MySQL
  Home arrow MySQL arrow Page 3 - Creating a Login Script for a PHP/MySQ...
Dev Shed Forums 
Administration  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Forums Sitemap 
IBM® developerWorks 
Dedicated Servers 
E-Commerce Hosting 
Linux Web Hosting 
Managed Hosting 
Small Business Hosting 
Download TestComplete 
VPS Hosting 
Weekly Newsletter

 
Developer Updates  
Free Website Content 
IBM Rational Software Development Conference
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
MYSQL

Creating a Login Script for a PHP/MySQL Blogging System
By: Jacques Noah
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 4 stars4 stars4 stars4 stars4 stars / 52
    2006-10-03

    Table of Contents:
  • Creating a Login Script for a PHP/MySQL Blogging System
  • Login.php
  • Logout.php
  • Password.php

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     
     
    ADVERTISEMENT

    Route your faxes to your email inbox. Private, secure fax numbers available from CallWave. Choose your fax number.

    Creating a Login Script for a PHP/MySQL Blogging System - Logout.php
    (Page 3 of 4 )

    Logs a user out with the following code:

    <?
    session_start();
    if($_SESSION["status"]="logged") {
    session_unset();
    session_destroy();
    header( "Location:login.php?reg=2" );
    exit();
    }
    else{
    if ($_SESSION["status"]="not logged") {
    //the session variable isn't registered, the user shouldn't even
    be on this page
    header( "Location:login.php" );
    exit();
    }
    }
    ?>

     

    The 'header( "Location:login.php?reg=2" ); ' code sends a reg value of 2 to the login.php page, which informs the user that he/she has been logged out. To log out a user, we simply empty the session variables that have been filled at login. This is done by the session_unset() and session_destroy() functions.

    Register.php

    This script registers or adds a new user.

    Example output of the register.php

    The following code does the job:

    <?
    if(isset($_POST['Submit'])){
    //NEED TO CHECK IF FIELDS ARE FILLED IN
    if( empty($_POST['name']) && (empty($_POST['email']))){
    header("Location:Messages.php?msg=3");
    exit();
    }
    if( empty($_POST['pw1']) && (empty($_POST['pw2']))){
    header( "Location:Messages.php?msg=4" );
    exit();
    }
    $name=$_POST['name'];
    $email=$_POST['email'];
    $pw1=$_POST['pw1'];
    $pw2=$_POST['pw2'];
    if("$pw1" !== "$pw2"  ){
    header( "Location:Messages.php?msg=5" );
    exit();
    }
    $ip = $_SERVER['REMOTE_ADDR'];
    if(empty($ip)){
    header("location:Messages.php?msg=13");
    exit();
    }
    if(isset($_POST['select'])){
    $level=$_POST['select'];
    }else{
    $level="Normal";
    }
    //connect to the db server , check if uname exist
    include('config.php');
    $query=("Select * from user where uname='$name'");
    $result= mysql_query($query);
    $num=mysql_num_rows($result);
    if ($num > 0) {//Username already exist
    header( "Location:Messages.php?msg=6" );
    exit();
    }else{
    //if username does not exist insert user details
    $query=( "INSERT INTO user (uname, pw,email,date_joined,ip,level,isbanned) VALUES ('$name',password
    ('$pw1'),'$email',NOW(),'$ip','$level','no')");
    if(!@mysql_query ($query)) {
    echo mysql_error();
    }else{
    if(empty($_POST['select'])){
    header("location:login.php?reg=1");
    exit;
    }else{
    header("location:../admin/main.php");
    exit;
    }
    }
    }
    mysql_close();
    }?>

    The script does three things:

    • Checks whether all the fields are filled in.  If not, the program goes to the messages page where the appropriate error is displayed.
    • Checks whether the username already exists. If so, the program goes to the messages page where the appropriate error is displayed.
    • If the username does not exist, the script adds the user details and goes straight to the login page. Where the user can now login.

    Because this login system is designed for a closed blogging system, it is very important that we have the IP address of a user. For this reason I've  included the following code:

    $ip = $_SERVER['REMOTE_ADDR'];
    if(empty($ip)){
    header("location:Messages.php?msg=13");
    exit();
    }

    This code checks to see whether the users' IP address is empty. If so, it simply sends the user to the messages page. This will stop anyone who does not have an IP address from registering. You can of course remove this piece of code if your security needs are limited.

    More MySQL Articles
    More By Jacques Noah


       · I think there are many flaws to this approach. There is no validation to really keep...
       · This is horrible php coding practice! Data access layer is mixed in with...
       · I just got done reading through the article and looking at the code samples. To be...
       · > I just got done reading through the article and looking at the code samples. > To...
       · I have to agree, I am just starting out on php/mysql and looking to create a user...
       · After reading this article i simply took the code, modified it and used it in one of...
       · I thought this article and the others were quite educational. I am aware of the...
       · Your are 100% correct, but it seems like your are a Pro, u know more about it, the...
       · I keep getting a parse error on line 10 of this code and need some help....
       · If you're gonna user double quotes inside a string, you need to escape them. Either...
       · The above response is correct. The other quotes in your string are causing your...
     

       

    MYSQL ARTICLES

    - MySQL Table Prefix Changer Tool in PHP
    - Using the SIGNAL Statement for Error Handling
    - Error Handling Examples
    - Error Handling
    - Completing a Search Engine with MySQL and PH...
    - Paginating Result Sets for a Search Engine B...
    - Building a Search Engine with MySQL and PHP 5
    - Using Boolean Operators for Full Text and Bo...
    - PHP, MySQL and the PEAR Database
    - Working with PHP and MySQL
    - Getting PHP to Talk to MySQL
    - Creating an RSS Reader: the Reader
    - MySQL Security Overview
    - Creating the Admin Script for a PHP/MySQL Bl...
    - Creating the Blog Script for a PHP/MySQL Blo...

     
    Accelerating Trading Partner Performance
     
    Competing on Analytics
     
    Cost Effective Scaling with Virtualization and Coyote Point Systems
     
    Five Checkpoints to Implementing IP Telephony
     
    Hosted Email Security: Staying Ahead of New Threats
     




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 3 hosted by Hostway