Monday, January 27, 2014

PHP | User System - login & register

1:40 AM No comments

PHP | User System - login & register


index.php


<?php
require 'core.inc.php';
require 'connect.inc.php';

if (loggedin()) {
    $firstname = getuserfield('firstname');
    $surname = getuserfield('surname');

    echo 'You\'re logged in, '.$firstname.' '.$surname.' ';
    echo '<a href="logout.php">Logout</a>';
} else {
    include 'loginform.inc.php';
}


?>

connect.inc.php


<?php

$mysql_host = 'localhost';
$mysql_user = 'root';
$mysql_pass = '';

$mysql_db = 'a_database';

if (!mysql_connect($mysql_host, $mysql_user, $mysql_pass) || !mysql_select_db($mysql_db)) {
    die(mysql_error());
}

?>

core.inc.php


<?php
ob_start();
session_start();

$current_file = $_SERVER['SCRIPT_NAME'];
if (isset($_SERVER['HTTP_REFERER'])&&!empty($_SERVER['HTTP_REFERER'])) {
    $http_referer = $_SERVER['HTTP_REFERER'];
}

function loggedin(){
    if (isset($_SESSION['user_id']) && !empty($_SESSION['user_id'])) {
        return true;
    } else {
        return false;
    }   
}

function getuserfield($field){
    $query = "SELECT $field FROM users WHERE id = '".$_SESSION['user_id']."'";
    if ($query_run = mysql_query($query)) {
        if ($query_result = mysql_result($query_run, 0, $field)) {
            return $query_result;
        }
    }
}

?>

loginform.inc.php


<?php

if (isset($_POST['username']) && isset($_POST['password'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];

    $password_hash = md5($password);

    if (!empty($username) && !empty($password)) {
       
        $query = "SELECT id FROM users WHERE username = '".mysql_real_escape_string($username)."' AND password = '".mysql_real_escape_string($password_hash)."'";
        if ($query_run = mysql_query($query)) {
            $query_num_rows = mysql_num_rows($query_run);
            if ($query_num_rows==0) {
                echo "Invalid username/password combination.";
            } else if ($query_num_rows==1) {
                $user_id = mysql_result($query_run, 0, 'id');
                $_SESSION['user_id'] = $user_id;
                header('Location: index.php');
            }
           
        }

    } else {
        echo "You must supply username and password.";
    }
   
}

?>
<form action="<?php echo $current_file; ?>" method="POST">
    Username: <input type="text" name="username" value="<?php if (isset($username)) { echo $username; } ?>">
    Password: <input type="password" name="password">
    <input type="submit" value="Login">
</form>

logout.php


<?php
require 'core.inc.php';
session_destroy();
header('Location: '.$http_referer);
?>

register.php


<?php
require 'core.inc.php';
require 'connect.inc.php';

if (!loggedin()) {
    if (isset($_POST['username'])&&isset($_POST['password'])&&isset($_POST['password_again'])&&isset($_POST['firstname'])&&isset($_POST['surname'])) {
        $username = $_POST['username'];

        $password = $_POST['password'];
        $password_again = $_POST['password_again'];
        $password_hash = md5($password);

        $firstname = $_POST['firstname'];
        $surname = $_POST['surname'];
        if (!empty($username)&&!empty($password)&&!empty($password_again)&&!empty($firstname)&&!empty($surname)) {
            if ($password!=$password_again) {
                echo 'Passwords do not match.';
            } else {
                $query = "SELECT username FROM users WHERE username = '".mysql_real_escape_string($username)."'";
                $query_run = mysql_query($query);

                if (mysql_num_rows($query_run)==1) {
                    echo $username.' is already exists.';
                } else {
                    $query = "INSERT INTO users VALUES ('', '".mysql_real_escape_string($username)."', '".mysql_real_escape_string($password_hash)."', '".mysql_real_escape_string($firstname)."', '".mysql_real_escape_string($surname)."')";
                    if ($query_run = mysql_query($query)) {
                        header('Location: register_success.php');
                    } else {
                        echo 'Sorry, we couldn\'t register you at this time. Try again later.';
                    }
                   
                }
               
            }
           
        } else {
            echo 'All fields are required.';
        }
       
    }
?>
<form action="register.php" method="POST">
    <table>
        <tr>
            <td>Username:</td>
            <td><input type="text" name="username" maxlength="30" value="<?php if (isset($username)) { echo $username; } ?>"></td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><input type="password" name="password"></td>
        </tr>
        <tr>
            <td>Pass again:</td>
            <td><input type="password" name="password_again"></td>
        </tr>
        <tr>
            <td>Firstname:</td>
            <td><input type="text" name="firstname" maxlength="40" value="<?php if (isset($firstname)) { echo $firstname; } ?>"></td>
        </tr>
        <tr>
            <td>Surname:</td>
            <td><input type="text" name="surname" maxlength="40" value="<?php if (isset($surname)) { echo $surname; } ?>"></td>
        </tr>
        <tr>
            <td></td>
            <td></td>
            <td><input type="submit" value="Register"></td>
        </tr>
    </table>
</form>
<?php
} else if (loggedin()) {
    echo 'You\'re already registered and logged in.';
}


?>


Categories: , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Powered by Blogger.
Subscribe to RSS Feed Follow me on Twitter!