Jump to content

PHP membership system

bubazoo

By bubazoo
in PHP

 Share

Recommended Posts

bubazoo Newbie

bubazoo

Posted
Posted

anyone have a Tutorial, on creating a PHP membership System for your site?I tried the one on phpfreaks.com, but it was missing cookie support, so that the user wouldn't have to relogin every time they visited my page, and I had no idea how to add it into the code.I'm just wanting something likethe ability to register for a new account,account activation via email,ability to login/logout,and yes using PHP and mysql for storing registration details.all this I can find, but all the Tutorials on google that I find, are missing the ability to keep the user logged in using cookies, and I have no idea how to add this functionality, and all the books that I've read on the subject skip right over that detail..I understand how to use sessions, and I understand how to use cookies, but what I don't understand is how to use cookies to keep a user logged in until the cookie expires...I guess I don't understand what I'm supposed to save in the cookie, the session? the user record? what? I am confused on that part..I don't quite understand, do I save the session to a cookie? I've always been confused about that, and these books and tutorials skip right over that for some reason.thanks.

Link to comment
Share on other sites
justsomeguy w3schools Guru

justsomeguy

Posted
Posted

It's probably easiest to use a pre-made script and just add cookie support to it.With regard to what you store in the cookie, I welcome other people's opinions on this but I generally store the same information that I store in the session. This works for general-purpose information, but sensitive information like credit card numbers or things like that should never be stored in a cookie. Keep in mind that passwords should never be stored plain-text, always encrypted. This is the function you use to set a cookie:http://www.php.net/manual/en/function.setcookie.phpYou can search this forum for examples of how to do it. When they log in, store the same information in the cookie as you have in the session, but on your pages still read from the session. But make sure to also write to the cookie if you write to the session to keep them synchronized. To automatically log in, it would be best to have a function that checks if the user is logged in on each page. In that function, you can first check for the cookie. If the cookie is set, then copy all of the information from the cookie into the session. Then check the session, and if there is information in the session then check with the database to make sure things like the username and password match.

Link to comment
Share on other sites
reportingsjr Dedicated Member

reportingsjr

Posted
Posted

If you know how to use sessions to check if the user is logged in, and let them log in your in luck :).When logging in, along with setting the session to say your logged in add this alogn side it inside the if..setcookie('logged_on', 'yes', time+(86400/*one day, in seconds*/));then where it checks if the use is logged in this is what it should look like:

if($_SESSION['logged_on'] == "yes" || $_COOKIE['logged_on == "yes"){//code to be executed if logged on}

Very easy!EDIT: well, me and steve posted at the same time, so you can use my code but I reccomend also reading up on cookies.

Link to comment
Share on other sites
justsomeguy w3schools Guru

justsomeguy

Posted
Posted

Typically in the cookie you would store the user name they logged in as, and their encrypted password. And then, on the pages you would check the cookie, copy that info into the session, and then check the session information against the database to make sure that the encrypted password matches the user name.

Link to comment
Share on other sites
bubazoo Newbie

bubazoo

Posted
  • Author
Posted

thanks guys, that was very helpful.yeah, I've been trying to find a "pre-built" script.. I found a few, but they ALL left out copying the session to a cookie and the common "remember me?" checkbox, phpfreaks.com has a few different tutorials that I followed, but as I said, they all miss the "remember me" part, and I've been having trouble figuring out how to add that into the code I guess..(shrugs)I tried to look at forum code to get an idea that way of how its done (since forums or wordpress blogs seem the be the only scripts around that do that sort of thing like I want to do) but because they add OOP stuff that I don't understand yet, and don't really need for this type of project, I've been having trouble figuring it out I guess, as I'm still in the learning process of PHP here. I'mhaving enough trouble understanding this code to know whats being saved in the session even :) I understand "session_start()" and how to pass variables to session variables, but thats all I understand about this code right now relating to this.thanks guys

Link to comment
Share on other sites
justsomeguy w3schools Guru

justsomeguy

Posted
Posted

Well, this is typically how I do it:I set the cookie like this:

if ($setcookie == "true"){  setcookie($COOKIE_NAME . "UID", $USER_LOGIN_ID, timest() + (60*60*24*365), "/", $SYSTEM_DOMAIN, false);  setcookie($COOKIE_NAME . "UPW", $USER_LOGIN_PW, timest() + (60*60*24*365), "/", $SYSTEM_DOMAIN, false);}

This will depend on your system, like which name you use for the cookie, etc. And then I use this code to check for the cookie and authenticate it:

if (!empty($_COOKIE[$COOKIE_NAME . "UID"]) && !empty($_COOKIE[$COOKIE_NAME . "UPW"])) # check for the cookie login  {	$result = db_query("SELECT name, password, salt, active FROM {$DB_PREFIX}users WHERE id={$USER_LOGIN_ID}", __FILE__, __LINE__);	if (!$row = db_fetch_assoc($result))	  $errorString .= "userid_not_found;";	else	{	  if ($row['active'] == 0)	  {		$errorString .= "user_inactive;";		if (get_sysvar("log_badlogin"))		  write_to_log("Inactive user {$row['name']} ($USER_LOGIN_ID) tried to login via cookie from IP {$_SERVER['REMOTE_ADDR']} using {$_SERVER['HTTP_USER_AGENT']}.", $SYS_SEC_LOG);	  }	  else	  {		if ($USER_LOGIN_PW != md5($row['password']))		{		  $errorString .= "wrong_password;";		  if (get_sysvar("log_badlogin"))			write_to_log("User $USER_LOGIN_ID supplied wrong password via cookie from IP {$_SERVER['REMOTE_ADDR']} using {$_SERVER['HTTP_USER_AGENT']}.", $SYS_SEC_LOG);		}		else		{		  $now = timest();		  db_query("UPDATE {$DB_PREFIX}users SET last_login=$now WHERE id='" . db_escstr($USER_LOGIN_ID) . "'", __FILE__, __LINE__);		  if (get_sysvar("log_login"))		 	  write_to_log("User has logged in via cookie from IP {$_SERVER['REMOTE_ADDR']} using {$_SERVER['HTTP_USER_AGENT']}.", $SYS_ACT_LOG);		  session_redirect("{$HTTP_SYSTEM_PATH}/menu.php");	   	  exit();		}	  }	}  }

You won't be able to use this exact code, because it's only a small chunk and there are a lot of functions I'm using to do different things that aren't built-in, but hopefully you can get the idea. The $USER_LOGIN_ID and $USER_LOGIN_PW variables correspond to session variables, so it checks the cookie information against the session information and checks with the database to make sure the password is correct. That's the basic idea, store the user ID and encrypted password in the cookie, and on the login page or somewhere else check for the existence of the cookie, and if it's there, load the user ID and password from the cookie into the session. Then, when you check the session to see if they are logged in, the information from the cookie will be there if they have a cookie.

Link to comment
Share on other sites
bubazoo Newbie

bubazoo

Posted
  • Author
Posted

thanks justsomeguy, that was extremely helpful :)aquatsr: I'm not using a forum in this particular case, I am merely trying to integrate a membership system from scratch into my current webpage design. it may sound like reinventing the wheel, but there is a reason for it. Both hotscripts and phpfreaks both have scripts that do membership systems, but they were all missing the "remember me?" part, not sure why, apparently alot of authors seem to think saving cookies is a bad thing (shrugs) there is a big difference between tracking cookies and session cookies.thanks justsomeguy :)

Link to comment
Share on other sites
aquatsr Member

aquatsr

Posted
Posted
thanks justsomeguy, that was extremely helpful :)aquatsr: I'm not using a forum in this particular case, I am merely trying to integrate a membership system from scratch into my current webpage design. it may sound like reinventing the wheel, but there is a reason for it. Both hotscripts and phpfreaks both have scripts that do membership systems, but they were all missing the "remember me?" part, not sure why, apparently alot of authors seem to think saving cookies is a bad thing (shrugs) there is a big difference between tracking cookies and session cookies.thanks justsomeguy :)
I see. I was just offering a suggestion :)
Link to comment
Share on other sites
bubazoo Newbie

bubazoo

Posted
  • Author
Posted
I see. I was just offering a suggestion :)
not a problem, thanks for the suggestion :) I have tried looking at bulletin board code before, since its odviously done there too, but because forum software is generally so large in coding, right now its too much and too fast to take in all at once, so I get confused too quickly, ya know what I mean? :) its like, too advanced for me or something at this point :blink:its kinda like, getting in the drivers seat of a Nascar car in the middle of a Nascar Race, when you haven't even passed your learners permit test yet, too much too fast. hehe :blink:
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...