BioRUST.com :: Tutorials >> A Complete Membership System

Welcome, Guest

Please login or register

TUTORIALS SUBMENU ---->

PHOTOSHOP FLASH ILLUSTRATOR BLENDER CINEMA 4D WEB-CODING

	Related Links

A Complete Membership System

pages (4): [1] 2 3 4

Hello, ladies and gentleman, to one of my biggest tutorials yet! In this multi-page article I’m going to show you how to set up the server side scripting for a complete membership system, including everything from registration, to changing your password, validation emails, etc.

First of all I'll outline what I’m going to cover in this tutorial:

MySQL Table Configuration
Registration script
Login script
Activation script
Members page
Resending validation emails
Logout script
Processing member commands

This set of scripts includes 32bit md5() password encryption and the use of sha1() 40bit encryption to generate a 40 digit hash that we can use for the activation code. You can download all scripts used in this tutorial here, although you should be aware that I've added a nice CSS layout and collapsing menus into the final scripts to make things look a bit more spanky.

MySQL Table Configuration
The first step is to set up your MySQL database. If you have access via control panel software (i.e. cPanel), you should set everything up through there, and add your user as usual. Otherwise, use phpMyAdmin, or write some SQL syntax to do it, as I will only be providing you with SQL to set up the table.

Our database setup consists of a single table with 9 fields: User ID, Username, Password, Full name, Email, Date, IP when registering, Whether activated and the Activation key.

In the same order, we will be using these data types: int(11) PRIMARY auto_increment, Text, VARCHAR(32), Text, Text, Text, Text, int(1) DEFAULT 0, VARCHAR(40). Bamboozled? Not to worry, here’s the SQL syntax you can use to do it automatically for you:

CREATE TABLE `Users` (
`id` int(11) NOT NULL auto_increment,
`Username` text NOT NULL,
`Password` varchar(32) NOT NULL default '',
`Name` text NOT NULL,
`Email` text NOT NULL,
`Date` text NOT NULL,
`IP` text NOT NULL,
`Actkey` varchar(40) NOT NULL default '',
`Activated` int(1) NOT NULL default '0',
PRIMARY KEY (`id`)
)

With the database now set up, all we have to do is connect to it! In our scripts this is controlled by a single file, config.php, which connects to the server and opens the correct database.

Configuration Script (config.php)

<?php

$l = mysql_connect ( "localhost" , "yourmysqlUser" , "password" ) or die("Error connecting: <br><br>".mysql_error());
mysql_select_db( "yourdatabase" ) or die("Error getting db: <br><br>".mysql_error());

?>

The connection is defined in a variable because we want to close it later, and we need a link identifier to use in mysql_close(). So, with the basics covered, its on to the coding of the individual scripts...

Registration Script (register.php)
I think the best way for me to do this is to give you a big lump of code, then tell you what each part does. So, let’s do that:

<?php

include 'config.php';

if(isset($_POST['submit']))
{

$first = addslashes(trim($_POST['firstname']));
$surname = addslashes(trim($_POST['surname']));
$username = addslashes(trim($_POST['username']));
$email = addslashes(trim($_POST['email']));
$pass = addslashes(trim($_POST['password']));
$conf = addslashes(trim($_POST['confirm']));

$ip = $_SERVER['REMOTE_ADDR'];
$date = date("d, m y");

if ( $_POST['password'] == $_POST['confirm'] )
{}else{

echo '<script>alert("Your passwords were not the same, please enter the same password in each field.");</script>';
echo '<script>history.back(1);</script>';
exit;

}

$password = md5($pass);

if ((((( empty($first) ) || ( empty($surname) ) || ( empty($username) ) || ( empty($email) ) || ( empty($password) )))))
{

echo '<script>alert("One or more fields was left empty, please try again.");</script>';
echo '<script>history.back(1);</script>';
exit;

}

if((!strstr($email , "@")) || (!strstr($email , ".")))
{

echo '<script>alert("You entered an invalid email address. Please try again.");</script>';
echo '<script>history.back(1);</script>';
exit;

}

$q = mysql_query("SELECT * FROM Users WHERE Username = '$username'") or die(mysql_error());
if(mysql_num_rows($q) > 0)
{

echo '<script>alert("The username you entered is already in use, please try again.");</script>';
echo '<script>history.back(1);</script>';
exit;

}

$name = $first . ' ' . $surname;
$actkey = mt_rand(1, 500).'f78dj899dd';
$act = sha1($actkey);

$query = mysql_query("INSERT INTO Users (Username, Password, Name, Email, Date, IP, Actkey) VALUES ('$username','$password','$name','$email','$date','$ip','$act')") or die(mysql_error());
$send = mail($email , "Registration Confirmation" , "Thank you for registering with YourWebsite.\n\nYour username and password is below, along with details on how to activate your account.\n\nUser: ".$username."\nPass: ".$pass."\n\nClick the link below to activate your account:\nhttp://EDITTHISURL.COM/activate.php?id=".$act."\n\nPlease do not reply, this is an automated mailer.\n\nThanks", "FROM: auto@mailer.com");

if(($query)&&($send))
{

echo ' <html>
<head>
<title>Success</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>

<body>

<div id="success">
<p>Thank you for registering, you will recieve an email soon with your login details and your activation link so that you can activate your account.</p>
<p><a href="login.php">Click here</a> to login once you have activated.</p>
</div>

</body>
</html>
';

} else {

echo '
<html>
<head>
<title>Error</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>

<body>

<div id="error">
<p>We are sorry, there appears to be a problem with our script at the moment.</p>
<p>Your data was not lost. Username: '.$username.' | Password: '.$pass.' | Email: '.$email.' | Full name: '.$name.'</p>
<p>Please try again later.</p>
</div>

</body>
</html>
';

}

} else {

?>
<html>
<head>
<title>Register</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>

<body>

<div id="wrapper">

<div id="head">the registration page</div>
<br>
<div id="main">
<p>Welcome to the registration, fill out the form below and hit Submit. All fields are required,so fill them all out! </p>
<form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="50%">First name </td>
<td width="50%"><input name="firstname" type="text" id="firstname"></td>
</tr>
<tr>
<td>Surname</td>
<td><input name="surname" type="text" id="surname"></td>
</tr>
<tr>
<td>Email Address </td>
<td><input name="email" type="text" id="email"></td>
</tr>
<tr>
<td>Username</td>
<td><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>Password</td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td>Confirm Password </td>
<td><input name="confirm" type="password" id="confirm"></td>
</tr>
<tr>
<td>Register</td>
<td><input name="submit" type="submit" class="textBox" value="Submit"></td>
</tr>
</table>
</form>
Upon confirmation of your details, you will be sent an email containing your username, password and details on how to activate your account so as to be able to use this website. </div>

</div>

</body>
</html>

<? } mysql_close($l); ?>

Our script starts with the essential first step - i.e. including the connection file config.php. The rest of the script is then fairly simple, and takes user submitted data, inserts it into pre-defined variables, and then TRIMs off each variable to remove any characterless space at either end of the values. Once these simple variable-handling steps have been performed, the script then runs through a few basic IF statements to protect the integrity of our data. In our case, these statements ensure that the email address has an @ and a . in it, the passwords are the same, the username is not already taken, and no fields are empty. Then it processes the registration and inserts all the data, including our newly generated activation key, which is a sha1() hash of a randomly generated number between 1 and 500 with some random letters added onto the end of it. Since the table’s column “Activated” has a default value of 0, the user is not activated until he/she clicks his link with this value in it.

With all these steps complete, the script then sends out the confirmation e-mail. You must make sure you change some of the details if you directly use our scripts though - just look for YourWebsite and CHANGETHISURL.COM, and change them accordingly.

Depending on the data entered, the script will finally display a message from a variety of errors or confirmation messages reporting any pertinent information (or just a nice big 'thank you' message).

- Tutorial written by Scrowler

Pages (4): [1] 2 3 4 Next>

Automatic Translations: