Can someone point me in a good starting place in order to figure out how to allow users to register names and passwords and be able to modify their table. (one database, different table for each user)
| SitePoint Sponsor |
Can someone point me in a good starting place in order to figure out how to allow users to register names and passwords and be able to modify their table. (one database, different table for each user)
]
I don't think that a separate table for each user would be the best way to go. Depending on the amount of data you're storing for each user, you might want a couple user tables which are linked by shared IDs or something (RDBMS). Anyway, there are already quite a few user management scripts out there, so you might want to check out The PHP Resource Index or Hotscripts.
The only problem with using other scripts is that its sometimes hard to modify them for your own needs. Expecially the more complex ones. The reason I need user sessions has to do with people registering things online.
The point of having the user is so they can modify the data they insert incase something changes or they messed up. I'm basically making what use to be hand written paperwork (this is for a marching bnad I'm in) able to be done online. So the user (with my permission) is assigned a user name and a password. Then they are granted access to the documentation section of the website where they can register online, fill out fundraiser sheets, etc. Its very very simple stuff, and I think using a script may be too complex for my needs.
Even once I get past the user session part, the hard part (for me at least) is how do I make an interface that allows them to change data that they have entered into the database?
]
Why don't you post your database layout and we'll work from there.
I dont have a layout yet but lets say we have the following:
Database (for a specific document): mplionhe_registration:
Tables: 1 for each user (tables need to be created when a user hits the submit button for the current document: example- http://www.mplionhearts.com/phptesting/document1.php )
List of tables:
Jack Jakobson
Bob Smith
Jon Tulips
Rob Robinson
Example table: Jack Jakobson
||| Name________||| Parade ||| Championship ||| Steak Fry |||
||| Jack Jakobson ||| _____1 |||__________1 |||________1 |||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
This way I can just create a PHP file that calls the database and displays all the tables like that. Do you see what I'm getting at? So if Jack Jakobson wanted to have 2 parade tickets instead of one, he'd be able to login and change that value.
]
Look, you don't want a table for each user. You want one table called 'users' that's going to hold information about all the users. It might look something like this:
You're going to use the person's email address as a unique identifier. The password field is going to hold the MD5 hash of the user's password.Code:+--------------+----------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +--------------+----------------------+------+-----+---------+----------------+ | id | smallint(5) unsigned | | PRI | NULL | auto_increment | | email | varchar(128) | | | | | | password | varchar(32) | | | | | | name | varchar(100) | | | | | | parade | tinyint(3) unsigned | | | 0 | | | championship | tinyint(3) unsigned | | | 0 | | | steak_fry | tinyint(3) unsigned | | | 0 | | +--------------+----------------------+------+-----+---------+----------------+ 7 rows in set (0.01 sec)
Ah yeah that makes a lot more sense, and will make life easier. However I still need help on how to allow users to edit their information? I know this probably is harder to explain so if you can direct me to a website or something that will help me, I'd be very thankful.
Thanks!
-Bryan
]
What do you need help with? Authenticating users or pulling and updating data?
Well Both, authenticating the users (which I will have a list of all of them, they wont need to register themselves, probably...) and then allowing them to access and update their data....
]
Here's an updated table description and the SQL statement to create it. More is coming later.
Code:+--------------+---------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------------+---------------------+------+-----+---------+-------+ | username | varchar(128) | | PRI | | | | password | varchar(32) | | | | | | name | varchar(100) | | | | | | parade | tinyint(3) unsigned | | | 0 | | | championship | tinyint(3) unsigned | | | 0 | | | steak_fry | tinyint(3) unsigned | | | 0 | | +--------------+---------------------+------+-----+---------+-------+ 6 rows in set (0.02 sec) CREATE TABLE `users` ( `username` varchar(128) NOT NULL default '', `password` varchar(32) NOT NULL default '', `name` varchar(100) NOT NULL default '', `parade` tinyint(3) unsigned NOT NULL default '0', `championship` tinyint(3) unsigned NOT NULL default '0', `steak_fry` tinyint(3) unsigned NOT NULL default '0', PRIMARY KEY (`username`), UNIQUE KEY `username` (`username`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
Looks like you guys got the main structure of the base down. But anyway, just in case you need another reference you can check out this tutorial . It shows you how to create everything from the tables in the databse to the user modification of their profiles. It is very simple to follow with all the source code available to you.
Hope it helps...
Shaun.
Thanks shauno7. I'll be posting some code shortly.
I was looking in a book at Barnes and Noble today and it had ways for users to modify data n their tables (I can do this easy) but having them be able to do it to their own areas is different and more complex. I'll check out that tutorial and more. Just so you know setting up the tables isnt my problem its having people fill out a form and then that data going into the table (that is easy, ive shown that ican do that) but having them able to login in and modify is really what this entire thread was about. We are definately getting there tho, and I'll look at that tutorial shortly.
]
I wouldn't follow that tutorial too closely if I were you. The code is a little outdated and it isn't exactly written using "best practice." It might work, but it's gonna be ugly.
Also, if we hadn't hashed out the table structure beforehand, we wouldn't have had any idea about how the thing is going to work. Computer science is about 80% planning, 10% coding, and 7% checking email. The other 3% gets lost in frequent trips to the coffeemaker.
Its important to remember the difference between allowing a user to modify "their entry in the table" and allowing a user to access a script that does the modifying for them. You don't want the users of your website having access to your database! Thats where PHP should come in
Hmmm so, should I create a modifying page for each database? Well I guess i kind of have to lol.
So wait, can this be done?
So bob here logs in with user: Bob James password: Password and the Script then finds his data, by matching his name. If two match then he is allowed to modify is data.
The modifying script has to know what row to modify though, so it will use the $name field as a variable and have the username that he logged in as fill in the $name field so the user isnt allowed to change other peoples data, did that make any sense lol.
]
Hi MS,
Here is some code you might want to modify and use:
It looks very procedural and I haven't spent much time with security issues, but anyways I am pretty sure that it should get you started:
you will create say... your 'login' table.
Here is a simple login script:Code:CREATE TABLE `login` ( `userID` mediumint(11) unsigned NOT NULL auto_increment, `username` varchar(25) NOT NULL, `password` varchar(50) NOT NULL, PRIMARY KEY (`userID`) )
Then use this code on top of each page you want to be protected:PHP Code:
<?php
session_start();
//get the data used to authenticate users
$username = trim(addslashes($_POST['username']));
//without encryption:
$password = trim(addslashes($_POST['password']));
//with encryption
//$password = md5($_POST['password']);
//if you use encryption. make sure that you will first record your user password like this:
//$password = md5($_POST['password']);
//perform the query to see if you have a matching result
$sql = mysql_query(
"SELECT userID
, username
, password
FROM login
WHERE username = '$username'
AND password = '$password'")
or die('<p>Unable to query the database at this time.<br />Error: ' . mysql_error() . '</p>');
$row = mysql_fetch_array($sql);
if(mysql_num_rows($sql) == 1) // if there is one matching result, then get some data to be displayed on your pages for the user logged in.
{
$_SESSION['userID'] = $row['userID'];
$_SESSION['username'] = $row['username'];
$_SESSION['loggedin'] = TRUE; // Setting session var 'loggedin' to true--> check it on top of each you want to be protected.
header('Location:http://www.yoursite.com/welcome.php'); // redirects to the welcome page if everything is ok. always use absolute URL!!
exit;
}else{
header('Location:http://www.yoursite.com/error.php'); // Redirect to error page.
exit;
}
?>
PHP Code:
if ($_SESSION['loggedin'] == TRUE) {
//display page
}
else {
//redirect to another page, like index or login...
}
for a much more complex auth system, check out this article:
http://www.sitepoint.com/article/ant...access-control
just in case, here is the login form:
now if you need to add new users, use the table shown above, and use the below code.Code:<form action="checklogin.php" method="post"> username: <input type="text" name="username" size="10" /> password: <input type="password" name="password" size=10 /> <input type="submit" value="go" /> </form>
here is the form:
here is the addnewmember.php relevant code:Code:<form action="addnewmember.php" method="post"> username: <input type="text" name="username" size="10" /> password: <input type="password" name="password" size=10 /> <input type="submit" value="go" /> </form>
Tip:PHP Code:$username = trim(addslashes($_POST['username']));
//without encryption:
$password = trim(addslashes($_POST['password']));
//with encryption
//$password = md5($_POST['password']);
//perform the query to see if you have a matching result
$sql = mysql_query(
"INSERT INTO
login
SET
username = '$username' '
, password = '$password' '
LIMIT 0,1")
or die('<p>Unable to query the database at this time.<br />Error: ' . mysql_error() . '</p>');
redirect your users to an error management page. In the long run, you'll love a page like this one.
and at the top of error.phpPHP Code:else{
header('Location:http://www.yoursite.com/error.php?e=wrong_login'); // Redirect to error page.
exit;
}
And in the body of your page.PHP Code:$error = $_GET['e'];
if ($error = 'wrong_login') {
$error_message = 'A problem occured during your registration process. Please try again.';
}
that way you can manage multiple errors only in one page.PHP Code:echo ($error_message);
If you have more than one error to manage in the near future, then use the switch statement instead of multiple ifs.
if you get that, allowing your users to modify their data will be very easy. All you'll have to do is to select their data based on their login info, let them edit it in a form, then update the database with the submitted data using an update query. You'll find the row to edit using a WHERE clause (WHERE username = ... AND password=... ).
that's it pretty much.
'hope that helped
Last edited by duuudie; Feb 14, 2005 at 03:36.
That definately will help!!! I just came from 6 hours of rehearsal and I have 9 more tomorrow followed by 6 more on wenseday concluding with the Fiesta Bowl National Band Championship on thursday and the parade on friday. So I'm extremely busy but I'll fiddle with the code tonight and tomorrow night if I have time nad see what I can come up with
]
Also, check this excellent article:
http://www.sitepoint.com/article/use...sessions-mysql
it's a must-read
Hmm I tried out the code, its kinda working.... and I thank you a ton for tha
heres the code:
PHP Code:<?php
$db = "mplionhe_documents"; // name of database
$user = "mplionhe"; // username for database
$password = "password"; // password for database
// make the connection
$link = mysql_connect("localhost", $user, $password);
if (!$link) die ("cant connect to mysql");
//select the database once connected.
mysql_select_db($db, $link) or die ("cannot connect to $db");
session_start();
//get the data used to authenticate users
$username = trim(addslashes($_POST['username']));
//without encryption:
$password = trim(addslashes($_POST['password']));
//with encryption
$password = md5($_POST['password']);
//if you use encryption. make sure that you will first record your user password like this:
//$password = md5($_POST['password']);
//perform the query to see if you have a matching result
$sql = mysql_query(
"SELECT userID
, username
, password
FROM Login
WHERE username = '$username'
AND password = '$password'
LIMIT 0,1")
or die('<p>Unable to query the database at this time.<br />Error: ' . mysql_error() . '</p>');
$row = mysql_fetch_array($sql);
if(mysql_num_rows($sql) == 1) // if there is one matching result, then get some data to be displayed on your pages for the user logged in.
{
$_SESSION['userID'] = $row['userID'];
$_SESSION['username'] = $row['username'];
$_SESSION['loggedin'] = TRUE; // Setting session var 'loggedin' to true--> check it on top of each you want to be protected.
header('Location:http://www.mplionhearts.com/'); // redirects to the welcome page if everything is ok. always use absolute URL!!
exit;
}else{
header('Location:http://www.mplionhearts.com/events.php'); // Redirect to error page.
exit;
}
?>
]
Hi
First: did you encrypt your password when you inserted it in the db? Because you can't have these two lines, it doesn't make that much sense:
In other words, when looking at your password in your db, does it rather look like:PHP Code://without encryption:
$password = trim(addslashes($_POST['password']));
//with encryption
$password = md5($_POST['password']);
'mypassword'
or
'hs83g4857fhdj392hd83gd743hdfj9H92'
?
If it looks like the first one (and I bet it does), just use this line:
and erase (or comment out) this one:PHP Code://without encryption:
$password = trim(addslashes($_POST['password']));
If your password looks like my second example (a 32 chars hash), then make sure that you type your actual password, and not the 32 chars string.PHP Code://with encryption
$password = md5($_POST['password']);
Anyways, looking back at my code, here are some improvements. There was an obvious mistake: LIMIT the result to one row and then check if the result is equal to one row ()
voiląPHP Code:<?php
$db = "mplionhe_documents"; // name of database
$user = "mplionhe"; // username for database
$password = "password"; // password for database
// make the connection
$link = mysql_connect("localhost", $user, $password);
if (!$link) die ("cant connect to mysql");
//select the database once connected.
mysql_select_db($db, $link) or die ("cannot connect to $db");
session_start();
//get the data used to authenticate users
$username = trim(mysql_real_escape_string($_POST['username']));
//without encryption:
$password = trim(mysql_real_escape_string($_POST['password']));
//with encryption
$password = md5($_POST['password']);
//if you use encryption. make sure that you will first record your user password like this:
//$password = md5($_POST['password']);
//perform the query to see if you have a matching result
$sql = mysql_query(
"SELECT userID
, username
, password
FROM Login
WHERE username = '$username'
AND password = '$password'")
or die('<p>Unable to query the database at this time.<br />Error: ' . mysql_error() . '</p>');
$row = mysql_fetch_array($sql);
if(mysql_num_rows($sql) != 1) // if there is one matching result, then get some data to be displayed on your pages for the user logged in.
{
header('Location:http://www.mplionhearts.com/events.php'); // Redirect to error page.
exit;
}else{
$_SESSION['userID'] = $row['userID'];
$_SESSION['username'] = $row['username'];
$_SESSION['loggedin'] = TRUE; // Setting session var 'loggedin' to true--> check it on top of each you want to be protected.
}
?>
Once again, this code is to get you started. You should check a the article by Harry F whose link I posted above.
Yeah I read through that article, great article. Also I noticed the limit you put in there and I thought it didnt make sense but I trusted that it was right lol. Yeah I dont know why I didnt remove one of the password options, I was thinking that both could stick in there and it would just use which ever one it applies to. I'll make some modifications when I get home.
]
I've looked through that article and somehow find myself having trouble creating pages that only members can go into once logged in? Don't I need to create a very similar PHP file that verifies that the user is infact valid based on the information he has submitted and have the php include it at the top of each page? Also how do I terminate sessions after a period of time.
]
Yes you will have to include your login check at the top of every page you want to be protected. You can make some very simple checks from setting an 'isloggedin' session to true once the password and username have been submitted and accepted, then checking at the top of your secured pages that this session is set to true (if not --> redirect to login page) to more complicated checks like the example provided in Harry F's Php Anth Vol II first chapter (available online).
Sessions should end after a while, depending on your server settings. It's however highly recommended that you don't only rely on this. Use the session_destroy() and session_unset() functions to control the logout of your members.
Somehow i still manage to be confused because i cant get it to work... do i need to alter the code that I include at the top of each page or what? Because if I inclused the same file that checkslogin (the file is called checklogin.php) then I end up with errors, what exactly do i need at the top of each page?
PHP Code:<?php
$db = "mplionhe_documents"; // name of database
$user = "mplionhe"; // username for database
$password = "password"; // password for database
// make the connection
$link = mysql_connect("localhost", $user, $password);
if (!$link) die ("cant connect to mysql");
//select the database once connected.
mysql_select_db($db, $link) or die ("cannot connect to $db");
session_start();
//get the data used to authenticate users
$username = trim(mysql_real_escape_string($_POST['username']));
//without encryption:
$password = trim(mysql_real_escape_string($_POST['password']));
//if you use encryption. make sure that you will first record your user password like this:
//$password = md5($_POST['password']);
//perform the query to see if you have a matching result
$sql = mysql_query(
"SELECT userID
, username
, password
FROM Login
WHERE username = '$username'
AND password = '$password'")
or die('<p>Unable to query the database at this time.<br />Error: ' . mysql_error() . '</p>');
$row = mysql_fetch_array($sql);
if(mysql_num_rows($sql) != 1) // if there is one matching result, then get some data to be displayed on your pages for the user logged in.
{
header('Location:http://www.mplionhearts.com/events.php'); // Redirect to error page.
exit;
}else{
$_SESSION['userID'] = $row['userID'];
$_SESSION['username'] = $row['username'];
$_SESSION['loggedin'] = TRUE; // Setting session var 'loggedin' to true--> check it on top of each you want to be protected.
}
?>
]
Posting Permissions
Bookmarks