:Blob
07-08-2005, 05:46 PM
:eusa_danc Ever wanted to make a login system were people can register? A admincp? All that stuff? Well now you can. This tutorial it for people to be able make a login system!
1. First of all, make a file called login.php, and fill it up with this:
<?
// This is the login part, login.php
// includes the constants
include("cons.php");
$name = $_GET['name']; // sets the username
$pass = $_GET['pass']; // sets the password
$r = mysql_query("SELECT * FROM user WHERE user='$name'");
// logout section
$logout = $_GET['out']; // makes sure their logging out
$user = $_GET['user']; // gets the username
if ($logout == "yes") {
mysql_query("DELETE FROM active_users WHERE name='$user'"); // Logs them out
}
// Main Login part
while ($ro = mysql_fetch_array($r)) {
$pass2 = $ro['pass']; // sets $pass2 as the actual password
if (md5($pass) == $pass2) { // makes sure password entered is the same as $pass2
$user = $_SESSION['username'] = $name; // starts the session
$ip = $_SERVER['REMOTE_ADDR']; // Users ip address
$brow = $_SERVER['HTTP_USER_AGENT'];
$time = time(); // gets the time
// Makes the user an active user!
mysql_query("DELETE FROM active_users WHERE name='$user'");
mysql_query("INSERT INTO active_users (name,timestamp,ip,browser) VALUES ('$user','$time','$ip','$brow')");
}
}
// Returns the user after logging in.
header("Location: log.php");
?>
Then, save and close.
2. Second of all, make a file called cons.php, and fill it up with this:
<?
// Constants page, cons.php
define("DB_SERVER", "localhost"); // Server
define("DB_USER", ""); // Username
define("DB_PASS", ""); // User pass
define("DB_NAME", ""); // Database
mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error()); // Connection
mysql_select_db(DB_NAME) or die(mysql_error()); // Selection of database
$ip = $_SERVER['REMOTE_ADDR']; // Gets the users IP address
$brow = $_SERVER['HTTP_USER_AGENT']; // Gets the users Browser
$reg = $_GET['reg']; // Sets the $reg variable
// Makes sure the user is logged in
$r = mysql_query("SELECT * FROM active_users WHERE ip='$ip' AND browser='$brow'");
$re = mysql_fetch_array($r);
$user = $re['name']; // Sets $user as the users name
// Gets the users personal info
$er = mysql_query("SELECT * FROM user WHERE user='$user'");
$et = mysql_fetch_array($er);
$fname = $et['name'];
$loc = $et['location'];
$sig = $et['sig'];
if ($et['userlevel'] == 9) { // if the userlevel is 9
$admin = 1;
$mod = 1;
$level = "Admin"; // User is Admin
}
if ($et['userlevel'] == 7) { // If the userlevel is 7
$mod = 1;
$level = "Moderator"; // User is Moderator
}
if ($et['userlevel'] == 1) { // If userlevel is 1
$level = "User"; // User is a Member
}
// Keeps the user in the active_users table
$time = time();
mysql_query("DELETE FROM active_users WHERE name='$user'");
mysql_query("INSERT INTO active_users (name,timestamp,ip,browser) VALUES ('$user','$time','$ip','$brow')");
// Makes sure the user is still active
$ro = mysql_query("SELECT * FROM active_users");
while ($ru = mysql_fetch_array($ro)) {
$act = $ru['timestamp'] + 60 * 5;
$del = $ru['name'];
if (!$del) {
mysql_query("DELETE FROM active_users WHERE name='$del'");
}
if (strlen($del) <= 3) {
mysql_query("DELETE FROM active_users WHERE name='$del'");
}
if ($act < time()) {
mysql_query("DELETE FROM active_users WHERE name='$del'");
}
}
?>
Save and close.
3 Thridly,m make a file called log.php, and fill it up with this:
<link rel=STYLESHEET href="css.css">
<?
// Require
include("cons.php");
// If the user exists
if ($user) {
echo "<font face=\"Verdana\" size=\"1\">Welcome, ".$user."<br></font>";
echo "<font face=\"Verdana\" size=\"1\">Menu</font><br>";
echo "<a href=\"login.php?out=yes&user=$user\"><font face=\"Verdana\" size=\"1\">Logout</a></font><br>";
echo "<a href=\"edit.php\"><font face=\"Verdana\" size=\"1\">Edit Account</font></a><br>";
if ($admin) {
echo " | <a href=\"admin.php\"><font face=\"Verdana\" size=\"1\">Admin Centre</font></a><br>";
}
if ($mod) {
echo "<a href=\"mod.php\"><font face=\"Verdana\" size=\"1\">Moderator Centre</font></a><br>";
}
?>
Save and close.
4. Now make a file called admin.php, and add this to it:
<?
// Includes the constants
include("cons.php");
if (!$admin) { // if the user is NOT Admin
header("Location: log.php"); // redirects them
}
else { // if the user is Admin
// Lets you delete a member while listing them
?>
<form action="del.php">
<table width=50%>
<tr><td width=30%>Username</td><td>Userlevel</td><td align="center">Delete?</td></tr>
<?
$r = mysql_query("SELECT * FROM user");
// Gets and displays all the member information
while ($re = mysql_fetch_array($r)) {
$name = $re['user'];
$lev = $re['userlevel'];
if ($lev == 9) {
$lev = "Admin";
}
else if ($lev == 7) {
$lev = "Moderator";
}
else {
$lev = "User";
}
$id = $re['id'];
echo "<tr><td>".$name."</td>";
echo "<td>".$lev."</td>";
echo "<td align=\"center\"><input type=\"checkbox\" name=\"delete".$id."\" value=\"$id\"></td></tr>";
}
}
?>
<tr><td></td><td></td><td align="center">
<input type="submit" value="Delete" name="sub">
</td></tr>
</table>
</form>
<?
// Lets you upgrade a members level
?>
Upgrade a user?<br>
<form action="upgr.php">
<input type="text" name="name"> Username<br>
<select name="upgrade">
<option value="9">Admin</option>
<option value="7">Moderator</option>
<option value="1">User</option>
</select><br>
<input type="submit" value="Upgrade" name="upg">
</form>
Then save and close.
5. Then make a file called upgr.php, fill it up with:
<?
// Includes the constants
include("cons.php");
if($_GET['upg']) { // if user is upgraded
$name = $_GET['name']; // users name
$lev = $_GET['upgrade']; // users level
mysql_query("UPDATE user SET userlevel='$lev' WHERE user='$name'"); // upgrade the user
header("Location: admin.php"); // re-direct
}
else { // if the user is not going to be upgraded
header("Location: admin.php"); // re-direct
}
?>
Save and close.
6. After that, make a file called edit.php, fill it up with:
<?
// Constants
include("cons.php");
if ($user) { // if the user is logged in
$msg = $_GET['note'];
?>
<h2>Edit <? echo $user; ?>'s account</h2>
<? echo $msg."<br>"; ?>
<form action="update.php">
<input type="password" name="cpass"> Current Password<br>
<input type="password" name="npass"> New Password<br>
<input type="password" name="rpass"> Re-enter New Password<br><br>
Userlevel: <? echo $level; ?><br>
<input type="text" name="fname" value="<? echo $fname; ?>"> Full Name<br>
<input type="text" name="loc" value="<? echo $loc; ?>"> Location<br>
Signature:<br>
<textarea name="sig"><? echo $sig ?></textarea><br><br>
<input type="submit" value="Update">
</form><br>
<a href="log.php">Back</a>
<?
}
else { // If the user is not logged in
echo "You must login before editing your account";
include("log.php");
}
?>
Save and close
7. Then make a file called register.php, and fill it up with:
<?
// Register Process, register.php
// Includes the Constants
include("cons.php");
// sets all the variables needed to register
$pass = $_GET['pass']; // set $pass as the first pass
$pass2 = $_GET['pass2']; // sets $pass2 as the re-entered pass
$name = $_GET['name']; // sets $name as the name chosen
// Processing the data
if (strlen($name) >= 15) {
$error = "* Username too long, Max is 15 characters";
$err = 1;
}
if (strlen($name) <= 3) {
$error = "* Username too short, Min is 4 characters";
$err = 1;
}
if ($name) { // if $name is set
$re = mysql_num_rows(mysql_query("SELECT * FROM user WHERE user='$name'"));
if ($re >= 1) { // If the username exists
$error = "* Username already in use"; // Set $error
$err = 1; // set $err as 1
}
else { // user doesn't exist
if ($pass == $pass2) { // If the passwords match
$pass = md5($pass); // Encodes the pass
if (eregi('[<>]',$name)) {
$error = "* No HTML allowed"; // No HTML in name
$err = 1;
}
else {
if (!$err) { // If there are no errors
if (mysql_num_rows(mysql_query("SELECT * FROM user")) == 0) {
mysql_query("INSERT INTO user (user, pass, userlevel) VALUES ('$name','$pass', '9')"); // Creates the Admin
}
else {
mysql_query("INSERT INTO user (user, pass, userlevel) VALUES ('$name','$pass', '1')"); // Creates the user
}
$reg = "Registration successful!"; // Sets $reg as a sucess message
header("Location: log.php?reg=$reg"); // Re-locates to the login screen
}
}
}
else { // The passwords don't match
$error = "* Passwords different!"; // Sets $error
$err = 2; // Sets $err as 2
}
}
}
else { // If $name isn't set
$error = "* Enter a username"; // sets $error
$err = 1; // sets $err as 1
}
if ($err >= 1) { // if $err is greater than or equal to 1
header("Location: reg.php?error=$error&err=$err"); // re-locates to the registration page with the error!
}
?>
8. Then make a file called reg.php, and fill it up with:
<?
// Register script, reg.php
// Includes the Constants
include("cons.php");
// The registration form
$error = $_GET['error'];
$err = $_GET['err'];
?>
<form action="register.php">
<input type="text" name="name"> Username <font size="-2" color="#FF0000">
<?
if ($err == 1) { // Shows username errors if any
echo $error;
}
?>
</font><br>
<input type="password" name="pass"> Password <font size="-2" color="#FF0000">
<?
if ($err == 2) { // Shows Password errors if any
echo $error;
}
?>
</font><br>
<input type="password" name="pass2"> Re-type Password<br>
<input type="submit" value="Register!">
</form>
Save and close
9. Last of all, make a file called del.php and fill it up with this:
<?
// Includes the constants
include("cons.php");
$_GET['sub'];
if ($sub) { // if deleting a member
while ($o < mysql_num_rows(mysql_query("SELECT * FROM user")) + 5) {
$del = $_GET['delete'.$o];
mysql_query("DELETE FROM user WHERE id='$del'");
$o++;
}
header("Location: admin.php");
}
else { // if deleting a PM
while ($i < 11) {
$del = $_GET['del'.$i];
if ($del) {
mysql_query("DELETE FROM pm WHERE id='$del'");
header("Location: inbox.php");
}
$i++;
}
}
?>
1. First of all, make a file called login.php, and fill it up with this:
<?
// This is the login part, login.php
// includes the constants
include("cons.php");
$name = $_GET['name']; // sets the username
$pass = $_GET['pass']; // sets the password
$r = mysql_query("SELECT * FROM user WHERE user='$name'");
// logout section
$logout = $_GET['out']; // makes sure their logging out
$user = $_GET['user']; // gets the username
if ($logout == "yes") {
mysql_query("DELETE FROM active_users WHERE name='$user'"); // Logs them out
}
// Main Login part
while ($ro = mysql_fetch_array($r)) {
$pass2 = $ro['pass']; // sets $pass2 as the actual password
if (md5($pass) == $pass2) { // makes sure password entered is the same as $pass2
$user = $_SESSION['username'] = $name; // starts the session
$ip = $_SERVER['REMOTE_ADDR']; // Users ip address
$brow = $_SERVER['HTTP_USER_AGENT'];
$time = time(); // gets the time
// Makes the user an active user!
mysql_query("DELETE FROM active_users WHERE name='$user'");
mysql_query("INSERT INTO active_users (name,timestamp,ip,browser) VALUES ('$user','$time','$ip','$brow')");
}
}
// Returns the user after logging in.
header("Location: log.php");
?>
Then, save and close.
2. Second of all, make a file called cons.php, and fill it up with this:
<?
// Constants page, cons.php
define("DB_SERVER", "localhost"); // Server
define("DB_USER", ""); // Username
define("DB_PASS", ""); // User pass
define("DB_NAME", ""); // Database
mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error()); // Connection
mysql_select_db(DB_NAME) or die(mysql_error()); // Selection of database
$ip = $_SERVER['REMOTE_ADDR']; // Gets the users IP address
$brow = $_SERVER['HTTP_USER_AGENT']; // Gets the users Browser
$reg = $_GET['reg']; // Sets the $reg variable
// Makes sure the user is logged in
$r = mysql_query("SELECT * FROM active_users WHERE ip='$ip' AND browser='$brow'");
$re = mysql_fetch_array($r);
$user = $re['name']; // Sets $user as the users name
// Gets the users personal info
$er = mysql_query("SELECT * FROM user WHERE user='$user'");
$et = mysql_fetch_array($er);
$fname = $et['name'];
$loc = $et['location'];
$sig = $et['sig'];
if ($et['userlevel'] == 9) { // if the userlevel is 9
$admin = 1;
$mod = 1;
$level = "Admin"; // User is Admin
}
if ($et['userlevel'] == 7) { // If the userlevel is 7
$mod = 1;
$level = "Moderator"; // User is Moderator
}
if ($et['userlevel'] == 1) { // If userlevel is 1
$level = "User"; // User is a Member
}
// Keeps the user in the active_users table
$time = time();
mysql_query("DELETE FROM active_users WHERE name='$user'");
mysql_query("INSERT INTO active_users (name,timestamp,ip,browser) VALUES ('$user','$time','$ip','$brow')");
// Makes sure the user is still active
$ro = mysql_query("SELECT * FROM active_users");
while ($ru = mysql_fetch_array($ro)) {
$act = $ru['timestamp'] + 60 * 5;
$del = $ru['name'];
if (!$del) {
mysql_query("DELETE FROM active_users WHERE name='$del'");
}
if (strlen($del) <= 3) {
mysql_query("DELETE FROM active_users WHERE name='$del'");
}
if ($act < time()) {
mysql_query("DELETE FROM active_users WHERE name='$del'");
}
}
?>
Save and close.
3 Thridly,m make a file called log.php, and fill it up with this:
<link rel=STYLESHEET href="css.css">
<?
// Require
include("cons.php");
// If the user exists
if ($user) {
echo "<font face=\"Verdana\" size=\"1\">Welcome, ".$user."<br></font>";
echo "<font face=\"Verdana\" size=\"1\">Menu</font><br>";
echo "<a href=\"login.php?out=yes&user=$user\"><font face=\"Verdana\" size=\"1\">Logout</a></font><br>";
echo "<a href=\"edit.php\"><font face=\"Verdana\" size=\"1\">Edit Account</font></a><br>";
if ($admin) {
echo " | <a href=\"admin.php\"><font face=\"Verdana\" size=\"1\">Admin Centre</font></a><br>";
}
if ($mod) {
echo "<a href=\"mod.php\"><font face=\"Verdana\" size=\"1\">Moderator Centre</font></a><br>";
}
?>
Save and close.
4. Now make a file called admin.php, and add this to it:
<?
// Includes the constants
include("cons.php");
if (!$admin) { // if the user is NOT Admin
header("Location: log.php"); // redirects them
}
else { // if the user is Admin
// Lets you delete a member while listing them
?>
<form action="del.php">
<table width=50%>
<tr><td width=30%>Username</td><td>Userlevel</td><td align="center">Delete?</td></tr>
<?
$r = mysql_query("SELECT * FROM user");
// Gets and displays all the member information
while ($re = mysql_fetch_array($r)) {
$name = $re['user'];
$lev = $re['userlevel'];
if ($lev == 9) {
$lev = "Admin";
}
else if ($lev == 7) {
$lev = "Moderator";
}
else {
$lev = "User";
}
$id = $re['id'];
echo "<tr><td>".$name."</td>";
echo "<td>".$lev."</td>";
echo "<td align=\"center\"><input type=\"checkbox\" name=\"delete".$id."\" value=\"$id\"></td></tr>";
}
}
?>
<tr><td></td><td></td><td align="center">
<input type="submit" value="Delete" name="sub">
</td></tr>
</table>
</form>
<?
// Lets you upgrade a members level
?>
Upgrade a user?<br>
<form action="upgr.php">
<input type="text" name="name"> Username<br>
<select name="upgrade">
<option value="9">Admin</option>
<option value="7">Moderator</option>
<option value="1">User</option>
</select><br>
<input type="submit" value="Upgrade" name="upg">
</form>
Then save and close.
5. Then make a file called upgr.php, fill it up with:
<?
// Includes the constants
include("cons.php");
if($_GET['upg']) { // if user is upgraded
$name = $_GET['name']; // users name
$lev = $_GET['upgrade']; // users level
mysql_query("UPDATE user SET userlevel='$lev' WHERE user='$name'"); // upgrade the user
header("Location: admin.php"); // re-direct
}
else { // if the user is not going to be upgraded
header("Location: admin.php"); // re-direct
}
?>
Save and close.
6. After that, make a file called edit.php, fill it up with:
<?
// Constants
include("cons.php");
if ($user) { // if the user is logged in
$msg = $_GET['note'];
?>
<h2>Edit <? echo $user; ?>'s account</h2>
<? echo $msg."<br>"; ?>
<form action="update.php">
<input type="password" name="cpass"> Current Password<br>
<input type="password" name="npass"> New Password<br>
<input type="password" name="rpass"> Re-enter New Password<br><br>
Userlevel: <? echo $level; ?><br>
<input type="text" name="fname" value="<? echo $fname; ?>"> Full Name<br>
<input type="text" name="loc" value="<? echo $loc; ?>"> Location<br>
Signature:<br>
<textarea name="sig"><? echo $sig ?></textarea><br><br>
<input type="submit" value="Update">
</form><br>
<a href="log.php">Back</a>
<?
}
else { // If the user is not logged in
echo "You must login before editing your account";
include("log.php");
}
?>
Save and close
7. Then make a file called register.php, and fill it up with:
<?
// Register Process, register.php
// Includes the Constants
include("cons.php");
// sets all the variables needed to register
$pass = $_GET['pass']; // set $pass as the first pass
$pass2 = $_GET['pass2']; // sets $pass2 as the re-entered pass
$name = $_GET['name']; // sets $name as the name chosen
// Processing the data
if (strlen($name) >= 15) {
$error = "* Username too long, Max is 15 characters";
$err = 1;
}
if (strlen($name) <= 3) {
$error = "* Username too short, Min is 4 characters";
$err = 1;
}
if ($name) { // if $name is set
$re = mysql_num_rows(mysql_query("SELECT * FROM user WHERE user='$name'"));
if ($re >= 1) { // If the username exists
$error = "* Username already in use"; // Set $error
$err = 1; // set $err as 1
}
else { // user doesn't exist
if ($pass == $pass2) { // If the passwords match
$pass = md5($pass); // Encodes the pass
if (eregi('[<>]',$name)) {
$error = "* No HTML allowed"; // No HTML in name
$err = 1;
}
else {
if (!$err) { // If there are no errors
if (mysql_num_rows(mysql_query("SELECT * FROM user")) == 0) {
mysql_query("INSERT INTO user (user, pass, userlevel) VALUES ('$name','$pass', '9')"); // Creates the Admin
}
else {
mysql_query("INSERT INTO user (user, pass, userlevel) VALUES ('$name','$pass', '1')"); // Creates the user
}
$reg = "Registration successful!"; // Sets $reg as a sucess message
header("Location: log.php?reg=$reg"); // Re-locates to the login screen
}
}
}
else { // The passwords don't match
$error = "* Passwords different!"; // Sets $error
$err = 2; // Sets $err as 2
}
}
}
else { // If $name isn't set
$error = "* Enter a username"; // sets $error
$err = 1; // sets $err as 1
}
if ($err >= 1) { // if $err is greater than or equal to 1
header("Location: reg.php?error=$error&err=$err"); // re-locates to the registration page with the error!
}
?>
8. Then make a file called reg.php, and fill it up with:
<?
// Register script, reg.php
// Includes the Constants
include("cons.php");
// The registration form
$error = $_GET['error'];
$err = $_GET['err'];
?>
<form action="register.php">
<input type="text" name="name"> Username <font size="-2" color="#FF0000">
<?
if ($err == 1) { // Shows username errors if any
echo $error;
}
?>
</font><br>
<input type="password" name="pass"> Password <font size="-2" color="#FF0000">
<?
if ($err == 2) { // Shows Password errors if any
echo $error;
}
?>
</font><br>
<input type="password" name="pass2"> Re-type Password<br>
<input type="submit" value="Register!">
</form>
Save and close
9. Last of all, make a file called del.php and fill it up with this:
<?
// Includes the constants
include("cons.php");
$_GET['sub'];
if ($sub) { // if deleting a member
while ($o < mysql_num_rows(mysql_query("SELECT * FROM user")) + 5) {
$del = $_GET['delete'.$o];
mysql_query("DELETE FROM user WHERE id='$del'");
$o++;
}
header("Location: admin.php");
}
else { // if deleting a PM
while ($i < 11) {
$del = $_GET['del'.$i];
if ($del) {
mysql_query("DELETE FROM pm WHERE id='$del'");
header("Location: inbox.php");
}
$i++;
}
}
?>