11 Replies - 1333 Views - Last Post: 01 April 2013 - 06:26 AM Rate Topic: -----

#1 mxdraceconfusion  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 7
  • Joined: 07-March 09

How do i create personal accounts in PHP

Posted 28 March 2013 - 06:45 AM

HI

I am currently creating a website and have pretty much completed everything the only issue I am having right now is in regards to members log ins. Currently my user registers and once logged in is directed to a generic membership page. I was wondering how I would go about making it so each user that logs in is directed to their own personal profile page?

Thanks alot
Is This A Good Question/Topic? 0
  • +

Replies To: How do i create personal accounts in PHP

#2 modi123_1  Icon User is offline

  • Suitor #2
  • member icon



Reputation: 9197
  • View blog
  • Posts: 34,551
  • Joined: 12-June 08

Re: How do i create personal accounts in PHP

Posted 28 March 2013 - 06:53 AM

How is the 'personal profile' page setup? It should be a generic form that takes in a member id.. so when someone navigates to the page (and fills out the data) it pulls up all the relevant information from the database... Part of the signin should be coughing up the member's id and then you can dynamically redirect to the profile page with said id.
Was This Post Helpful? 0
  • +
  • -

#3 SarumanTheWhite  Icon User is offline

  • D.I.C Regular

Reputation: 73
  • View blog
  • Posts: 352
  • Joined: 04-November 08

Re: How do i create personal accounts in PHP

Posted 28 March 2013 - 06:53 AM

This all comes off as sounding like you're doing this in raw PHP and nothing else. Are you using a database to manage these accounts? You could take this generic membership page, and rewrite it so that all relevant information is populated regarding said user from the database. Or am I misunderstanding?

Would be helpful to post what you've done so far to see what's going on.
Was This Post Helpful? 0
  • +
  • -

#4 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6063
  • View blog
  • Posts: 23,515
  • Joined: 23-August 08

Re: How do i create personal accounts in PHP

Posted 28 March 2013 - 07:35 AM

Here's a good link for you to read.
Was This Post Helpful? 0
  • +
  • -

#5 mxdraceconfusion  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 7
  • Joined: 07-March 09

Re: How do i create personal accounts in PHP

Posted 28 March 2013 - 07:37 AM

OK i am using a database but like i said its a very basic log in page at the moment. This is what i have at the moment:


Config.inc.php

<?php

$dbhost = 'localhost';
$dbname = 'database';
$dbuser = 'root';
$dbpass = 'password';
$dbtable = 'users';

?>




Index.php
<?php

require 'header.inc.php';

if ( isset($_SESSION['User']) )
{
	echo "You are already logged in.. redirecting\n";
	echo "<meta http-equiv=\"refresh\" content=\"1;url=members.php\">\n";
} else {
	if ( !isset($_POST['username']) || !isset($_POST['password']) )
	{
		echo "Login:<br />\n";
		echo "<form method=\"post\" action=\"index.php\">\n";
		echo "Username: <input type=\"text\" name=\"username\"><br />\n";
		echo "Password: <input type=\"password\" name=\"password\"><br />\n";
		echo "<input type=\"submit\" value=\"Login\"><br />\n";
		echo "</form>\n";
		echo "<a href=\"register.php\">Create an account!</a>";
	} else {
		$username = addslashes($_POST['username']);
		$password = sha1(addslashes($_POST['password']));
		$ret = mysql_query("SELECT * FROM $dbtable WHERE UserName = '$username' AND UserPass = '$password' LIMIT 1");
		if (@mysql_num_rows($ret) != 0)
		{
			$ret = mysql_fetch_array($ret);
			$_SESSION['User'] = $ret;
			$username = $_SESSION['User']['UserName'];
			echo "Welcome back $username.. redirecting\n";
			echo "<meta http-equiv=\"refresh\" content=\"1;url=members.php\">\n";
		} else {
			echo "Sorry, Incorrect Login Information\n";
		}
	}
}



echo "</body>\n</html>\n";

?>



Members.php
<?php

require 'header.inc.php';

if ( !isset($_SESSION['User']) )
{
	echo "You are not logged in.. redirecting\n";
	echo "<meta http-equiv=\"refresh\" content=\"1;url=index.php\">\n";
} else {
	if ( isset($_GET['logout']) )
	{
		$username = $_SESSION['User']['UserName'];
		unset($_SESSION['User']);
		echo "Goodbye $username.. redirecting\n";
		echo "<meta http-equiv=\"refresh\" content=\"1;url=index.php\">\n";
	} else {
		echo "Welcome back {$_SESSION['User']['UserName']} <br />\n";
		echo "<a href=\"members.php?logout\">Logout</a>";
	}
}

include 'footer.inc.php';

?>



Mysql.inc.php
<?php

 
require 'config.inc.php';

$dbc = mysql_connect($dbhost,$dbuser,$dbpass);
if (!$dbc)
{
	exit('<strong>Error: </strong>Couldn\'t connect to MySQL Database.<br />'.mysql_errno().': '.mysql_error());
}

if (!mysql_select_db($dbname))
{
	exit('<strong>Error: </strong>Couldn\'t select MySQL Database.<br />'.mysql_errno().': '.mysql_error());
}

?>


Register.php
<?php

require 'header.inc.php';

if ( !isset($_POST['username']) || !isset($_POST['password']) || !isset($_POST['email']) || $_POST['username'] == '' || $_POST['password'] == '' || $_POST['email'] == '')
{
	echo "Register:<br />\n";
	echo "<form method=\"post\" action=\"register.php\">\n";
	echo "Username: <input type=\"text\" name=\"username\"><br />\n";
	echo "Password: <input type=\"password\" name=\"password\"><br />\n";
	echo "Email: <input type=\"text\" name=\"email\"><br />\n";
	echo "<input type=\"submit\" value=\"Register\"><br />\n";
	echo "</form>\n";
	echo "<a href=\"index.php\">Back</a>";
} else {
	$username = addslashes($_POST['username']);
	$password = addslashes($_POST['password']);
	$email = addslashes($_POST['email']);
	$ret = mysql_query("SELECT * FROM $dbtable");
	if (@mysql_num_rows($ret) != 0)
	{
		while ($row = mysql_fetch_array($ret))
		{
			if ($username == $row['UserName'])
			{
				$error .= "Username Taken<br />\n";
			}
			if ($email == $row['UserEmail'])
			{
				$error .= "Email Taken<br />\n";
			}
		}

	}
	if(!preg_match('/^[\w\-\.]{1,40}\@[\w\.]{1,40}\.[\w\-\.]{1,40}$/', $email)){
		$error .= "Invalid Email<br />\n";
	}
	if ($error != '')
	{
		echo $error;
		include 'footer.inc.php';
		exit;
	}
	$pword = sha1($password);
	$keys = '`UserName`,`UserPass`,`UserEmail`';
	$values = "'$username','$pword','$email'";
	$ret = mysql_query("INSERT INTO $dbtable ($keys) VALUES ($values)");
	if (!$ret)
	{
		exit('<strong>Error: </strong>Couldn\'t insert into MySQL Database.<br />'.mysql_errno().': '.mysql_error());
	} else {
		echo "The username '$username' has been added to the database.<br />The account information has been emailed to you.<br />Go <a href=\"index.php\">back</a>.";
		$message = "Hey $username, \n\nThanks for signing up to Placement made easy, here are your account details:\n";
		$message .= "Username: $username\nPassword: $password";
		mail($email, 'placements Account Information', $message, "From: \"placements\"<laura@localhost.localdomain>");
	}
}

include 'footer.inc.php';

?>




Was This Post Helpful? 0
  • +
  • -

#6 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3541
  • View blog
  • Posts: 10,228
  • Joined: 08-June 10

Re: How do i create personal accounts in PHP

Posted 28 March 2013 - 09:29 AM

there are several problems that can bite you:

- NEVER EVER use the database root account (except for database administration)

- the mysql extension is outdated and deprecated, use the more modern PDO or MySQli extensions instead

- do not use the error suppression operator (@)

- addslashes() should NEVER be used to escape SQL input (if magic_quotes_gpc is on this will lead to no escaping at all). the better options are Prepared Statements (where you donít need escaping at all)

- hashing passwords is good, but SHA-1 can be hacked quite fast. currently the best option for password hashing is bcrypt (in PHP available through crypt())

- emails can be conveniently validated via filter functions
Was This Post Helpful? 0
  • +
  • -

#7 DoxramosPS  Icon User is offline

  • D.I.C Head

Reputation: 4
  • View blog
  • Posts: 174
  • Joined: 07-October 12

Re: How do i create personal accounts in PHP

Posted 29 March 2013 - 11:49 PM

As far as getting your users information. Use mysqli like what was said and pull the information from the database. Are you looking to have a signature/about me? What kind of page is this forum/shopping? Lets say you have user as the column name in your SQL DB.
$link = mysqli_connect($server,$user,$pass,$db)
    or die("Connection Failed" . mysqli_error());
$qry = "SELECT about_me FROM users WHERE user = ".$_SESSION['User']."");
  $result = mysqli_query($link,$qry);
   while($row = mysqli_fetch_array($result))
   {
     print $row['about_me'];
   }


It's going to pull the about me column from the users table. Personally; I would set it to being ID handled so that say the user's Session ID is ID number 4
You would do the same kind of thing, but instead of using
$qry = "SELECT about_me FROM users WHERE user = ".$_SESSION['USER']."");


You could instead have a second table where the users are matched through their ID
So now you could use
$qry = "SELECT about_me FROM user_profile WHERE id = ".$_SESSION['id']."");


Of course you would need to have the IDs match inside your database so you would have the ID in both users and user_profile. While it's not really necessary I just feel it's a cleaner solution, but that's a matter of opinion and fully up to you as the one writing the code. Personally I feel that setting it up as a function would be your best bet overall, so that on the user profile page you could eventually have your layout set up and have things such as.
<?= $YourFunctionCall->GetAboutMe(); ?>
<?= $YourFunctionCall->GetBirthDate(); ?>
<?= $YourFunctionCall->GetUserName(); ?>


etc etc. Hope that at least something up there makes sense. I'm in no way a PHP expert, but I like to think that I'm getting to the point that I'm able to help people rather than just ask for help. :) Best of luck.
Was This Post Helpful? 0
  • +
  • -

#8 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3541
  • View blog
  • Posts: 10,228
  • Joined: 08-June 10

Re: How do i create personal accounts in PHP

Posted 30 March 2013 - 12:05 AM

the above code contains several problems:

- mysqli_connect() always returns a MySQLi objectóeven if the connection fails! (the or die() part will never trigger). therefore you need to test with mysqli_connect_error() (resp. the ->connect_error() method of the mysqli object).

- mysqli_query() in contrast is not checked for errors Ö

- $_SESSION['User'] must originate from a trusted source (e.g. a DB entry) (note: user input is never ever a trusted source)

- ."" what use is that?

- using while() is IMHO an awful hack to get around the empty result issue. (why should queries that supposedly return a single result be used with a loop?)

- string values in SQL need to be quoted

- <?= requires PHP 5.4 or short tags to be enabled
Was This Post Helpful? 0
  • +
  • -

#9 DoxramosPS  Icon User is offline

  • D.I.C Head

Reputation: 4
  • View blog
  • Posts: 174
  • Joined: 07-October 12

Re: How do i create personal accounts in PHP

Posted 30 March 2013 - 12:20 AM

Few questions on that Domrilich. I just used the mysqli_connect in a test page of mine and intentionally used the wrong password and it threw the die out right away, so I'm a little curious as to what you mean by that. Yeah; I didn't put an error check on the query there. It's not meant to be used as a copy paste guideline, just sort of a general idea. The ."" is because otherwise variables never seem to work in my queries, not quite sure as to why. As far as the while being a hack. Never thought of it that way. It's just the way that I learned to return results. (A lot of when I first started learning came from W3 Schools which I found out later on was a horrible place to learn.)
And then as far as $_SESSION['User'] Isn't that pulled from the database? IE the $_SESSION['User'] Would be pulled When you logged in and set that way? Appreciate the input and I'll have to look up some of the issues like you said just some general questions regarding what was said. And then 5.4 or short tags. If they didn't work then would you just utilize them as
<?php
$YourFunctionCall->YourFunction(); ?>


And then that solve that issue?
Was This Post Helpful? 0
  • +
  • -

#10 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3541
  • View blog
  • Posts: 10,228
  • Joined: 08-June 10

Re: How do i create personal accounts in PHP

Posted 30 March 2013 - 01:20 AM

View PostDoxramosPS, on 30 March 2013 - 08:20 AM, said:

I just used the mysqli_connect in a test page of mine and intentionally used the wrong password and it threw the die out right away, so I'm a little curious as to what you mean by that.

cf. mysqli_construct(), itís said there.
personally I rather use PDO instead of MySQLi, since PDO has (by far) the better error handling.


View PostDoxramosPS, on 30 March 2013 - 08:20 AM, said:

I didn't put an error check on the query there. It's not meant to be used as a copy paste guideline, just sort of a general idea.

always do. the most people asking here donít know the difference and do copy-paste (beside that we have to counter the myriads of badly written mysql tutorials out there).


View PostDoxramosPS, on 30 March 2013 - 08:20 AM, said:

And then as far as $_SESSION['User'] Isn't that pulled from the database? IE the $_SESSION['User'] Would be pulled When you logged in and set that way? Appreciate the input and I'll have to look up some of the issues like you said just some general questions regarding what was said.

the point I wanted to make is because of SQL Injections. when you insert data like that, you must be 100% sure that no SQl Injection can happen. simply using a session value is no guarantee that the value is harmless, it is harmless if and only if the value does not originate from user input (i.e. not something like $_SESSION['user'] = $_POST['user']).
the comment was meant as "issue needs to be borne in mind"

View PostDoxramosPS, on 30 March 2013 - 08:20 AM, said:

And then 5.4 or short tags. If they didn't work then would you just utilize them as
<?php
$YourFunctionCall->YourFunction(); ?>


And then that solve that issue?

well, obviously. because <?= is <?php echo .
Was This Post Helpful? 0
  • +
  • -

#11 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2984
  • Posts: 10,316
  • Joined: 08-August 08

Re: How do i create personal accounts in PHP

Posted 30 March 2013 - 07:52 AM

I agree with everyone that prepared statements should be used, but I think the database issue is only part of the problem here. The main issue is how to treat different types of users. I'd do that by making each user an object and letting the object's type determine what they see. Here's an example where I show admin and normal users different list boxes. It's a bit simplified in that you could do it without creating separate classes, but in a more complicated situation this method is preferable.
<?php
$listbox =<<<here
<select size={size} name="lstResource" onchange="doPostBack();"> 
	{options}
</select>
here;
$option =<<<opt
   <option value="{value}" >{text}</option>
opt;


abstract class users {
	protected $firstname;
	protected $lastname;
	
	function __construct($first, $last) {
		$this->firstname = $first;
		$this->lastname = $last;
	}

	function __tostring() {
		return $this->lastname.", ".$this->firstname."<br>";
	}
	
	abstract function show_options($list, $option_line);

}

class admin_user extends users {

	function show_options($list, $option_line) {
		$options = file("normal.txt");
		$options = array_merge($options, file("admin.txt"));
		$list = str_replace("{size}", min(count($options), 6), $list);
		$myoptions = "";
		$replace = array("{value}", "{text}");
		foreach($options as $an_option) {
			$opt = explode("|",$an_option);
			$myoptions .= str_replace($replace, array($opt[0],$opt[1]), $option_line)."\n";
		}
		return str_replace("{options}", $myoptions, $list);
	}

}

class normal_user extends users {
	
	function show_options($list, $option_line) {
		$options = file("normal.txt");
		$list = str_replace("{size}", min(count($options), 6), $list);
		$myoptions = "";
		$replace = array("{value}", "{text}");
		foreach($options as $an_option) {
			$opt = explode("|",$an_option);
			$myoptions .= str_replace($replace, array($opt[0],$opt[1]), $option_line);
		}
		return str_replace("{options}", $myoptions, $list);
	}

}


// If the user is an administrator, use the admin_user class:
$test_admin = new admin_user("John","Doe");

echo "Admin: ".$test_admin;
echo $test_admin->show_options($listbox, $option);

echo "\n\n\n\n<br><br><br>";

// If the user is a normal user, use the normal_user class:
$test_normal = new normal_user("Joe","Smith");
echo "Normal: ".$test_normal;
echo $test_normal->show_options($listbox, $option);


admin.txt
10|Admin user option one.
11|Admin user option two.
12|Admin user option three.
13|Admin user option four.


normal.txt
1|Normal user option one.
2|Normal user option two.
3|Normal user option three.
4|Normal user option four.


Was This Post Helpful? 0
  • +
  • -

#12 mxdraceconfusion  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 7
  • Joined: 07-March 09

Re: How do i create personal accounts in PHP

Posted 01 April 2013 - 06:26 AM

Thanks for all your answers they have really helped
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1