Home arrow MySQL arrow Page 3 - Creating a Login Script for a PHP/MySQL Blogging System

Logout.php - MySQL

In this three-part tutorial we are going to be creating an open blogging system. We are also going to provide scripts that will make it possible to switch to a closed blogging system. This article, which is the first part, will cover the creation of the login scripts for a closed system.

TABLE OF CONTENTS:
  1. Creating a Login Script for a PHP/MySQL Blogging System
  2. Login.php
  3. Logout.php
  4. Password.php
By: Jacques Noah
Rating: starstarstarstarstar / 90
October 03, 2006

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Logs a user out with the following code:

<?
session_start();
if($_SESSION["status"]="logged") {
session_unset();
session_destroy();
header( "Location:login.php?reg=2" );
exit();
}
else{
if ($_SESSION["status"]="not logged") {
//the session variable isn't registered, the user shouldn't even
be on this page
header( "Location:login.php" );
exit();
}
}
?>

 

The 'header( "Location:login.php?reg=2" ); ' code sends a reg value of 2 to the login.php page, which informs the user that he/she has been logged out. To log out a user, we simply empty the session variables that have been filled at login. This is done by the session_unset() and session_destroy() functions.

Register.php

This script registers or adds a new user.

Example output of the register.php

The following code does the job:

<?
if(isset($_POST['Submit'])){
//NEED TO CHECK IF FIELDS ARE FILLED IN
if( empty($_POST['name']) && (empty($_POST['email']))){
header("Location:Messages.php?msg=3");
exit();
}
if( empty($_POST['pw1']) && (empty($_POST['pw2']))){
header( "Location:Messages.php?msg=4" );
exit();
}
$name=$_POST['name'];
$email=$_POST['email'];
$pw1=$_POST['pw1'];
$pw2=$_POST['pw2'];
if("$pw1" !== "$pw2"  ){
header( "Location:Messages.php?msg=5" );
exit();
}
$ip = $_SERVER['REMOTE_ADDR'];
if(empty($ip)){
header("location:Messages.php?msg=13");
exit();
}
if(isset($_POST['select'])){
$level=$_POST['select'];
}else{
$level="Normal";
}
//connect to the db server , check if uname exist
include('config.php');
$query=("Select * from user where uname='$name'");
$result= mysql_query($query);
$num=mysql_num_rows($result);
if ($num > 0) {//Username already exist
header( "Location:Messages.php?msg=6" );
exit();
}else{
//if username does not exist insert user details
$query=( "INSERT INTO user (uname, pw,email,date_joined,ip,level,isbanned) VALUES ('$name',password
('$pw1'),'$email',NOW(),'$ip','$level','no')");
if(!@mysql_query ($query)) {
echo mysql_error();
}else{
if(empty($_POST['select'])){
header("location:login.php?reg=1");
exit;
}else{
header("location:../admin/main.php");
exit;
}
}
}
mysql_close();
}?>

The script does three things:

  • Checks whether all the fields are filled in.  If not, the program goes to the messages page where the appropriate error is displayed.
  • Checks whether the username already exists. If so, the program goes to the messages page where the appropriate error is displayed.
  • If the username does not exist, the script adds the user details and goes straight to the login page. Where the user can now login.

Because this login system is designed for a closed blogging system, it is very important that we have the IP address of a user. For this reason I've  included the following code:

$ip = $_SERVER['REMOTE_ADDR'];
if(empty($ip)){
header("location:Messages.php?msg=13");
exit();
}

This code checks to see whether the users' IP address is empty. If so, it simply sends the user to the messages page. This will stop anyone who does not have an IP address from registering. You can of course remove this piece of code if your security needs are limited.



 
 
>>> More MySQL Articles          >>> More By Jacques Noah
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

MYSQL ARTICLES

- Oracle Unveils MySQL 5.6
- MySQL Vulnerabilities Threaten Databases
- MySQL Cloud Options Expand with Google Cloud...
- MySQL 5.6 Prepped to Handle Demanding Web Use
- ScaleBase Service Virtualizes MySQL Databases
- Oracle Unveils MySQL Conversion Tools
- Akiban Opens Database Software for MySQL Use...
- Oracle Fixes MySQL Bug
- MySQL Databases Vulnerable to Password Hack
- MySQL: Overview of the ALTER TABLE Statement
- MySQL: How to Use the GRANT Statement
- MySQL: Creating, Listing, and Removing Datab...
- MySQL: Create, Show, and Describe Database T...
- MySQL Data and Table Types
- McAfee Releases Audit Plugin for MySQL Users

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: