PHP Login System with Admin Features

I wrote the popular tutorial PHP Login Script with Remember Me Feature mainly as an introduction to user sessions and cookies in PHP. Since it was created as a learning tool, many advanced features were left out of the script. By popular demand, I have written and am presenting here a complete Login System, with all the features that were left out of the first script, that can be easily integrated into any website.

This article is intended primarily for intermediate to advanced users of PHP, as it is not exactly a tutorial, but a description of the implementation of an advanced Login System. Beginners who are looking to learn about user session and cookies in PHP are advised to read the above mentioned tutorial before reading this article.

Here are some of the features in this Login System that weren't included in the initial tutorial:
• • •

• • • • •

Better Security - Passwords are not stored in cookies, randomly generated ids take their place. Member Levels - Now users can be differentiated by what level they are (user, admin, etc.) Admin Center - As an admin, you have full control over registered users. You can view user info, upgrade/demote user levels, delete users, delete inactive users, and ban users. Visitor Tracking - You can now tell how many guests and users are actively viewing your site, and who those users are. You also know how many total members your site has. Account Info - Users can now view their own information, and edit it as well. They can also see the information of other users. Form Helper - No more ugly error pages! Now users are redirected to the form they filled out and the errors that have occurred are displayed. Forgot Password - Users who forget their password can have a new one generated for them and sent to their email address. Email - Now emails can be sent to newly registered users. Miscellaneous - Much better code design, smooth page transitions, and MORE!

All the tables needed for the Login System are written in the file dbtables.sql. You can look at the file and create each table manually or you can just run the file with mysql and it will create all the necessary tables automatically.

# # # # # # # # # # # # # # # # # dbtables.sql Simplifies the task of creating all the database tables used by the login system. Can be run from command prompt by typing: mysql -u yourusername -D yourdatabasename < dbtables.sql That's with dbtables.sql in the mysql bin directory, but you can just include the path to dbtables.sql and that's fine too. Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC) Last Updated: August 13, 2004

# # Table structure for users table # DROP TABLE IF EXISTS users; CREATE TABLE users ( username varchar(30) primary key, password varchar(32), userid varchar(32), userlevel tinyint(1) unsigned not null, email varchar(50), timestamp int(11) unsigned not null ); # # Table structure for active users table # DROP TABLE IF EXISTS active_users; CREATE TABLE active_users ( username varchar(30) primary key, timestamp int(11) unsigned not null ); # # #

Table structure for active guests table

DROP TABLE IF EXISTS active_guests; CREATE TABLE active_guests ( ip varchar(15) primary key, timestamp int(11) unsigned not null ); # # Table structure for banned users table # DROP TABLE IF EXISTS banned_users; CREATE TABLE banned_users ( username varchar(30) primary key, timestamp int(11) unsigned not null );

Code Design
I will be presenting the Login System by showing only the important files, describing what they do and how they interact with each other. By reading this you should get a good idea of how the Login System works and understand how to integrate it into your website. It is important to note before you start that the code relies on classes and the key variables of this Login System are class objects.

This file will contain all the constants and important information used by the login system. Here you specify stuff like your database username and password, the admin account name (which will be able to create other admins), visitor timeouts, email options, etc.
<? /** * Constants.php * * This file is intended to group all constants to * make it easier for the site administrator to tweak * the login script. * * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC) * Last Updated: August 19, 2004 */ /** * Database Constants - these constants are required * in order for there to be a successful connection * to the MySQL database. Make sure the information is * correct. */ define("DB_SERVER", "localhost"); define("DB_USER", "your_name");

define("DB_PASS", "your_pass"); define("DB_NAME", "your_dbname"); /** * Database Table Constants - these constants * hold the names of all the database tables used * in the script. */ define("TBL_USERS", "users"); define("TBL_ACTIVE_USERS", "active_users"); define("TBL_ACTIVE_GUESTS", "active_guests"); define("TBL_BANNED_USERS", "banned_users"); /** * Special Names and Level Constants - the admin * page will only be accessible to the user with * the admin name and also to those users at the * admin user level. Feel free to change the names * and level constants as you see fit, you may * also add additional level specifications. * Levels must be digits between 0-9. */ define("ADMIN_NAME", "admin"); define("GUEST_NAME", "Guest"); define("ADMIN_LEVEL", 9); define("USER_LEVEL", 1); define("GUEST_LEVEL", 0); /** * This boolean constant controls whether or * not the script keeps track of active users * and active guests who are visiting the site. */ define("TRACK_VISITORS", true); /** * Timeout Constants - these constants refer to * the maximum amount of time (in minutes) after * their last page fresh that a user and guest * are still considered active visitors. */ define("USER_TIMEOUT", 10); define("GUEST_TIMEOUT", 5); /** * Cookie Constants - these are the parameters * to the setcookie function call, change them * if necessary to fit your website. If you need * help, visit for more info. * <> */ define("COOKIE_EXPIRE", 60*60*24*100); //100 days by default define("COOKIE_PATH", "/"); //Available in whole domain /** * Email Constants - these specify what goes in * the from field in the emails that the script

* sends to users, and whether to send a * welcome email to newly registered users. */ define("EMAIL_FROM_NAME", "YourName"); define("EMAIL_FROM_ADDR", ""); define("EMAIL_WELCOME", false); /** * This constant forces all users to have * lowercase usernames, capital letters are * converted automatically. */ define("ALL_LOWERCASE", false); ?>

Refer this link