final section.

Step 3 - Get Styled

I'm not going to explain much in this section - if you don't understand HTML/CSS I would highly reccomend when of the many excellent tutorials on this website to get you started. Create a new file named style.css and enter the following into it; this will style all of the pages that we have created so far.

* {
	margin: 0;
    padding: 0;
}
body {
	font-family: Trebuchet MS;
}
a {
	color: #000;
}
a:hover, a:active, a:visited {
	text-decoration: none;
}
#main {
	width: 780px;
    margin: 0 auto;
	margin-top: 50px;
	padding: 10px;
    border: 1px solid #CCC;
    background-color: #EEE;
}
form fieldset {	border: 0; }
form fieldset p br { clear: left; }
label {
	margin-top: 5px;
    display: block;
    width: 100px;
    padding: 0;
    float: left;
}
input {
	font-family: Trebuchet MS;
    border: 1px solid #CCC;
	margin-bottom: 5px;
    background-color: #FFF;
    padding: 2px;
}
input:hover {
	border: 1px solid #222;
    background-color: #EEE;
}

Now let's take a look at a few screenshots of what our final project should look like:

The login form.

The member area.

The registration form.

And finally...

And that's it! You now have a members area that you can use on your site. I can see a lot of people shaking their heads and shouting at their monitors that that is no use to them - you're right. But what I hope any beginners to PHP have learned is the basics of how to use a database, and how to use sessions to store information. The vital skills to creating any web application.

  • Subscribe to the NETTUTS RSS Feed for more daily web development tuts and articles.


Related Posts

Check out some more great tutorials and articles that you might like

Enjoy this Post?

Your vote will help us grow this site and provide even more awesomeness

Plus Members

Source Files, Bonus Tutorials and
More for $9 a month for all TUTS+
sites in one subscription.

Join Now

User Comments

( ADD YOURS )
  1. PG

    Shane November 10th

    Nice to see a beginner tutorial for this sort of thing. Though no doubt, you’ll get lots of people complaining that it’s too simple!

    Thanks, even though it’s not new to me.

    ( Reply )
  2. PG

    Jonny Haynes November 10th

    Keep receiving an error:

    MySQL Error: Access denied for user ‘root’@'localhost’ (using password: YES)

    Looks like a great tutorial though!

    ( Reply )
    1. PG

      Siddhu Panchal March 23rd

      There’s no error in tutorial,there is error in your phpmyadmin.You have to set-up your password in phpmyadmin.

      ( Reply )
    2. PG

      Junaid Attari March 28th

      Check the Username & Password of MySQL Database!

      ( Reply )
  3. PG

    BitstreamDreamer November 10th

    Yep! The demo doesn’t work. It says: MySQL Error: Access denied for user ‘root’@'localhost’ (using password: YES)

    ( Reply )
    1. PG

      bob March 4th

      obviously you have to put your own info in there…

      ( Reply )
  4. PG

    PixelBoy November 10th

    You couldn’t be more in time… ThX !!

    ( Reply )
  5. PG

    pixelsoul November 10th

    This is why I love this site…

    ( Reply )
  6. PG

    Chris Bauer November 10th

    Wow, my boss was just asking if I knew how to do this. Thanks for the beginner tutorial.

    (I am also getting the MySQL error though)

    ( Reply )
  7. PG

    insic November 10th

    Nice for the beginner,

    @Jonny maybe you supported a wrong details of your mysql database.

    ( Reply )
  8. PG

    James November 10th

    I’m receiving an error too :(

    Nice tut though Tom! :)

    ( Reply )
  9. PG

    James November 10th

    @Insic, There is a mySQL error on the demo - http://www.nettuts.com/demos/016_membershipWithPhp/sample/index.php

    ( Reply )
  10. PG

    sonic November 10th

    How about with administration? :)

    ( Reply )
  11. PG

    Eissoj November 10th

    Thanks Tom, nice one :D

    ( Reply )
  12. PG

    Patrik November 10th

    I’d really like to see somekind of Ajax/JavaScript intergration here. Checking username, email and password on the fly instead of having to load the page.

    ( Reply )
  13. PG

    Bogdan November 10th

    $password = md5(mysql_real_escape_string($_POST['password']));

    There’s no reason to escape the value of ‘password’ because md5′ll encrypt it no matter what and escaping it could screw up a user’s password if he/she uses special characters.

    ( Reply )
  14. PG

    conqueror November 10th

    its clean, small and nice code but kinda useless without cookies

    ( Reply )
    1. PG

      Ben June 1st

      I think this is a great Tutt. - Why is it useless without a cookie?

      If cookies were included it would allow users to remain logged into your application, but what else would it add? does it improve security or efficiency?

      Just curious as to why its useless?

      Also how secure is this? i know this is a beginners tutorial but would anybody use this approach as-is on their sites?

      thanks

      ( Reply )
  15. PG

    T Pham November 10th

    thanks, great tut for me, thank again

    ( Reply )
  16. PG

    i-mad November 10th

    nice one can you add a cookie to log the user automatically in the next visit ?

    ( Reply )
  17. PG

    Lamin November 10th

    Great tut but too much work if you ask me. I like the way ASP.net supports membership and roles out of the box. In any case that’s just my opinion.

    Thanks for the tut. :)

    ( Reply )
  18. PG

    madriaza November 10th

    get this error too

    MySQL Error: Access denied for user ‘root’@'localhost’ (using password: YES)

    ( Reply )
  19. PG

    Jason Wilson November 10th

    A tip for the beginners: Try to get yourself into one style of capitalisation in your variable names.

    $password does not equal $Password which does not equal $passWord

    If you choose and stick to one type of casing for variable names you will lower the risk that you will switch case midway through your code and cause a major headache.

    Just to use the current article as an example, Tom starts with first-letter caps on his DB column names: UserID, Username, Password, EmailAddress. If Tom uses that case exclusively through his code then when he gets to the PHP code to interact with the DB, he won’t have to worry about what case he defined those columns in.

    ( Reply )
  20. PG

    Jason Wilson November 10th

    For those of you getting mySql errors, if you are trying this yourself (not using the demo) check that the SQL user has permissions on the table you created.

    Also, forgot to say, good tutorial Tom.

    ( Reply )
  21. PG

    Shane November 10th

    @Lamin - yes, ASP.NET does have great membership (users, roles etc.) functionality, but ASP.NET is a framework. This is how to do things with vanilla PHP.

    Any PHP framework worth its salt will have equivalent functionality.

    ( Reply )
  22. PG

    James November 10th

    Great Job :-)

    This is perfect for me to get started with an actual login. I have inputted data you a database before, but this sill be a useful tool :)

    ( Reply )
  23. PG

    Paul Davis November 10th

    This is perfect for me! I’ve wanted an area for clients to loin to, so I can later add upload scripts etc.

    Thanks!

    ( Reply )
  24. PG

    John November 10th

    Just about to start my first web app with memberships. Thanks for this, will check it out… looks simple enough.

    ( Reply )
  25. PG

    Craigsnedeker November 10th

    This looks like a great tutorial, I might try it!

    Are there going to be more in the series, that would rock!

    ( Reply )
  26. PG

    Tom Cameron November 10th

    The demo must not have had the db details set correctly, hopefully NETTUTS will fix that soon :).

    @Bogdan: I didn’t think about it that way, I just automatically escape everything whenever I code! Thanks for pointing that out.

    @Craigsnedeker: What would you want to see in a series? I’d be happy to write more based on this, but I have no idea what I would write!

    Thanks all for the comments so far.

    ( Reply )
    1. PG

      Luke April 10th

      How about the Personal Messaging you was talking about?

      This tutorial is A.M.A.Z.I.N.G

      11/10

      ( Reply )
  27. PG

    Will McNeilly November 10th

    Nice Tutorial, I’ve a feeling this will be a very valuble resource for me in the near future

    Thanks

    ( Reply )
  28. PG

    Jeffrey Way November 10th

    Sorry about the database problem, guys. I’ll take care of it immediately.

    ( Reply )
  29. PG

    Dave November 10th

    Finally a Tutorial on User Membership, Not that many tuts on this subject. Thanks!!

    ( Reply )
  30. PG

    pixelsoul November 10th

    This is by no means a full ready to use authentication script. It only is a start to one.

    Basing it off of session is fine and then you could provide an option at login to the user to have them remembered for what ever amount of time.

    The great thing about tutorials like this is it gives you the foundation to continue on adding things like ajax scripts, username verification, etc.

    I mean hey… do you want them to do everything for you :P

    ( Reply )
  31. PG

    Matt Radel November 10th

    Great tut - definitely not too simple! Now, how ’bout one with for a dynamic navigation? ;)

    ( Reply )
  32. PG

    Timmy November 10th

    Kick ass dude!

    ( Reply )
  33. PG

    Daniel Hardy November 10th

    Great tut, I remember the first time I had to build one of these it was a lot of trial and error on the security side.

    This should help a lot of people out

    ( Reply )
  34. PG

    Furley November 10th

    Good tutorial for beginners. there are certainly other ways to handle this but this is no doubt a viable solution.

    I’d like to see a more intermediate tutorial for this that handles common issues involved with user authentication such as password recovery, Ajax submission, or more thorough error handling. Maybe I’ll write it if I find the time.

    Great job though.

    ( Reply )
  35. PG

    Tom Cameron November 10th

    @Furley: If there is interest I would be happy to write something like that; as I stated in the tutorial this was intended for complete beginners, so I had to rule out a lot of the stuff that would make this suitable for a production site. In the first draft of this tutorial it was about double the length with quite a lot of added ‘bells-and-whistles’, but it was nowhere near as simple — which was the aim from the start :).

    ( Reply )
  36. PG

    poto228 November 10th

    This is great. Just what I was looking for.

    ( Reply )
  37. PG

    Damon November 10th

    Tom,

    Thanks for the tutorial. I followed all the steps, and it works like a gem!

    One question, to anyone really. If I were to make this so it is a “Client section” of my website, where one of my clients logs in to see a mockup, pay a bill, etc, how would I make it so each client is directed to their proper page? Would it be a redirect to a certain page, or what? I’m a PHP noob so I don’t really know what is available.

    ( Reply )
  38. PG

    THEMOLITOR November 10th

    Nice!

    ( Reply )
  39. PG

    Adam November 10th

    As an uber nub to PHP, I would love to see a more intermediate approach to this. I have programming experience but it is a huge adjustment going from traditional software development to web development.

    But to be honest, I would love to see a more advanced article that deals with the security aspects of a user membership application. I’m trying to teach myself PHP development, but I have no confidence in any apps that I build because I lack the understanding of how vulnerable that app is.

    ( Reply )
  40. PG

    Elmernite November 10th

    Very nice!
    Extremely helpful.

    ( Reply )
  41. PG

    Bill Labus November 10th

    My prayers have finally been answered!

    Thank you!

    ( Reply )
  42. PG

    sean steezy November 10th

    I am trying to decide if I should jump into PHP right now. I’m interested in it, but as a designer & HTML/CSS kinda dude, why should I learn PHP? What all can you do with it? This stuff is really cool and I will try it later probably…

    ( Reply )
  43. PG

    Vikram S. Haer November 10th

    The password in the base file is set to something already. for those getting the mysql error, make sure the set it to your dbs password (or blank if you don’t have one).

    ( Reply )
  44. PG

    John Sanders November 10th

    Thanks for the tutorial. Good PHP starter.

    ( Reply )
  45. PG

    Vikram S. Haer November 10th

    I also agree that it would be awesome if this tutorial had a part 2 where you elaborate on adding ajax to add validation/registration etc. all on the same page.

    ( Reply )
  46. PG

    Yuriy November 10th

    Nice tutorial. One thing I would advise is not using short tags (PHP). IMO it’s bad practice, and many servers/hosts do not have support for short tags enabled out of the box.

    ( Reply )
  47. PG

    Alex Mansfield November 10th

    Maybe this isn’t the best place to ask, but was just wondering if other developers are comfortable allowing logins such as these over http rather than https. What do you think?

    ( Reply )
  48. PG

    Vikram S. Haer November 10th

    It would be really cool to have a follow up/ part 2 tutorial which adds ajax and allows the validation, registration and login to happen on one page. Great tutorial, thanks.

    ( Reply )
  49. PG

    Tom Cameron November 10th

    @Adam:

    $_SESSION['Username'] stores the username of the person, so let’s say you wanted to redirect a person to a certain page if they were logged in as ‘person’.

    if($_SESSION['Username'] == “person”)
    {
    header(”Location: persons_page.php”);
    }

    Would do that for you. If you need any specific help feel free to contact me through my website’s contact form.

    ( Reply )
    1. PG

      Chuck March 14th

      Where does this go?

      if($_SESSION['Username'] == “person”)
      {
      header(”Location: persons_page.php”);
      }

      ( Reply )
  50. PG

    Tom Cameron November 10th

    Sorry, the above comment was intended for Damon (not Adam)! :D

    ( Reply )
  51. PG

    Nick Brown November 10th

    Bahhhh, where were you 5 weeks ago when I set about learning this on my own!!!

    Good tutorial though.

    ( Reply )
  52. PG

    Max November 10th

    the meta-tag for refresh doesn’t work with safari - if you change it to

    echo “”;

    it works! you can also add a little javascript to force the browser to refresh. more here: http://www.metatab.de/meta_tags/refresh.htm

    and: a very good tut!!!

    ( Reply )
  53. PG

    Prick November 10th

    I stopped reading after I saw HTML and PHP mixed together… Setting a bad example for beginners and giving them bad habits that reflect on the rest of us!

    Bah!

    ( Reply )
  54. PG

    Mr. Haynes November 10th

    I love this tut…I am with Tom, it would be great to redirect or pull up content based on the user.

    ( Reply )
  55. PG

    George Mandis November 10th

    Nice tutorial! My only thought is there should be some extra layer of security in setting your cookies to identify logged-in users. With a simple cookie editor it looks like someone could edit the “username” and “email” cookies to log in as someone else without a password.

    ( Reply )
  56. PG

    Human Bagel November 10th

    Wonderful script!
    I love the simplicity :)

    ( Reply )
  57. PG

    John November 10th

    A better example would be a more appropriate approach to this. Your database functions should be wrapped in a class since PHP does not provide automatic support against injection attacks, and also, using a database class will inevitably make more sense. There are tons out there. Although not a huge deal, it is better practice to open a mysql connection when you actually need one (although you will get an error on mysql_real_escape_string if a connection is not started - and thus is why you should use a mysql class that wraps all this functionality together) because opening a connection is a rather time consuming process, and in certain instances or poor server configurations, can lead to connection pile-ups. Basically the idea follows as such: [write page code] -> [i need to access the database] [open connection] -> [execute queries] -> [close connection when the page is done]

    Also, I am not 100% sure on this, but I believe a better approach would be to unset($_SESSION) when you log out, if not for any actual programming reason, then for semantics.

    ( Reply )
  58. PG

    Dwayne from Probably Sucks Blog November 10th

    When I was starting out with PHP, a tutorial like this would have been extremely beneficial.

    Where the hell was this tutorial four years ago? I’ll tell you where it was, 4 years into the future (now). Pick up your game.

    Dwayne.
    http://probablysucks.com

    ( Reply )
  59. PG

    Adam November 10th

    Can someone explain this for me?

    ( Reply )
  60. PG

    Bobby Marko November 10th

    Maybe I’m missing something, but it appears that in the article the logout link is missing from the markup for the index.php file, it’s in the source though.

    ( Reply )
  61. PG

    Jatin Meshiya November 10th

    Thanks a lot for guide so perfectly. thanks again. one more idea can you use ajax here and make it more powerfull!!? it will make your aforts more significant.

    ( Reply )
  62. PG

    Bobby Marko November 10th

    Sorry for the double post, but I noticed two more errors in the script.
    1. In the code snippet for logout.php, the include is missing an end quote.
    Right now it looks like this: include “base.php;
    2. In the index.php code the redirect for successfully logging in has an extra equals sign:
    content=”=2;index.php”
    These errors are only in the article and not in the source files.

    ( Reply )
  63. PG

    Danny November 11th

    Maybe a stupid question but is checking $_SESSION['LoggedIn'] and $_SESSION['Username'] really secure? Maybe I don’t understand how the session is created but it would seem like it would be easy to compromise both those values by guessing…

    ( Reply )
  64. PG

    Swapnil Sarwe November 11th

    Very nice beginners tutorial. Very well explained with simple language. Hope beginners find it useful and make it as a personal library and later on add more options on the way to their development.

    Thanx for the tuts.

    ( Reply )
  65. PG

    ridwan November 11th

    thanx for the tut
    its gona help for the begginer….

    ( Reply )
  66. PG

    George Lawrence November 11th

    Thanks …..
    It’s very useful.

    ( Reply )
  67. PG

    Sebastian November 11th

    Awesome tut!

    A followup with ajax and maybe some more security would be really nice!

    ( Reply )
  68. PG

    Adam November 11th

    Haha, my previous question was in regard to a meta tag that I copy and pasted but was stripped from my post. I looked it up on w3 so nevermind. Great tut!

    ( Reply )
  69. PG

    Paul November 11th

    A more object-oriented approach would have been of more benefit, but this is a simple and easy to follow beginners example.

    Sorry to be a pain, but you’ve made a couple of typos throughout the tutorial though, you might like to tidy them as it reflects on the site as a whole.

    ( Reply )
  70. PG

    Tom Cameron November 11th

    @Paul: I only noticed one typo when I read through; but that doesn’t mean there aren’t others. I don’t have write access to the tutorial once it’s posted on this site, so they’ll have to stay I’m afraid :). I agree that OOP would be more beneficial in a real environment, but as I’ve stated lots of times in both the article and in my comments - this was always meant to be a tutorial for total beginners.

    ( Reply )
  71. PG

    Paul November 11th

    What Paul said, an Object Oriented tutorial would have been better. (Weird how we both thought of the same thing and how are names are similar, lol)

    ( Reply )
  72. PG

    Rafyta November 11th

    i found a few typos too, but nothing unfixable.
    it’s good that you kept it bare-bones, beginners will learn more

    ( Reply )
  73. PG

    Alex Tayra November 12th

    Can anyone explain what means 25, 65, 32 and 255 in sql query and why?

    ( Reply )
  74. PG

    Tom Cameron November 12th

    @Alex Tayra: Those are the maximum length of the value that can be stored in that field.

    ( Reply )
  75. PG

    Jaco Sloof November 12th

    Nice tutorial, would love to see this being molded into a more object oriented framework, and have things like automatic verification email generation.

    ( Reply )
  76. PG

    Alex November 12th

    nettuts need to up there game in terms of proof reading code! or to start allowing authors to edit there own posts. last few tutorials i have done have all had errors in the posted code. Which is where i find it best to learn from, just copying and pasting the source files onto a server seems a bit pointless from a learning point of view! cmon nettuts sort it out!

    ( Reply )
  77. PG

    Alex November 12th

    p.s

    awesome tutorial! i learnt alot from this :)

    ( Reply )
  78. PG

    Mila November 12th

    This is great! Now my problem is that I need to actually keep the files (PDFs) in this area away from non-members. How would I go about doing that?

    help!

    ( Reply )
  79. PG

    Dominic Deloso November 13th

    If I’m in the member’s area page, I can’t retrieve my username and email address to display, what’s wrong?.

    Please answer..

    tnx..

    ( Reply )
  80. PG

    digitalgirl November 13th

    I am able to register a new user but anytime I login I get the error that the user cannot be found. I tried a few things and still I can’t authenticate?? Ideas?

    ( Reply )
  81. PG

    christina November 14th

    What if you want to make it so if a certain user logs in then they will be directed to a certain page and only see certain things? Im trying to figure out how to do that now.. any ideas?!

    ( Reply )
  82. PG

    Pete November 15th

    members page isn’s displaying user and email. try replacing:

    with:

    and the same for the email.

    ( Reply )
  83. PG

    Shaun November 16th

    @digitalgirl

    I am getting the same error! “Sorry, your account could not be found.”

    Although I am typing the details 100% correctly?!?

    Does anyone have any ideas?!?

    ( Reply )
  84. PG

    Enari November 16th

    well, i have the same problem…

    Pete, its hard to replace nothing whit nothing…

    ( Reply )
  85. PG

    Pete November 17th

    apologies, comments are blocking my code replace:
    ?=$_SESSION['Username']?

    with:
    ?php echo $_SESSION['Username']?

    this is on line 17 of index.php

    ( Reply )
  86. PG

    Dominic Deloso November 17th

    @Pete

    I stl can’t retrieve the data with your suggestion..

    any ideas how to solve this?

    tnx..

    ( Reply )
  87. PG

    Robin November 17th

    Thanks for this great tutorial.

    I am a real beginner with php, and this made alot clear.

    Thanks again!

    ( Reply )
  88. PG

    KayRose November 17th

    Great tutorial, but is there anyone who could make a tutorial on making a website search feature using Mysql & PHP.

    So that you don’t have to use Google’s crappy search feature.

    Again i love the tutorial, it’s been very helpful in me making a small website template for users registering and being able to only view pages if their logged in.

    ( Reply )
  89. PG

    Chris Bauer November 17th

    @ Mila

    I would also like to know how to keep files away from the public. Isn’t that the point of a member section?

    ( Reply )
  90. PG

    Michael November 18th

    Great tutorial ! …but could someone please clarify the logout process as the logout link is missing (re Bobby Marko post)

    ( Reply )
  91. PG

    fano November 19th

    You should maybe try your script in IE7, it gets really silly! loool!!!

    ( Reply )
  92. PG

    Michael November 19th

    @fano - I’m testing on Mac (Firefox, Safari & Opera)…surely Tom Cameron had conducted some cross-platform testing before publishing this tutorial ???

    Has anyone else experienced the missing logout link on a Mac?

    ( Reply )
  93. PG

    asadev November 20th

    this is not secure.. why?

    $_SESSION['username'] = ‘nettuts’;
    $_SESSION['loged_in'] = 1;

    and you are in!

    it should be more like..

    $_SESSION['login_information'] = array(’username’ => ‘nettuts’, ‘password = md5(md5(’user_password’).md5(’special chars thats no one know..’)));

    and you must check the information every time you view a secure page..

    correct me if i was wrong..

    ( Reply )
  94. PG

    Devin Rajaram November 20th

    How can I make your username and everything show up on a basic website page.

    ( Reply )
  95. PG

    Himesh Resmiya November 21st

    nice yaar maja aaving…..

    ( Reply )
  96. PG

    Shane Ottosen November 21st

    When i try to register, i get: ” Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in register.php on line 19″. Whats the problem? (sorry, im new at this!)

    ( Reply )
  97. PG

    Shane Ottosen November 21st

    never mind, figured it out

    ( Reply )
    1. PG

      mike March 30th

      what was the problem? im having the same issue

      ( Reply )
  98. PG

    MMF November 23rd

    Wonderful
    Thanks Alot

    ( Reply )
  99. PG

    jberr011 November 25th

    How secure is this login script? Just wondering?

    ( Reply )
  100. PG

    Tagnu November 26th

    A very good read for beginners. Loved it.
    Thank you

    Hope you’ll come up with an advanced version too.

    ( Reply )
  101. PG

    Johnny Bot November 27th

    @Shaun

    Same problem, “Sorry, your account could not be found.”

    Im working with Wamp

    Any Ideas ??

    Great Tutorial for me, im a true beginner in PHP ;-)

    ( Reply )
  102. PG

    Josh December 1st

    my humble observation, instead of:
    (”SELECT * FROM users WHERE
    Username = ‘”.$username.”‘
    AND Password = ‘”.$password.”‘”);

    i usually put:
    (”SELECT * FROM users WHERE
    Password = ‘”.$password.”‘
    AND Username = ‘”.$username.”‘”);

    more secure, i guess……

    ( Reply )
  103. PG

    Dan December 2nd

    Need a forum.

    ( Reply )
  104. PG

    Mike December 5th

    @Josh

    You wrote the samething:S

    ( Reply )
  105. PG

    Josh December 6th

    @Mike

    i did not.

    the purpose is to put first the password and then username, so the “injection” is much harder

    ( Reply )
  106. PG

    Hugobel December 8th

    @Shaun and other people that get the message “your account could not be found”, maybe you want to make sure the password field on the db is 32 characters long, because if not; the password you´re storing its an incomplete string… that happened to me, because I´m using an already made db… .: oops! :.

    ( Reply )
  107. PG

    J December 9th

    Anyone else get stuck in a loop when logging out in IE7? Anyone know the fix?

    ( Reply )
  108. PG

    J December 9th

    found out that the logout.php needed url= after content=0;

    ( Reply )
  109. PG

    Start Your Own Website December 9th

    This is a very useful tut but as the comments show there are SEVERAL different ways to do things…

    ( Reply )
  110. PG

    Jaime December 12th

    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in register.php on line 19″.

    How do I fix that?

    ( Reply )
  111. PG

    Flashed Reader December 16th

    thank you a great, good to understand tutorial.

    ( Reply )
  112. PG

    fingerling December 18th

    my problem is once a member logged in, where will i redirect him/her. the member should be able to see his/her profile. can someone give me a code on php for the profile of the user who logged in. generating only the profile of the member???? thanks

    ( Reply )
  113. PG

    Collin December 18th

    Thanks for the tutorial…I feel much better about user registration, sessions, and logging out. Thanks nettuts!

    ( Reply )
  114. PG

    Jane December 19th

    Thanks for the helpful tutorial! Is there any way to make this work in IE7? Works fine in Firefox but when I try it in IE7 it doesn’t work for the login unless you refresh, and for the logout, it doesn’t work at all, even if you refresh. Any solution?
    Thanks

    ( Reply )
  115. PG

    All4artz December 22nd

    If you are getting the error: “MySQL Error: Access denied for user ‘root’@’localhost’ (using password: YES)”

    Then its because you need to replace what is in the quotes (”") below, with your actual user login info of your mysql database.
    # dbhost = “localhost”;
    # $dbname = “database”;
    # $dbuser = “username”;
    # $dbpass = “password”;

    ( Reply )
  116. PG

    Cezary December 26th

    Yeah logout doesn’t work for IE.

    I do suggest that for the logging in problem that I was having, just put a link below the successful login thing with a link to whereever it was going.

    But as for the logout, I’m clueless. Anyone?

    ( Reply )
  117. PG

    Marcel Doornbos December 28th

    Logout.php doesn’t work fo me either.

    I’m getting this error:

    Parse error: syntax error, unexpected T_STRING in /home/savedriv/public_html/dev/logout.php on line 2

    And when i delete the refreshing code i get this error:

    Parse error: syntax error, unexpected $end in /home/savedriv/public_html/dev/logout.php on line 1

    Any idear fixing it?? :)

    The rest works fine though.
    Great tutorial. Gives me finally a good explaination of Sessions ussage.

    Regards,

    Marcel Doornbos
    iCrone

    ( Reply )
  118. PG

    mememem December 28th

    When someone enter the correct login/pw they just get redirected
    to the login page again. So i guess there is something wrong here:

    Member Area
    Welcome back
    How can i help you?.
    <?php
    }

    ( Reply )
  119. PG

    Marcel Doornbos December 29th

    Ok I found out what is wrong with the logout.php :)

    you had:
    ” ..include “base.php; $_SES…”

    it should be:
    ” ..include “base.php”; $_SES…”

    Now it works perfect.

    regards,

    Marcel Doornbos

    ( Reply )
  120. PG

    Marcel Doornbos December 29th

    O wait it doesn’t work :(

    ( Reply )
  121. PG

    Marcel Doornbos December 29th

    Sorry for the 3 messages.
    But I had some refreshing problems with it.

    Well it works so the correct logout.php code is:

    Regards,

    Marcel Doornbos

    ( Reply )
  122. PG

    TJBotond January 8th

    PHP Warning: mail() [function.mail]: Failed to connect to mailserver at “localhost” port 25, verify your “SMTP” and “smtp_port” setting in php.ini or use ini_set() in C:\HostingSpaces\Taylor\banya.ro\wwwroot\mailer\mail.php on line 111

    i dont under stand what that problam meens

    ( Reply )
  123. PG

    Araba Oyunları January 19th

    I love this site… Thanks.Thanks.Thanks.

    ( Reply )
  124. PG

    Willabee Wombat January 19th

    I am not getting a redirect in Firefox 3 with the meta tag.

    Using a server-side redirect works:
    header(”Location: index.php”);

    Nice tutorial, when is the jQuery client-side validation and role based security in a more OOP approach coming?

    ( Reply )
  125. PG

    Mart January 20th

    Hey guys n girls! I’m looking for a bit of help with the tutorial.
    this is the first php/mysql script I’ve attempted so bare with me if I’m sounding dumb.

    i can register & login but once i’m in the members area all i have on my page is..

    Member Area

    Thanks for logging in! You are

    and your email address is .

    its not showing the username, email address. or logout button.

    This is the code ( i think i need to show) from index.php

    Member Area
    Thanks for logging in! You are and your email address is .

    if its the wrong code please let me know and i’ll add it

    many thanks in advance mart

    ( Reply )
  126. PG

    Devin Gee sr January 21st

    Warning: Wrong parameter count for mysql_num_rows() in /home/content/g/e/e/gee1983/html/login/register.php on line 42

    ( Reply )
  127. PG

    AzeriFire January 23rd

    Why ?

    [code]md5(mysql_real_escape_string($_POST['password'])); [/code]

    md5 will convert to symbols any way :)))

    ( Reply )
  128. PG

    AzeriFire January 23rd

    Ohh. I am sorry. After posting I read your comment about it.

    ( Reply )
  129. PG

    AzeriFire January 23rd

    @Devin Gee sr

    Did you fill the database?

    ( Reply )
  130. PG

    nono January 24th

    i want to make news website use ruby on rails can help me about code
    add news,delete news,

    ( Reply )
  131. PG

    Bill January 28th

    Great tut, nicely explained !!

    ( Reply )
  132. PG

    Paul February 4th

    Hi guys,

    I am having problem with META REFRESH…

    echo “”;

    its not redirecting me to member area but after ‘flash of succes message page’ i am redirected back to user login….

    Could someone help plz?

    BTW very nice tut.. well done!

    ( Reply )
  133. PG

    Paul February 4th

    [code] echo “”; [/code]

    ( Reply )
  134. PG

    Paul February 5th

    sorted… source code works perfect !

    Once again … Tom .. Owesome job !!!!

    Paul

    ( Reply )
  135. PG

    Chris February 7th

    Hey great tut worked perfect for me. I was just wondering if you could do a follow up tut on expanding this membership.

    E.g. a profile page, or message system or something the members them selves can play about with?

    ( Reply )
  136. PG

    Rhett February 8th

    I have to add to the chatter: I too loved this beginner tutorial and would love to see a “Step 2″.

    ( Reply )
  137. PG

    Saurabh Shah February 9th

    simple and nice1 … !

    ( Reply )
  138. PG

    Adam B. February 10th

    Nice Tutorial

    ( Reply )
  139. PG

    John February 10th

    HI i am getting the following problem:

    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource

    can anyone solve it plz it’s urgent thks

    ( Reply )
  140. PG

    John February 10th

    The problem………Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource has been resolved now the problem that i am getting is : Sorry, your account could not be found. Please click here to try again.

    plz help

    ( Reply )
  141. PG

    Giuseppe February 15th

    Great tutorial !

    Thanks a lot,

    ( Reply )
  142. PG

    marcelo February 15th

    Greta tutorial :). Very simple to use

    Thanks

    ( Reply )
  143. PG

    Me February 16th

    Great tutorial, thanks a lot :)

    I learnt quite a bit from this tutorial. Thanks Tom for replying to the email I sent you, I’ve got it working now :) Also managed to make a user page which displays the specified user’s details.

    ( Reply )
  144. PG

    osman Butt February 16th

    Really Nice ….. its Aw Som…. …

    ( Reply )
  145. PG

    A001 February 20th

    A great tutorial Tom but I cant seem to get logout.php to work
    I keep getting this error:
    Parse error: syntax error, unexpected T_STRING in C:\Program Files\Apache Group\Apache2\htdocs\logout.php on line 2
    I’ve copied it exactly as it is in the tutorial has anyone else encountered this? and does anyone have the solution please I would appreciate it cheers

    ( Reply )
  146. PG

    A001 February 20th

    Forget my last comment Marcel Doornbos already solved the problem :)
    This keeps displaying across the screen however:
    Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\Program Files\Apache Group\Apache2\htdocs\base.php:3) in C:\Program Files\Apache Group\Apache2\htdocs\base.php on line 4

    and when Im in the member area logout does not appear can anyone help?

    ( Reply )
  147. PG

    A001 February 20th

    Ok I believe I fixed the logout problem you need to add this line of code to index.php at line 8 if you look at the tutorial

    This will create a logout button which will activate logout.php

    Is this an acceptable method????

    If anyone has the solution to my other problem please help

    ( Reply )
  148. PG

    A001 February 21st

    Ignore brackets
    (((((

    )))))

    ( Reply )
  149. PG

    phpProgrammer_class February 24th

    echo “”;

    that line doesn´t work properly, because there’s an error in the sintax, the error is the double equal and the url parameter is not defined in the script

    the modified version of this line should be like this.

    echo “”;

    and the modified version of the logout script should be like this

    However i prefer to use the header function like this

    header(’Location: index.php’);

    ( Reply )
  150. PG

    Ahmed Mahrous March 1st

    Thanks man

    ( Reply )
  151. PG

    Karl H March 12th

    Were do you get the ['LoggedIn'] from?
    im very very new to this!
    doesnt $_SESSION['Username'] get the Username value from the form input?

    That maybe a stupid question, sorry.

    Very nice tutorial :)

    ( Reply )
  152. PG

    heam March 18th

    good job m8 !
    is it possible to tell me how can i make a new page ” members.php ” and show all of users in this page ?

    ( Reply )
  153. PG

    organicIT March 21st

    heam
    hunt around for the other tuts on returning sql queries to html unordered lists.

    minus the tweaks and tunes needed without the source this is an outstanding tut for a php newbie like me.

    thank you!

    ( Reply )
  154. PG

    Siddhu Panchal March 23rd

    It’s best tutorials for beginner,but if you use something more easy for user to update their MySQL dbname , username , host & password by simply getting from them by text input ,So make changes in base.php

    something like this:

    Host Name:
    Database Name:
    Database Username:
    Username Password:

    ( Reply )
  155. PG

    Siddhu Panchal March 23rd

    Oh go on this website!we can’t post php codes over here.

    http://phpuser-user.blogspot.com/

    ( Reply )
  156. PG

    Araba Oyunları March 24th

    Thank you , very good

    ( Reply )
  157. PG

    d00d March 27th

    I made a login system for a forum from a tutorial on the net. It turned out to be woefully, disastrously insecure. This one doesn’t seem too secure either, and adding cookies would make it even less secure.

    The only way I’d touch a login system is if I knew it was rock-solid. I haven’t seen any tutorials that are adequate yet.

    ( Reply )
    1. PG

      Wouter Bulten March 29th

      The only rock-solid login system is the system you create yourself. You should combine multiple authentication systems such as normal sessions, cookies and the databse. Also encrypting a password with md5 is very very insecure! Use something like:

      $password = sha1(md5($password . ‘asdf*SD)F7923isdfyuSDi’));

      A second thing: why would you save the username in the session? Usernames can often be changed. It is better to store the ID of the user in the session.

      ( Reply )
      1. PG

        Ben D. April 10th

        “The only rock-solid login system is the system you create yourself.”

        I would dispute that. There’s probably no such thing as a rock-solid login system, but whatever you do, don’t create one yourself unless there’s absolutely no way to avoid it. You would be much better off re-using a system with some pedigree.

        A cardinal rule of infosec is “don’t reinvent the wheel”. This is always important in programming, but especially so in security, because security errors are often subtle and are best teased out of a system by long exposure to real-world use.

        Plus very few people actually understand encryption and hashing and the other building-blocks of security. I don’t claim to understand these things myself, but I wouldn’t be surprised to learn that your sha1(md5()) technique above actually increases your exposure to a collision attack. Hash functions are tricky animals.

        Also I’m wondering why the crazy string concatenation. Looks like you’re intending to salt your password, but as I understand it, salts are only useful if they’re different for every user, and they don’t gain any strength by being made long and complex. They do become harder to use when they’re long and complex, though. ;-)

  158. PG

    sonicoliver March 28th

    nice one! thank-you!!!

    ( Reply )
  159. PG

    t0ne March 28th

    People getting the login error, there are two instances that will result in that error,

    1. your password for that database account is wrong.
    2. you don’t have a password set on that database account.

    case 2 is by far the most common case, so try logging in from a terminal without the password options, and if it lets you in, you need to set a password on your sql. In the other case, verify the password you are using is entered correctly, and verify that it works through terminal access before saying there isn’t a problem with it.

    ( Reply )
  160. PG

    kaise March 30th

    Anyone know where I can get a complete login system tutorial withsource code.

    Something that implements the following

    MySQL Table Configuration
    Registration Script
    Login Script
    Remember me feature for usename only
    Activation Script
    Retrieving forgotton Passwords and Username
    Resending Validation Email
    Logout Script
    Processing Member Commands

    All scripts to have a 32bit md5() password encryption and a sha 1() 40bit encryption to generate a 40 digit hash to use for the activation code.

    I would apprecaite any help. kaise@hotmail.co.uk

    ( Reply )
  161. PG

    wal April 1st

    It’d be great if we post here any improvement on the security side for the code of this tutorial. Just like: change this “…..” for this “,,,,”.

    ( Reply )
  162. PG

    Stew April 5th

    Hey,

    I keep can’t seem to find a solution to the following error:

    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/oktxkldt/public_html/swhite5/testsite-users/login/index.php on line 33

    This is what I have for line 33:

    if(mysql_num_rows($checklogin) == 1)

    Not sure what part of this coding isn’t correct! Can anyone help?

    ( Reply )
    1. PG

      Pascontent May 17th

      I had the same, until I double checked the table name, had it wrong ><

      ( Reply )
  163. PG

    Ben April 8th

    Stew the error you’re getting is to do with the $checklogin MySQL query. Line 33 is fine, its the MySQL query that you’re trying to get a mysql_num_rows result from.

    $checklogin = mysql_query(”SELECT * FROM users WHERE Username = ‘”.$username.”‘ AND Password = ‘”.$password.”‘”);

    In most cases mysql_num_rows supplied argument error is to do with the MySQL query or if you provided a non-existent variable to get mysql_num_rows from. In this case I think its to do with the query. Add or die(mysql_error()) to the end of $checklogin query as shown above, and you’ll then find out if its the query:

    $checklogin = mysql_query(”SELECT * FROM users WHERE Username = ‘”.$username.”‘ AND Password = ‘”.$password.”‘”) or die(mysql_error());

    This will tell PHP if the query fails die and show me mysql_error. Just to let you know mysql_num_rows is to get number of rows in the database found by the query (i.e. “SELECT * FROM users WHERE username = ‘$username’” … asking if the user is in the database and if it is, mysql_num_rows will return 1. As there should only be 1 user of the same username in the database).

    ( Reply )
  164. PG

    Rebecca April 9th

    I got the following error when I tested:

    Warning: mysql_num_rows(): supplied argument is not a valid MySQL

    Can anyone help? I am very new to databases.

    ( Reply )
    1. PG

      Rebecca April 9th

      Lol… I too finally figured out the problem, my mistake was in creating the database table on my server. I didn’t have it set up properly. :S

      ( Reply )
  165. PG

    Ben D. April 10th

    I’m glad to see you using mysql_real_escape_string() but I would love to see input validation and parameter binding as well.

    Parameter-binding is conveniently available via the built-in PDO class as of PHP 5.1, for MySQL as well as any other backend database supported by PDO.

    ( Reply )
  166. PG

    Bootta April 11th

    Thanks for tutorial. All is ok just one ” missing in logout.php after base.php

    ( Reply )
  167. PG

    Adam Winogrodzki April 19th

    i am having problem in database :S

    ( Reply )
  168. PG

    Tay April 20th

    I am working on an assignment for class and I was wondering what code would I need to use to make sure that people login. on my homepage its has various links and if they click on one of the links across the top they can by pass login.

    ( Reply )
  169. PG

    Lozz April 21st

    Brilliant tutorial

    especially for PHP beginners (like myself)

    as for leaving a few things out, it was a little challenge for me ;)

    overall though, fantastic

    thankyou!

    ( Reply )
  170. PG

    Nykeri April 26th

    dood thank you this tut was great

    ( Reply )
  171. PG

    Atul May 1st

    I don’t see any error in this tutorial. Its surely not of use when it comes to business websites but it will help to guide beginners

    ( Reply )
  172. PG

    theo May 4th

    I´m getting an error in the logoutscript! Unexpected t_string (somethin like that)

    ( Reply )
  173. PG

    CgBaran Tuts May 6th

    Great tutorial thanks

    ( Reply )
  174. PG

    ace May 6th

    Nice tutorial! Now i easily understand how to manage the session.
    Thanks

    ( Reply )
  175. PG

    Me May 18th

    According to Programming PHP you should call session_regenerate_id( ); each time there is a change of privileges to prevent session fixation.

    ( Reply )
  176. PG

    arnold C May 20th

    when I log in,my name and email address doesnt appear,why?but I succesfully log in..can someone help me

    ( Reply )
    1. PG

      arnold C May 20th

      and your email address is .
      why the session doesnt appear?

      ( Reply )
    2. PG

      arnold C May 20th

      nevermind I got it working already,,just a little bit of wrong code:)

      ( Reply )
      1. PG

        ron May 28th

        I am getting the same thing i just can’t seem to see the error what did you do to solve this???

  177. PG

    siddharth May 21st

    hi i am getting warning : Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\x\htdocs\sign\index.php:2) in C:\x\htdocs\sign\base.php on line 4

    & u r logout.php is not working plz give fast reply & other wise u r code is working too good

    ( Reply )
  178. PG

    Rafael R.P (Raff) May 25th

    not work for me, when i loggin with my user name and passoword, he redirects from index.php and nothing happens, he calls back the login form and not the member area….

    ( Reply )
  179. PG

    Christina May 27th

    Hi there,

    Having a problem…

    When a user enters their ‘members area’ page and
    the page displays: “Thanks for logging in! You are “” and your email address is “” .

    The position where the username and email is meant to display is not showing…I’ve pondered and tried to figure out the problem, but I’m stumped! I know it must have something to do with the variables maybe, but not sure!

    (This problem has been encountered with no modification to the source code whatsoever)

    Please help me out! aarrggghhhhhhhh!!!

    troubled, and biting nails!

    kind regards, Christina

    ( Reply )
  180. PG

    dem May 27th

    Guys… i really love this site… really :) All the Envato Network!

    ( Reply )
  181. PG

    leo May 29th

    plan someone help me??? i want to creat an e-magazine like http://www.bakdergisi.com/index.php?sayfa=index&language=en

    if u go to the link and download the emagazine that is what i am looking for something similar to it!

    pls if anyone can help me i can reward for the time to help me tks

    ( Reply )
  182. PG

    John May 30th

    Could someone possibly help me with something?

    I created the logout file, but since there was no link to logout in the code you gave us, I just added my own. But when I click it I get an error saying:

    Parse error: syntax error, unexpected T_STRING in /home/freeload/public_html/knowyourmactuts.com/members/logout.php on line 2

    Any ideas?

    ( Reply )
  183. PG

    Martin June 4th

    I get a MySQL error while trying to enter the index.php.
    It says: MySQL Error: Access denied for user ‘marrte_admin’@'193.27.193.123′ (using password: YES).

    What should i do? I have entered the correct information in base.php

    ( Reply )
  184. PG

    Diego June 13th

    Everyone says is to simple but I haven’t been able to figure this thing out since I have never done any php. The reason I am looking into this tutorial is to learn the user membership, but I get lost and don’t understand a thing. I do front end design but PHP I have no clue, can anyone recommend something that explains more in detail?

    ( Reply )
  185. PG

    Directoryboosh June 15th

    Thanks for the tutorial, as a beginner im glad of the help so its useful to learn this, even though it can be seen as simple stuff for the experienced folk.

    ( Reply )
  186. PG

    Simon Gianoutsos June 19th

    Thanks for a great tutorial that was easy to follow and very easy to get working.

    ( Reply )
  187. PG

    NmPixl June 23rd

    This is an interesting tutorial and I’d like to thank Tom Cameron for his work. This was very useful for the PHP noob (like me). I do more design work and found this fairly easy to follow. However:

    For those that HAVE figured out what their problem was(ie:Sorry, your account could not be found), could you please post it? (even if it sounds stupid). I have been having the same issue as most of the noobs here, but those that have found the solution keep saying: nevermind, I figured it out-but not saying what they did to fix it.

    Thanks for the dialog.

    ( Reply )
  188. PG

    mohsen June 24th

    when i start my session i get this message


    Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at D:\xampp\htdocs\login script\index.php:1) in D:\xampp\htdocs\login script\includes\connection.php on line 2

    can anyone please help me

    ( Reply )
  189. PG

    mohamed June 26th

    this is my only problem
    if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['username']))
    we get the username from the input
    but where we do get the[' LoggedIn'] from where
    please anyone help me

    this is a really good tut

    ( Reply )

Add Your Comment

( GET A GRAVATAR )
  1. Arrow
    Gravatar

    Your Name
    June 26th