Tutorial Details
- Technology: PHP, CSS
- Difficulty: Intermediate
- Completion Time: 1-2 hours
A tutorial for the very beginners! No matter where you go on the internet, there’s a staple that you find almost everywhere – user registration. Whether you need your users to register for security or just for an added feature, there is no reason not to do it with this simple tutorial. In this tutorial we will go over the basics of user management, ending up with a simple Member Area that you can implement on your own website.
Introduction
In this tutorial we are going to go through each step of making a user management system, along with an inter-user private messaging system. We are going to do this using PHP, with a MySQL database for storing all of the user information. This tutorial is aimed at absolute beginners to PHP, so no prior knowledge at all is required – in fact, you may get a little bored if you are an experienced PHP user!
This tutorial is intended as a basic introduction to Sessions, and to using Databases in PHP. Although the end result of this tutorial may not immediately seem useful to you, the skills that you gain from this tutorial will allow you to go on to produce a membership system of your own; suiting your own needs.
Before you begin this tutorial, make sure you have on hand the following information:
- Database Hostname – this is the server that your database is hosted on, in most situations this will simply be ‘localhost’.
- Database Name, Database Username, Database Password – before starting this tutorial you should create a MySQL database if you have the ability, or have on hand the information for connecting to an existing database. This information is needed throughout the tutorial.
If you don’t have this information then your hosting provider should be able to provide this to you.
Now that we’ve got the formalitiies out of the way, let’s get started on the tutorial!
Step 1 - Initial Configuration
Setting up the database
As stated in the Introduction, you need a database to continue past this point in the tutorial. To begin with we are going to make a table in this database to store our user information.
The table that we need will store our user information; for our purposes we will use a simple table, but it would be easy to store more information in extra columns if that is what you need. In our system we need the following four columns:
- UserID (Primary Key)
- Username
- Password
- EmailAddress
In database terms, a Primary Key is the field which uniquely identifies the row. In this case, UserID will be our Primary Key. As we want this to increment each time a user registers, we will use the special MySQL option – auto_increment.
The SQL query to create our table is included below, and will usually be run in the ‘SQL’ tab of phpMyAdmin.
CREATE TABLE `users` ( `UserID` INT(25) NOT NULL AUTO_INCREMENT PRIMARY KEY , `Username` VARCHAR(65) NOT NULL , `Password` VARCHAR(32) NOT NULL , `EmailAddress` VARCHAR(255) NOT NULL );
Creating a base file
In order to simplify the creation of our project, we are going to make a base file that we can include in each of the files we create. This file will contain the database connection information, along with certain configuration variables that will help us out along the way.
Start by creating a new file: base.php, and enter in it the following code:
<?php
session_start();
$dbhost = "localhost"; // this will ususally be 'localhost', but can sometimes differ
$dbname = "database"; // the name of the database that you are going to use for this project
$dbuser = "username"; // the username that you created, or were given, to access your database
$dbpass = "password"; // the password that you created, or were given, to access your database
mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error());
mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());
?>
Let’s take a look at a few of those lines shall we? There’s a few functions here that we’ve used and not yet explained, so let’s have a look through them quickly and make sense of them — if you already understand the basics of PHP, you may want to skip past this explanation.
session_start();
This function starts a session for the new user, and later on in this tutorial we will store information in this session to allow us to recognise users who have already logged in. If a session has already been created, this function will recognise that and carry that session over to the next page.
mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error());
mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());
Each of these functions performs a separate, but linked task. The mysql_connect function connects our script to the database server using the information we gave it above, and the mysql_select_db function then chooses which database to use with the script. If either of the functions fails to complete, the die function will automatically step in and stop the script from processing – leaving any users with the message that there was a MySQL Error.
Step 2 - Back to the Frontend
What do we need to do first?
The most important item on our page is the first line of PHP; this line will include the file that we created above (base.php), and will essentially allow us to access anything from that file in our current file. We will do this with the following line of of PHP code. Create a file named index.php, and place this code at the top.
<?php include "base.php"; ?>
Begin the HTML page
The first thing that we are going to do for our frontend is to create a page where users can enter their details to login, or if they are already logged in a page where they can choose what they then wish to do. In this tutorial I am presuming that users have basic knowledge of how HTML/CSS works, and therefore am not going to explain this code in detail; at the moment these elements will be unstyled, but we will be able to change this later when we create our CSS stylesheet.
Using the file that we have just created (index.php), enter the following HTML code below the line of PHP that we have already created.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>User Management System (Tom Cameron for NetTuts)</title> <link rel="stylesheet" href="style.css" type="text/css" /> </head> <body> <div id="main">
What shall we show them?
Before we output the rest of the page we have a few questions to ask ourselves:
- Is the user already logged in?
- Yes – we need to show them a page with options for them to choose.
- No – we continue onto the next question.
- Has the user already submitted their login details?
- Yes – we need to check their details, and if correct we will log them into the site.
- No – we continue onto the next question.
- If both of the above were answered No, we can now assume that we need to display a login form to the user.
These questions are in fact, the same questions that we are going to implement into our PHP code. We are going to do this in the form of if statements. Without entering anything into any of your new files, lets take a look at the logic that we are going to use first.
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
{
// let the user access the main page
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
// let the user login
}
else
{
// display the login form
}
<?>
Looks confusing, doesn’t it? Let’s split it down into smaller sections and go over them one at a time.
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
{
// let the user access the main page
}
When a user logs into our website, we are going to store their information in a session – at any point after this we can access that information in a special global PHP array – $_SESSION. We are using the empty function to check if the variable is empty, with the operator ! in front of it. Therefore we are saying:
If the variable $_SESSION['LoggedIn'] is not empty and $_SESSION['Username'] is not empty, execute this piece of code.
The next line works in the same fashion, only this time using the $_POST global array. This array contains any data that was sent from the login form that we will create later in this tutorial. The final line will only execute if neither of the previous statements are met; in this case we will display to the user a login form.
So, now that we understand the logic, let’s get some content in between those sections. In your index.php file, enter the following below what you already have.
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
{
?>
<h1>Member Area</h1>
<pThanks for logging in! You are <b><?=$_SESSION['Username']?></b> and your email address is <b><?=$_SESSION['EmailAddress']?></b>.</p>
<?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
if(mysql_num_rows($checklogin) == 1)
{
$row = mysql_fetch_array($checklogin);
$email = $row['EmailAddress'];
$_SESSION['Username'] = $username;
$_SESSION['EmailAddress'] = $email;
$_SESSION['LoggedIn'] = 1;
echo "<h1>Success</h1>";
echo "<p>We are now redirecting you to the member area.</p>";
echo "<meta http-equiv='refresh' content='=2;index.php' />";
}
else
{
echo "<h1>Error</h1>";
echo "<p>Sorry, your account could not be found. Please <a href=\"index.php\">click here to try again</a>.</p>";
}
}
else
{
?>
<h1>Member Login</h1>
<p>Thanks for visiting! Please either login below, or <a href="register.php">click here to register</a>.</p>
<form method="post" action="index.php" name="loginform" id="loginform">
<fieldset>
<label for="username">Username:</label><input type="text" name="username" id="username" /><br />
<label for="password">Password:</label><input type="password" name="password" id="password" /><br />
<input type="submit" name="login" id="login" value="Login" />
</fieldset>
</form>
<?php
}
?>
</div>
</body>
</html>
Hopefully, the first and last code blocks won’t confuse you too much. What we really need to get stuck into now is what you’ve all come to this tutorial for – the PHP code. We’re now going to through the second section one line at a time, and I’ll explain what each bit of code here is intended for.
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
There are two functions that need explaining for this. Firstly, mysql_real_escape_string – a very useful function to clean database input. It isn’t a failsafe measure, but this will keep out the majority of the malicious hackers out there by stripping unwanted parts of whatever has been put into our login form. Secondly, md5. It would be impossible to go into detail here, but this function simply encrypts whatever is passed to it – in this case the user’s password – to prevent prying eyes from reading it.
$checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
if(mysql_num_rows($checklogin) == 1)
{
$row = mysql_fetch_array($checklogin);
$email = $row['EmailAddress'];
$_SESSION['Username'] = $username;
$_SESSION['EmailAddress'] = $email;
$_SESSION['LoggedIn'] = 1;
Here we have the core of our login code; firstly, we run a query on our database. In this query we are searching for everything relating to a member, whose username and password match the values of our $username and $password that the user has provided. On the next line we have an if statement, in which we are checking how many results we have received – if there aren’t any results, this section won’t be processed. But if there is a result, we know that the user does exist, and so we are going to log them in.
The next two lines are to obtain the user’s email address. We already have this information from the query that we have already run, so we can easily access this information. First, we get an array of the data that has been retrieved from the database – in this case we are using the PHP function mysql_fetch_array. I have then assigned the value of the EmailAddress field to a variable for us to use later.
Now we set the session. We are storing the user’s username and email address in the session, along with a special value for us to know that they have been logged in using this form. After this is all said and done, they will then be redirect to the Member Area using the META REFRESH in the code.
So, what does our project currently look like to a user?
Great! It’s time to move on now, to making sure that people can actually get into your site.
Let the people signup
It’s all well and good having a login form on your site, but now we need to let user’s be able to use it – we need to make a login form. Make a file called register.php and put the following code into it.
<?php include "base.php"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>User Management System (Tom Cameron for NetTuts)</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<div id="main">
<?php
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$email = mysql_real_escape_string($_POST['email']);
$checkusername = mysql_query("SELECT * FROM users WHERE Username = '".$username."'");
if(mysql_num_rows($checkusername) == 1)
{
echo "<h1>Error</h1>";
echo "<p>Sorry, that username is taken. Please go back and try again.</p>";
}
else
{
$registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress) VALUES('".$username."', '".$password."', '".$email."')");
if($registerquery)
{
echo "<h1>Success</h1>";
echo "<p>Your account was successfully created. Please <a href=\"index.php\">click here to login</a>.</p>";
}
else
{
echo "<h1>Error</h1>";
echo "<p>Sorry, your registration failed. Please go back and try again.</p>";
}
}
}
else
{
?>
<h1>Register</h1>
<p>Please enter your details below to register.</p>
<form method="post" action="register.php" name="registerform" id="registerform">
<fieldset>
<label for="username">Username:</label><input type="text" name="username" id="username" /><br />
<label for="password">Password:</label><input type="password" name="password" id="password" /><br />
<label for="email">Email Address:</label><input type="text" name="email" id="email" /><br />
<input type="submit" name="register" id="register" value="Register" />
</fieldset>
</form>
<?php
}
?>
</div>
</body>
</html>
So, there’s not much new PHP that we haven’t yet learnt in that section. Let’s just take a quick look at that SQL query though, and see if we can figure out what it’s doing.
$registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress) VALUES('".$username."', '".$password."', '".$email."')");
So, here we are adding the user to our database. This time, instead of retrieving data we’re inserting it; so we’re specifying first what columns we are entering data into (don’t forget, our UserID will go up automatically). In the VALUES() area, we’re telling it what to put in each column; in this case our variables that came from the user’s input. So, let’s give it a try; once you’ve made an account on your brand-new registration form, here’s what you’ll see for the Member’s Area.
Make sure that they can logout
We’re almost at the end of this section, but there’s one more thing we need before we’re done here – a way for user’s to logout of their accounts. This is very easy to do (fortunately for us); create a new filed named logout.php and enter the following into it.
<?php include "base.php; $_SESSION = array(); session_destroy(); ?> <meta http-equiv="refresh" content="0;index.php">
In this we are first resetting our the global $_SESSION array, and then we are destroying the session entirely.
And that’s the end of that section, and the end of the PHP code. Let’s now move onto our final section.
Step 3 - Get Styled
I’m not going to explain much in this section – if you don’t understand HTML/CSS I would highly reccomend when of the many excellent tutorials on this website to get you started. Create a new file named style.css and enter the following into it; this will style all of the pages that we have created so far.
* {
margin: 0;
padding: 0;
}
body {
font-family: Trebuchet MS;
}
a {
color: #000;
}
a:hover, a:active, a:visited {
text-decoration: none;
}
#main {
width: 780px;
margin: 0 auto;
margin-top: 50px;
padding: 10px;
border: 1px solid #CCC;
background-color: #EEE;
}
form fieldset { border: 0; }
form fieldset p br { clear: left; }
label {
margin-top: 5px;
display: block;
width: 100px;
padding: 0;
float: left;
}
input {
font-family: Trebuchet MS;
border: 1px solid #CCC;
margin-bottom: 5px;
background-color: #FFF;
padding: 2px;
}
input:hover {
border: 1px solid #222;
background-color: #EEE;
}
Now let’s take a look at a few screenshots of what our final project should look like:
The login form.
The member area.
The registration form.
And finally…
And that’s it! You now have a members area that you can use on your site. I can see a lot of people shaking their heads and shouting at their monitors that that is no use to them – you’re right. But what I hope any beginners to PHP have learned is the basics of how to use a database, and how to use sessions to store information. The vital skills to creating any web application.
- Subscribe to the NETTUTS RSS Feed for more daily web development tuts and articles.
Enjoyed this Post?
Subscribe to our RSS Feed, Follow us on Twitter or simply recommend us to friends and colleagues!
Join our newsletter!
Create a Tutorial, Get Paid!
Have something to teach the world? Want to earn money doing it? Tutorials, screencasts, and articles published here on Nettuts+ are largely contributed by readers just like you! We'll pay you great money for good content. Find Out More
working fine! Thank you so much! :D Oh ya, don’t forget to read all those comments. It helps a lot. Thank you guys!
Thanks :D
Thank you soo much! This is one of the easiet login system i ever have seen, and so much to do with it too!
I have tried many login script and got bored with all (had an idea of stop learning php too)….great work with nice explanations….finally u made my day …… i can not wait to learn more on php
Lot of thanks bro!
Awesome tutorial, thank you! Just one question though!
At the moment i can go direct to the ‘members’ page it does show a login form but id like it to redirect to an actual login page.
Any ideas on how i can do that?
Cheers
Hi guys,
Just wondered if anyone could help.
Got this working perfect now, but id like to have and admin account that redirects to an admin page.
Could anyone help me implement this please :)
Thanks, this helped a lot and it works really well, but for some reason, unlike other wbsites, my browser doesnt prompt me to renember the password for my site… is there any reason for this? thanks ,sam
I am getting following error
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webmaster@drjag.net and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
How to fix it???
Thanks
I think u’ve messed up with the pHp My Admin Page!! :-(
I have a problem with the logout sript, how to fix it, can someone help???? Tut is great, thank you…
Ok, no problem, it’s done… Need to insert one more button in the index.html for logout and in logout.php insert echo”";
Nice work, thank you one more time…
Hey! Great tutorial! I did have one issue though. When log in, I am brought to a page that is suppose to refresh on it’s own. However, it isn’t wanting to refresh.
This is the code that is suppose to do it:
echo “”;
However, it’s not wanting to do it on it’s own. Thoughts?
This is way late, but the refresh issue is caused by this line
echo “”;
The problem is the “=’=” part, the line should actually be
echo “”;
Hope this helps
I actually changed this to this:
echo “”;
to this:
echo “”;
This is way late, but the refresh issue is caused by this line
echo “<meta http-equiv=’refresh’ content=’=2;index.php’ />”;
The problem is the “=’=” part, the line should actually be
echo “<meta http-equiv=’refresh’ content=’2;index.php’ />”;
Hope this helps
Thanks, very good tutorial.
I want to ask you to upgrade tutorial.
Could you write on the registration confirmation from the administrator to only after confirmation of the registered account will be active?
Thank you.
Great tutorial! really cleared and easy to use. By the way, I’m having a problem with registration page, but unfortunately I can’t be able to download de source code from the link (It seems to be damaged), could you please upload again the source files, thanks a lot!
Great Tutorial!!!!! I spend hours working on Marcus Setchell’s tutorial and could not get it to work. This one worked no problem. I liked how you separated the database variables from the rest of the code. Thank you and keep up the good work.
Just wanted to take this time to thank you for sharing this. My site is a lot more complicated but I got started off by reading this article of yours.
I have a problem with mysql connection. After clicking log in I get something like this: Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock’ (2)
What’s the significance of lines 57,58 & 59 in register.php? It just looks like an empty php tag…
.
Hi there,
Thank you so much for this awesome tutorial. Just one thing, I notice that I cannot register two users with the same username; however, I can register two users with the same email address. Is there any way I can fix that?
Thank you again
It is really good tutorial. I appreciate it.
Thanks
The source code is unavailable. Is there anywhere I can download the source files for this tutorial?
You can download from the image “SOURCE” itself. I don’t know why you couldn’t.
logout doesn’t work. session still exist after logout page. any idea?
Fantastic post. Here’s a tool that lets your build your online database without programming. There is no need to hand code PHP. Cut your development time by 90%
http://www.caspio.com/
Hi guys, a lot of you have been experiencing errors in the code. For those who haven’t fixed it, just alter the section which looks like this:
<pThanks for logging in! You are and your email address is .
into this:
Thanks for logging in! You are and your email address is .
sorry, forgot this:
replace:
<pThanks for logging in! You are $lt;b><?= $_SESSION['Username'] ?></b> and your email address is <b><?= $_SESSION['EmailAddress']?></b>.</p>
with:
<pThanks for logging in! You are $lt;b><? echo $_SESSION['Username'] ?></b> and your email address is <b><? echo $_SESSION['EmailAddress']?></b>.</p>
Hey Mwathi, good work, but you forgot this:
<p>Thanks for logging in! You are <b><? echo $_SESSION['Username'] ?> </b> and your email address is <b><? echo $_SESSION['EmailAddress'] ?> </b> </p>
Can you please help me as i cannot redirect to member page !
thanks
Great tutorial, but can you fix the errors in the source code as well. Thanks
Hi!
It dose note redirect me to the page which has the logout function
Nice one ! If this tutorial / code would have a vote-up – button, i would vote up ;)
Missed a ” after base.php. Above is the correct for logout.php
Pretty cool! I noticed something weird though – if I get the username correct, I can login with ANY password I want (and not the corresponding one). Anyone else facing this issue? Seems to be a huge security loophole to me!
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\new\register.php on line 19
line 19 is-
if(mysql_num_rows($checkusername) == 1)
What’s the wrong with that?
I got the answer for my above question. I had given my database table name as “customers”.But when i was
coding i have given it as “users” instead of customers..
Hey .. Nice Tutorial … :-)
I managed to create a members area by using
<?php
include "base.php";
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
{
echo'U Are Logged I’;
}
else
{
echo’Protected Area Bitches :D ‘;
}
?>
Works simply fine but can someone help me to update the users information ? :-)
Im a total noob to php :(
Thank you ~!
Thanks, helped my alot, although i found a little error in the code.
include “base.php; should be, include “base.php”.
Sorry if this already was told :D.
Good work anyway. Thanks alot
Hello dear users of the fantastic discussion board net.tutsplus.com.
I have to you may be a little matter.
I might just like to listen to your opinion.
Do you think the net can you really find real buddies, like-minded people?
Can communicate using the Internet to set up personal life?
I think it is positive to these questions could be answered only when you’re younger.
For instance I have over 50 years.
And that i only recently started to learn web spaces.
Therefore there exists a situation that I’m lonely.
And in actual life it is hard to find an interesting person around me.
I would like to hear your thinking on those issues is for my seniors age group.
“page refresh” post login issue just make a small change at line 43 of index.php
echo “”;
hi
What is the code to be added to other pages?
Pages can not access them, but the members.
Thank you
Hi,
When I remove md5 it’s working fine, but when I have it – the user can’t by found in database. I checked the server settings [phpinfo()] and md5 hashing is enabled – can anyone help?
Thanks,
Kris
Wow, awesome script! I actually needed a script where there are no usernames, only passwords to start the sessions, it’s for a school project and I actually managed to do that and it works perfectly fine!
One lag though that I fixed:
No refreshing:
I actually changed this:
echo “”;
to this:
echo “”;
Thanks again!
Great tutorial!