|
|
|
|
Website User Registration in PHP
We will make a PHP web page in which we will connect to MySql database, handle user authentication and show certain data only for registered users.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1.
|
|
|
For storing usernames and passwords we will use MySql database.
You will need to create a new database and table. If you are not familiar with this please read lesson
In phpMyAdmin run the following SQL which will create a new table users.
CREATE TABLE users ( `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY , `username` TEXT NOT NULL , `password` TEXT NOT NULL ) ENGINE = InnoDB;
|
|
|
2.
|
|
|
We will also use phpMyAdmin to enter a few registered users.
Click tab Insert and enter data about users.
For id you can use value 0. Because when creating the table we have used Autoincrement, this value will be automatically incremented.
|
|
|
3.
|
|
|
When you enter password you should also select SHA1 function on the left to encode the password.
We do this for security reasons because storing a plain text passwords in a database is always a bad idea.
|
|
|
4.
|
|
|
If you have entered the data correctly you should now see the data in the table.
|
|
|
5.
|
|
|
We will now create a PHP page with a form for entering user data and code for handling user registration.
|
|
|
6.
|
|
|
At the top of the document you should start with PHP function session_start();
We do this to allow storing of user variables on the server. More about using $_SESSSION variable can be read in
Next we make a connection to the database where we enter correct data for server, username, password and database name. $db = mysqli_connect("localhost","root","","dev");
|
|
|
7.
|
|
|
We must also verify if there was a form submitted. If that is the case we will verify username and password.
For security reasons we also use function mysqli_real_escape_string which removes special characters that could influence SQL execution.
if (isset($_POST['username'])) { $username = mysqli_real_escape_string($db,$_POST['username']); $password = sha1(mysqli_real_escape_string($db,$_POST['password'])); $sql="select * from users where username='$username'"; $result = $db->query($sql); if ($row = $result->fetch_assoc()) { if ($row['password']==$password) $_SESSION['auth']=true; } }
If the username and data is the same as in our database we will set $_SESSSION['auth'] variable. This way we will know if the user is registered or not.
|
|
|
8.
|
|
|
Next we also add support for logging off.
if (isset($_GET['logoff'])) { unset($_SESSION['auth'], $auth); }
In this case if the the variable logoff is set we will remove $_SESSSION['auth'] variable which means user is no longer registered.
|
|
|
9.
|
|
|
Now we must create form for entering user data.
We first check if variable $_SESSSION['auth'] is set and show form only if user is not authenticated.
<?php if (!isset($_SESSION['auth'])) { ?> <form method="post" action="index.php"> <p> <label for="username"></label> Username: <input type="text" name="username" id="username" /> </p> <p> <label for="password"></label> Password: <input type="text" name="password" id="password" /> </p><p> <input type="submit" name="Login" id="Login" value="Submit" /> </p> </form> <?php } ?>
|
|
|
10.
|
|
|
At the end of the document we add a text which will be shown to registered users only.
<?php if (isset($_SESSION['auth'])) { ?>
Logged in... <br /> <a href="index.php?logoff=1">Log off</a> <?php } ?>
|
|
|
11.
|
|
|
If we now open the form and enter the correct user data we will be able to see the text for the registered users.
If you click the link Log off you will again be unauthenticated. Code for handling this is described in step 8.
Complete PHP code from this lesson can be found on http://dreevoo.com/download/login.zip
For additional questions please ask on forum.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Hi, I have a question about the users table. Why did you used text for username and password instead of VARCHAR? |
|
|
|
|
|
|
|
|
TEXT is stored in the table as a pointer to the location of the actual text, while VARCHAR stores data directly in the table. So in theory VARCHAR is indeed a better choice.
But from practical point of view, the difference in performance is almost non-existant. On the other hand, for VARCHAR you need to specify maximum length. Since this is lesson for beginners, I have chosen TEXT, so that it will work in all cases.
I hope this answers your question. If you need any more info just let me know.
|
|
|
|
|
|
|
|
|
When I try the code I receive:
Fatal error: Call to a member function fetch_assoc() on a non-object in D:\wamp\www\login\index.php on line 14
Same goes for the Forum with PHP and MySQL .
Can you help me please?
|
|
|
|
|
|
|
|
|
The code is failing on line $result->fetch_assoc().
The error is saying that $result is not an object. The reason for this is that it failed in the previous call which is: $sql="select * from users where username='$username'"; $result = $db->query($sql);
So it seems there is a problem with your query to the database.
One possible reason is that the connection to the database was not successfully established. Another reason might be that tables in the database are not correct.
To solve this problem, you should first try to run the query in the phpMyAdmin to see if it returns any result. Try using additional "echo $sql" in the code (after defining $sql variable) to see exactly what the query is.
I would also suggest that you add the following line at the top of the page after <?php error_reporting(E_ALL);
This will show you all errors and warnings.
|
|
|
|
|