If you are just starting out in PHP and would like to learn how Register/Login functionality works in PHP then read on.
Scope:
The goal of this tutorial is to explain how login/registration works in PHP and aims to do so in a way that is clear and easy to grasp for those who are just starting out with PHP. If you are looking for a more detailed tutorial covering all the best practises then this may not be the tutorial for you. The idea being that you can quickly complete the tutorial and digest the information required to implment the script… once you have this down you can move on and investigate security, use of sessions, use of PDO etc.
Foreword:
The ability to register users and let them log-in is a cornerstone for every web-page that provides user personalization and as such, this is something every beginner web-developer must tackle at some stage of his development. The whole process of personalization can be divided into 4 main sub-categories.
1.Create the database to store registration data.
2.Registration script to insert data into the table and check if a username is already in use.
3.Log-in script to check user input against the database.
4.Any pages that require the user to be logged-in to be displayed.
Step 1 – Create the database.
The first thing to do is to create a database which will store user-input. The sample database is used just to demonstrate the most basic structure,the real world implementation is usually more complex. To avoid having to implement the development environment all by yourself(that can prove to be a daunting task for a beginner), I would recommend that you download WampServer – a web development platform that includes the Apache server, PHP and MySQL. WampServer will install everything for you so that you can focus on the programming rather than the installing and configuration. To create the database you can use the MySQL terminal or PHPMyAdmin.
Here are the queries that create the database and table:
CREATE DATABASE example_Database; USE example_Database; CREATE TABLE users ( user_id INT NOT NULL AUTO_INCREMENT, username VARCHAR(40), password VARCHAR(40), -- SHA()function returns 40 characters long hash. join_date DATETIME, PRIMARY KEY(user_id) );
Step 2 – Create the registration form.
Now that we have the table ready, the next step is to provide a way for the user to register.This script checks for correct input, checks if the username is already taken and if all is OK, it proceeds to INSERT the data in the table.
<?php
$database_Connection = mysqli_connect('db_host', 'db_user', 'db_pass', 'db_name');
if(isset($_POST['submit']))
{
if(!empty($_POST['username']) && !empty($_POST['password1']) && !empty($_POST['password2']) && (password1 == password2))
{
$currentUser_Username = mysqli_real_escape_string($database_Connection, trim($_POST['username']));
$currentUser_Password = mysqli_real_escape_string($database_Connection, trim($_POST['password1']));
$query = "SELECT user_id, username FROM users WHERE username=' " .
$_currentUser_username . "'" ;
$result = mysqli_query($database_Connection, $query);
if(mysqli_num_rows($result) == 0)
{
$insert_Query = "INSERT INTO users(username,password,join_date) VALUES('$currentUser_Username', SHA('$currentUser_Password'), now())";
mysqli_query($database_Connection, $insert_Query);
}
else
{
echo 'That username is not available';
}
}
else
{
echo 'You must enter data in all input fields';
}
mysqli_close($database_Connection);
}
<form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
<fieldset>
<legend>Register Information</legend>
<label for="Username">Username </label>
<input type= "text" id= "username" name="username" value="<?php if(!empty($currentUser_Username)) echo $currentUser_Username;?>"> <br />
<label for="password1">Password</label>
<input type = "text" id="password1" name = "password1"/> <br />
<label for = "password2">Retype Password </label>
<input type = "text" id="password2" name="password2"/> <br />
</fieldset>
<input type="submit" name = "submit"/>
</form>
?>
Step 3 – Create the log-in script.
Now that we provided a way for the user to register,the next step is to write a script that logs-in the user – when only matching row is found in the database.
If a row matches, then we send two cookies to the client’s computer containing information about the user’s_id and actual username.The cookie is a simple text file that contains name : value pairs and is stored in the client’s hard drive thus remembering the data for a prolonged period of time so the user will stay logged in until the cookie expires(after the expiration point,the cookie is deleted from the client’s computer) .
We check the $_COOKIE variable to determine if a user is logged-in and the setcookie() function to send the cookie to the client PC.
<?php
$databaseConnection= Mysqli_connect('db-host','db_user','db_pass','db_name');
if(!isset($_COOKIE[user_id])) && isset($_POST['submit'])
{
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$user_Username = mysqli_real_escape_string($databaseConnection,trim($_POST['username']));
$user_Password = mysqli_real_escape_string($databaseConnection,trim($_POST['password']));
$query = "SELECT * FROM users WHERE username = '" .
$user_Username . "'" . "AND password='" . sha1($user_Password) . "'";
$result = mysqli_query($databaseConnection,$query);
if(mysqli_num_rows($result) == 1)
{
$row = mysqli_fetch_array($result);
setcookie('user_id',$row['user_id']);
setcookie('username',$row['username']);
}
else
{
echo 'Error!Make sure you enter the correct information'
}
}
else
{
echo 'Some of the input fields are empty.All fields must be entered';
}
}
if(empty($_COOKIE['user_id']))
{
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<fieldset>
<legend>Log In</legend>
<label for="username">Username:</label>
<input type="text" name="username"/><br />
<label for="password">Password:</label>
<input type="password" name="password" />
</fieldset>
<input type="submit" value="Log In" name="submit" />
</form>
<?php
//Prevent the rest of the script for being loaded.
die();
}
else
{
echo 'You are logged in as ' . $_COOKIE['username'] . '<br />';
}
?>
Step 4 – Secure/Private pages.
And for the final part of the tutorial, we can use the log-in script to make pages unavailable to guest users. As an example, let’s go with an ‘edit profile’ page.
It doesn’t make any sense to edit your profile if you actually haven’t even registered yet. So if we have an ‘edit profile’ page, in order to make it available only to registered users we can simply include the log-in script at the beginning of the file using the require_once PHP statement.
<?php require_once 'Login.php' //the rest of the editProfile script... ?>
At this stage it will be impossible for a user to access the content of this page without first logging in. This is due to the conditional statement which checks if a valid cookie can be found on the users machine. If a cookie is not found then the login form is displayed and the ‘die()’ function is called. This prevents the rest of the script from executing.
And there you have it, a very simple demonstration of how login/registration works in PHP. Thanks for reading.
The post Learn how Register/Login functionality works in PHP appeared first on Weebtutorials.