Create the Table - PHPI recently completed an article series in which we built a project management application. Every application that wants to control access to its resources has an access control mechanism that will verify if a user is allowed to use the particular application. A project management application is a good candidate for such a control. In this four-part series, we will build an authentication system for the application.
print this article SEARCH DEV SHED |
So create a table with the following SQL: CREATE TABLE `users` ( `uid` int(11) NOT NULL auto_increment, `name` varchar(20) NOT NULL default '', `sname` varchar(20) NOT NULL default '', `uname` varchar(100) NOT NULL default '', `upass` varchar(8) NOT NULL default '', `level` enum('admin','normal') NOT NULL default 'normal', `last_login` datetime NOT NULL default '0000-00-00 00:00:00', `email` varchar(100) NOT NULL default '', PRIMARY KEY (`uid`) ) TYPE=MyISAM AUTO_INCREMENT=5 ; Below is some sample data for the table: INSERT INTO `users` VALUES (1, 'jack', 'dee', 'jack.dee', 'pass', 'admin', '0000-00-00 00:00:00', 'jack@dee.com'); INSERT INTO `users` VALUES (2, 'maria', 'garises', 'maria.garises', 'pass', 'normal', '0000-00-00 00:00:00', 'maria@garises.com'); INSERT INTO `users` VALUES (3, 'kine', 'brand', 'kine.brand', 'pass', 'normal', '0000-00-00 00:00:00', 'kine@brand.com'); INSERT INTO `users` VALUES (4, 'john', 'doe', 'john.doe', 'pass', 'normal', '0000-00-00 00:00:00', 'john@doe.com'); Copy and paste the above SQL in your MySQL administration application and run it. You should have a table called "users" with the sample data above. Now, let's create the login script that will run the login process for us. Create a new PHP document and add the following code: <?php include "dbcon.php"; include "functions.php"; //initialise variables $err=false; $errmsg=""; //is form submitted? if(isset($_POST['submit'])){ //check that the form values are not empty, if so, set errormsg value if(empty($_POST['uname'])){ $errmsg="The username field is empty, please enter a username<br>"; $err=true; } if(empty($_POST['upass'])){ $err=true; $errmsg .="The password field is empty, please enter password<br>"; } //check that the username is in correct format if(!checkformat($_POST['uname'])){ $err=true; $errmsg .="The username that you entered has a incorrect format.<br>"; } //if there is no errors above, then clean the form values before using in query. if(!$err){ $cleanuname = mysql_escape_string($_POST['uname']); $cleanupass = mysql_escape_string($_POST['upass']); $checkuser = "SELECT * from users WHERE uname = '".$cleanuname."' AND upass = '".$cleanupass."'"; $checkuser_res = mysql_query($checkuser); $checkuser_num = mysql_num_rows($checkuser_res); if($checkuser_num > 0){ //if user exists and passes authentication //setup session variables and redirect to index page $row = mysql_fetch_assoc($checkuser_res); $_SESSION['name'] = $row['name']." ".$row['sname']; $_SESSION['uid'] = $row['uid']; $_SESSION['level'] = $row['level']; //redirect header("location:main.php"); }else{ //if values do not match set errmsg $err=true; $errmsg .="The username or password you entered does not match.<br> MYSQL ERROR ".mysql_error(); }//else }//end $err check } //end form submit check ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/userauth.dwt.php" codeOutsideHTMLIsLocked="false" --> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <!-- InstanceBeginEditable name="doctitle" --> <title>Project Management ::Login</title> <!-- InstanceEndEditable --> <!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable --> <link href="Templates/loginstyle.css" rel="stylesheet" type="text/css" /> </head> <body> <table width="100%" border="0"> <tr> <td bgcolor="#6699CC" class="headertxt">Project Management:: User Authentication </td> </tr> <tr> <td><!-- InstanceBeginEditable name="main" --> <table width="100%" border="0" class="formborder"> <tr> <td colspan="2" class="loginheader">Login</td> </tr> <tr> <td colspan="2"> </td> </tr> <form action="login.php" method="post" name="f1" class="formborder"> <?php if(isset($errmsg)){?> <tr> <td colspan="2" class="errmsg" ><?php echo $errmsg; ?></td> </tr> <tr> <td colspan="2"> </td> </tr> <tr> <?php } ?> <td width="10%" valign="bottom"><strong>Username:</strong></td> <td width="90%"><label> <input name="uname" type="text" class="login" id="uname" size="40" /> </label></td> </tr> <tr> <td valign="bottom"><strong>Password:</strong></td> <td><label> <input name="upass" type="password" class="login" id="upass" size="40" /> </label></td> </tr> <tr> <td> </td> <td><a href="password.php">Forgot your password?</a> </td> </tr> <tr> <td> </td> <td><label> <input name="submit" type="submit" id="submit" value="Log me in!" /> </label></td> </tr> </form> </table> <!-- InstanceEndEditable --></td> </tr> <tr> <td align="right" class="cright">copyright © 2007 PM </td> </tr> </table> </body> <!-- InstanceEnd --></html>
blog comments powered by Disqus |
|
|
|
|
|
|
|
/ 3 _html_4f0b627a.png)
