Can anyone help me make a basic usersystem, like anyone know a tutorial, all i really need is a pm system and the login and register parts.

Database

CREATE TABLE `users` (
`id` int(11) NOT NULL auto_increment,
`username` varchar(30) NOT NULL default '',
`password` varchar(255) NOT NULL default '',
`email` varchar(40) NOT NULL default '',
`msn` varchar(250) NOT NULL default 'Not Specified',
`aim` varchar(250) NOT NULL default 'Not Specified',
`location` varchar(36) NOT NULL default 'Not Specified',
PRIMARY KEY (`id`)
) TYPE=MyISAM;

config.php

<?
ob_start(); // allows you to use cookies
$conn = mysql_connect("localhost","DATABASE USERNAME","DATABASE PASSWORD");
mysql_select_db(DATABASE NAME) or die(mysql_error());
//fill in the above lines where there are capital letters.
$logged = MYSQL_QUERY("SELECT * from users WHERE id='$_COOKIE[id]'");
$logged = mysql_fetch_array($logged);
//the above lines get the user's information from the database.
?>

editprofile.php

<?
ob_start();
include("config.php");
if ($logged[username])
{
// the user is logged in! We continue...
if (!$_POST[update])
{
// the form hasn't been submitted. We continue...
$profile = mysql_query("SELECT * from users where username = '$logged[username]'");
$profile = mysql_fetch_array($profile);
// the above lines get the information so that it can be displayed in the html form.
echo("
<center><form method=\"POST\">
<table width=\"100%\">
<tr>
<td align=\"right\" width=\"25%\">
Location
</td>
<td align=\"left\">
<input type=\"text\" size=\"25\" maxlength=\"25\" name=\"locate\" value=\"$profile[location]\"></td>
</tr>
<tr>
<td align=\"right\" width=\"25%\">
MSN Messenger
</td>
<td align=\"left\">
<input size=\"25\" name=\"msn\" value=\"$profile[msn]\"></td>
</tr>
<tr>
<td align=\"right\" width=\"25%\">
AOL Messenger</td>
<td align=\"left\">
<input size=\"25\" name=\"aim\" value=\"$profile[aim]\"></td>
</tr>
<tr>
<td align=\"right\" width=\"25%\">
Email Address</td>
<td align=\"left\">
<input size=\"25\" name=\"email\" value=\"$profile[email]\"></td>
</tr>
<tr>
<td align=\"center\">
</td>
<td align=\"left\">
<input type=\"submit\" name=\"update\" value=\"Update\"></td>
</tr>
</table>
</form>
</center>");
}
else
{
$email = htmlspecialchars($_POST[email]);
$aim = htmlspecialchars($_POST[aim]);
$msn = htmlspecialchars($_POST[msn]);
$locate = htmlspecialchars($_POST[locate]);
// the above lines get rid of all html.
echo ("Your profile has been updated!");
$update = mysql_query("Update users set email = '$email',
msn = '$msn', aim = '$aim', location = '$locate' where username = '$logged[username]'");
// updates the information in the database.
}
}
else
{
// They aren't logged in!
echo ("<a href=\"login.php\">You must login</a>");
}
?>

members.php

<?
ob_start();
include("config.php");
if (!$_GET[user])
{
$getuser = mysql_query("SELECT * from users order by id asc");
while ($user = mysql_fetch_array($getuser))
{
// gets all the users information.
echo ("<a href=\"members.php?user=$user[username]\">$user[username]</a><br />\n");
// links to a page to view the user's profile.
}
}
ELSE
{
$getuser = mysql_query("SELECT * from users where username = '$_GET[user]'");
$usernum = mysql_num_rows($getuser);
if ($usernum == 0)
{
echo ("User Not Found");
}
else
{
$profile = mysql_fetch_array($getuser);
echo ("<center><b>$profile[username]'s Profile:</b><br /></center>
MSN Messenger: $profile[msn]<br />
AIM Messebger: $profile[aim]<br />
Location: $profile[location]<br />
Email: $profile[email]");
// in the above code, we display the user's information.
}
}
?>

logout.php

<?
ob_start();
setcookie("id", 2132421,time()+(60*60*24*5), "/", "");
setcookie("pass", loggedout,time()+(60*60*24*5), "/", "");
echo ("You are now logged out!");
?>

register.php

<?php
ob_start();
// allows you to use cookies
include("config.php");
//gets the config page
if ($_POST[register]) {
// the above line checks to see if the html form has been submitted
$username = $_POST[username];
$pass = $_POST[pass];
$cpassword=$_POST[cpass];
$email = $_POST[emai1];
//the above lines set variables with the user submitted information
if($username==NULL|$pass==NULL|$cpassword==NULL|$e mail==NULL) {
//checks to make sure no fields were left blank
echo "A field was left blank.";
}else{
//none were left blank! We continue...
if($pass != $cpassword) {
// the passwords are not the same!
echo "Passwords do not match";
}else{
// the passwords are the same! we continue...
$pass = md5($pass);
// encrypts the password
$checkname = mysql_query("SELECT username FROM users WHERE username='$username'");
$checkname= mysql_num_rows($checkname);
$checkemail = mysql_query("SELECT email FROM users WHERE email='$email'");
$checkemail = mysql_num_rows($checkemail);
if ($checkemail>0|$checkname>0) {
// oops...someone has already registered with that username or email!
echo "The username or email is already in use";
}else{
// noone is using that email or username! We continue...
$username = htmlspecialchars($username);
$pass = htmlspecialchars($pass);
$email = htmlspecialchars($email);
// the above lines make it so that there is no html in the user submitted information.
//Everything seems good, lets insert.
$query = mysql_query("INSERT INTO users (username, password, email) VALUES('$username','$pass','$email')");
// inserts the information into the database.
echo "You have successfully registered!";
}
}
}
}
else
{
// the form has not been submitted...so now we display it.
echo ("
<center>
<form method=\"POST\">
Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\"><br />
Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"pass\"><br />
Confirm Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"cpass\"><br />
Email: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"emai1\"><br />
<input name=\"register\" type=\"submit\" value=\"Register\">
</form>
</center>
");
}
?>

login.php

<?
oB_start();
// allows you to use cookies.
include("config.php");
if (!$logged[username])
{
if (!$_POST[login])
{
echo("
<center><form method=\"POST\">
<table>
<tr>
<td align=\"right\">
Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\">
</td>
</tr>
<tr>
<td align=\"right\">
Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"password\">
</td></tr><tr>
<td align=\"center\">
<input type=\"submit\" name=\"login\" value=\"Login\">
</td></tr><tr>
<td align=\"center\">
<a href=\"register.php\">Register Here</a>
</td></tr></table></form></center>");
}
if ($_POST[login]) {
// the form has been submitted. We continue...
$username = $_POST['username'];
$pass = md5($_POST[password]);
// the above lines set variables with the submitted information.
$info = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($info);
if($data[password] != $pass) {
// the password was not the user's password!
echo "Incorrect username or password!";
}else{
// the password was right!
$query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$user = mysql_fetch_array($query);
// gets the user's information
setcookie("id", $user[id],time()+(60*60*24*5), "/", "");
setcookie("pass", $user[password],time()+(60*60*24*5), "/", "");
// the above lines set 2 cookies. 1 with the user's id and another with his/her password.
echo ("<meta http-equiv=\"Refresh\" content=\"5; URL=http://www.habbil.com/users/login.php\"/>Thank You! You will be redirected");
// modify the above line...add in your site url instead of yoursite.com
}
}
}
else
{
// we now display the user controls.
echo ("<center>Welcome <b>$logged[username]</b><br /></center>
- <a href=\"editprofile.php\">Edit Profile</a><br />
- <a href=\"members.php\">Member List</a><br />
- <a href=\"logout.php\">Logout</a>");
}
?>

PM system:

Database

CREATE TABLE `pmessages` (
`title` varchar(255) NOT NULL default 'Untitled Message',
`message` text NOT NULL,
`touser` varchar(255) NOT NULL default '',
`from` varchar(255) NOT NULL default '',
`unread` varchar(255) NOT NULL default 'unread',
`date` date NOT NULL default '0000-00-00',
`id` int(15) NOT NULL auto_increment,
`reply` varchar(15) NOT NULL default 'no',
PRIMARY KEY (`id`)
) TYPE=MyISAM;

messages.php

<?
ob_start();
//the above line needs to be above ALL HTML and PHP (except for <?).
include("config.php");
//gets the config page, which connects to the database and gets the user's information
if ($logged[username])
{
//checks to see if they are logged in
switch($_GET[page])
{
//this allows us to use one page for the entire thing
default:
Echo"
<meta http-equiv='refresh' content='0;URL=messages.php?page=inbox'>
";
break;
case 'write':
if (!$_POST[send])
{
//the form hasnt been submitted yet....
echo ("
<a href='messages.php'>Go Back</a><br><br>
<form method=\"POST\" style=\"margin: 0px;\">
<dl style=\"margin: 0px;\">
<dt>recipient</dt>
<dd>
<select name='to'>
");
$getusers = mysql_query("SELECT * FROM users ORDER BY 'username' ASC");
while ($users = MySQL_Fetch_Array($getusers)) {
echo ("<option value=\"$users[username]\">$users[username]</option>");
}
//the above line gets all the members names and puts them in a drop down box
echo ("
</select>
</dd>
<dt>Message Subject</dt>
<dd><input type=\"text\" name=\"subject\" size=\"20\"></dd>
<dt>Message</dt>
<dd><textarea rows=\"7\" name=\"message\" cols=\"35\"></textarea>
</dd><dt> </dt>
<dd><input type=\"submit\" value=\"Submit\" name=\"send\"></dd>
</dl>
</form>
");
}
if ($_POST[to])
{
//the form has been submitted. Now we have to make it secure and insert it into the database
$subject = htmlspecialchars(addslashes("$_POST[subject]"));
$message = htmlspecialchars(addslashes("$_POST[message]"));
$to = htmlspecialchars(addslashes("$_POST[to]"));
//the above lines remove html and add \ before all "
$send = mysql_query("INSERT INTO `pmessages` ( `title` , `message` ,
`touser` , `from` , `unread` ,
`date` ) VALUES ('$subject', '$message', '$to',
'$logged[username]', 'unread', NOW())");
echo ("
<a href='messages.php?page=inbox'>Go Back</a><br><br>
Your message has been sent.");
}
break;
case 'delete':
if (!$_GET[msgid])
{
echo ("
<a href='messages.php?page=inbox'>Go Back</a><br><br>
Sorry, but this is an invalid message.
");
}
else
{
$getmsg = mysql_query("SELECT * from pmessages where id = '$_GET[msgid]'");
$msg = mysql_fetch_array($getmsg);
//hmm..someones trying to delete someone elses messages! This keeps them from doing it
if ($msg[touser] != $logged[username])
{
echo ("
<a href='messages.php?page=inbox'>Go Back</a><br><br>
This message was not sent to you!
");

}
else
{
$delete = mysql_query("delete from pmessages where id = '$_GET[msgid]'");
echo ("
<a href='messages.php?page=inbox'>Go Back</a><br><br>
Message Deleted!
");
}
}
break;
case 'deleteall':
$delete = mysql_query("delete from pmessages where touser = '$logged[username]'");
echo ("
<a href='messages.php?page=inbox'>Go Back</a><br><br>
All Message Deleted!
");
break;
case 'inbox':
$get = mysql_query("SELECT * from pmessages where touser = '$logged[username]' order by id desc");
echo("
<a href='messages.php?page=write'>Create New Message</a><br><br>
<a href='messages.php?page=deleteall'>Delete All Messages</a><br><br>
<table border=\"0\" width=\"100%\" cellspacing=\"0\">
<tr>
<td align=\"center\" style=\"border-bottom:#000000 solid 1px;\">Subject</td>
<td align=\"center\" width=\"125\" style=\"border-bottom:#000000 solid 1px;\">From</td>
<td align=\"center\" width=\"97\" style=\"border-bottom:#000000 solid 1px;\">Date</td>
<td width=\"25\" style=\"border-bottom:#000000 solid 1px;\">Delete</td>
</tr>
</table>
");
$nummessages = mysql_num_rows($get);
if ($nummessages == 0)
{
echo ("You have 0 messages!");
}
else
{
echo("<table border=\"0\" width=\"100%\" cellspacing=\"1\">");
while ($messages = mysql_fetch_array($get))
{
//the above lines gets all the messages sent to you, and displays them with the newest ones on top
echo ("
<tr>
<td><a href=\"messages.php?page=view&msgid=$messages[id]\">");
if ($messages[reply] == yes)
{
echo ("Reply to: ");
}
echo ("$messages[title]</a></td>
<td width=\"125\">$messages[from]</td>
<td width=\"97\">$messages[date]</td>
<td width=\"25\"><a href=\"messages.php?page=delete&msgid=$messages[id]\">Delete</a></td>
</tr>");
}
echo ("</table>");
}
break;
case 'view':
//the url now should look like ?page=view&msgid=#
if (!$_GET[msgid])
{
//there isnt a &msgid=# in the url
echo ("
<a href='messages.php?page=inbox'>Go Back</a><br><br>
Invalid message!");
}
else
{
//the url is fine..so we continue...
$getmsg= mysql_query("SELECT * from pmessages where id = '$_GET[msgid]'");
$msg = mysql_fetch_array($getmsg);
//the above lines get the message, and put the details into an array.
if ($msg[touser] == $logged[username])
{
//makes sure that this message was sent to the logged in member
if (!$_POST[message])
{
//the form has not been submitted, so we display the message and the form
$markread = mysql_query("Update pmessages set unread = 'read' where id = '$_GET[msgid]'");
//this line marks the message as read.
$msg[message] = nl2br(stripslashes("$msg[message]"));
//removes slashes and converts new lines into line breaks.
echo ("<a href='messages.php?page=inbox'>Go Back</a><br><br>
<form method=\"POST\" style=\"margin: 0px;\">
<dl style=\"margin: 0px;\">
<dt><b>$msg[title] -- From $msg[from]</b></dt>
<dd>$msg[message]</dd>
<dt><b>Reply</b></dt>
<dd><textarea rows=\"6\" name=\"message\" cols=\"45\"></textarea></dd>
<dt> </dt>
<dd><input type=\"submit\" value=\"Submit\" name=\"send\"></dd>
</dl></form>");
}
if ($_POST[message])
{
//This will send the Message to the database
$message = htmlspecialchars(addslashes("$_POST[message]"));
$do = mysql_query("INSERT INTO `pmessages` ( `title` , `message` , `touser` , `from` , `unread` ,
`date`, `reply`) VALUES
('$msg[title]', '$message', '$msg[from]', '$logged[username]',
'unread', NOW(), 'yes')");
echo ("
<a href='messages.php?page=inbox'>Go Back</a><br><br>
Your message has been sent");
}
}
else
{
//This keeps users from veiwing other users comments
echo("
<a href='messages.php?page=inbox'>Go Back</a><br><br>
<b>Error</b><br />");
echo ("This message was not sent to you!");
}}
Echo"
</td>
</tr>
</table>
";
break;
}
}
?>

login.php

Replace

// we now display the user controls.
echo ("<center>Welcome <b>$logged[username]</b><br /></center>
- <a href=\"editprofile.php\">Edit Profile</a><br />
- <a href=\"members.php\">Member List</a><br />
- <a href=\"logout.php\">Logout</a>");

with..

// we now display the user controls.
$new = mysql_query("select * from pmessages where unread = 'unread' and touser = '$logged[username]'");
$new = mysql_num_rows($new);
echo ("<center>Welcome <b>$logged[username]</b><br /></center>
- <a href=\"editprofile.php\">Edit Profile</a><br />
- <a href=\"messages.php\">Private Messages ($new New)</a><br />
- <a href=\"members.php\">Member List</a><br />
- <a href=\"logout.php\">Logout</a>");

edit: Thanks :D!

and there is something wrong with this line in the register.php apparently?

if($username==NULL|$pass==NULL|$cpassword==NULL|$e mail==NULL) {

Don't put a space in $e mail

I am amazed that people don't use premade ones!
Just search on Google, there are a billion (atleast) hits that come up/

Don't put a space in $e mail
oh yeah durh! i can't believe i missed that LOL

I am amazed that people don't use premade ones!
Just search on Google, there are a billion (atleast) hits that come up/

It's more fun and interesting to make your own and learn as you go.


oh yeah durh! i can't believe i missed that LOL

Habbox does it automatically when you put 'email' it auto puts a space in it for some weird reason.

i know it is more fun, but search for a tutorial.. pixel2life.com has a lot you can learn from.