Professional Documents
Culture Documents
বাংলা সং রণ
MENU
PHP Professional এবং Zend Certified PHP Engineer (ZCPE ) Course এ সীিমত সংখ ক
আসন বািক আেছ। আ হীেদরেক অিতস র মাসুদ আলম স ার এর সােথ যাগােযাগ করার জন অনুেরাধ করা যাে ।
স ার এর মাবাইল ন র : ০১৭২২ ৮১ ৭৫ ৯১
P O S T1 E2 D J U
B
O M
Y
LN A
Y ,S U 2D 0 1A 2 L A M
In this tutorial I will be showing you how to make a simple login system consisting of a login page,
register page, forgotten password page, email activation, logout page and finally a users online page. I
made this tutorial to mainly target new-to-PHP developers, due to the fact when I started I noticed the
lack in quantity of basic login systems. Therefore, I decided to make one myself giving high quality
advice on how to make your first login system with a users online script!
1 body {
2
3 font-family: arial;
4
5 font-size: 10pt;
6
7 }
8
9 table {
10
11 font-size: 10pt;
12
13 margin: 0 auto;
14
15 }
16
17 #border {
18
19 border: 2px solid #999;
20
21 background: #CCC;
22
23 padding: 15px;
24
25 margin: 0 auto;
26
27 width: 300px;
28
29 }
Save this file as style.css so we can link back to it whenever we need to. There we have our simple
stylesheet! Now we can begin making our pages without having to worry too much about making them
look reasonably good.
1 <html>
2 <head>
3 <title>Login with Users Online Tutorial</title>
4 <link rel="stylesheet" type="text/css" href="style.css" />
5 </head>
6 <body>
7 <form action="login.php" method="post">
8 <div id="border">
9 <table cellpadding="2" cellspacing="0" border="0">
10 <tr>
11 <td>Username:</td>
12 <td><input type="text" name="username" /></td>
13 </tr>
14 <tr>
15 <td>Password:</td>
16 <td><input type="password" name="password" /></td>
17 </tr>
<tr>
18 <tr>
19 <td colspan="2" align="center"><input type="submit" name="submit" value="Login" /></td>
20 </tr>
21 <tr>
22 <td align="center" colspan="2"><a href="register.php">Register</a> | <a
href="forgot.php">Forgot Pass</a></td>
23 </tr>
24 </table>
25 </div>
26 </form>
27 </body>
28 </html>
At the moment you will notice that it doesn’t work. This is because we have not told the page what to do
if the form is submitted.
Planning
Now let’s do some planning before we dive into the PHP. We need to ask ourselves “What is the page
going to be checking when the form is submitted?”. For the login page here is a list of what we are going
to be checking –
• That both the username and password boxes have been filled in
• That if the username exists in our database, the password matches the one for the username
If the PHP can answer yes to all four of those points, then log the user in. Now in those four points you
will notice there was a database mentioned. We are going to be using a MySQL database to store all of
the information about each of our users. So before we get started on out PHP we need to make this
database. At this point a bit more planning is needed. We need to decide what information we need to
store about the users, what types of data are we storing, do we need a default value etc etc. Here is my
plan below –
• We will need an email for our email activation function this can be varchar too
• A field telling is if the account has been activated or not, this will be an integer
• A field giving information about whether the user is online or not, this will be an integer
• Finally, a field giving us a time the user registered, this is also an integer
Now from this we can see exactly how to build our table in our database. First create a database called
loginTut. Then in this database we want to run the SQL I have provided below –
Now we have a table to store all the information we need about our users, let’s add a user for testing
purposes. To do this run the SQL provided below –
So we now have one user with the username testing, the password testing and email
fake@noemail.co.uk. Now we can get to the PHP and make out login form work!
First things first we need to think about security and how secure is this login form going to be. To help
prevent SQL Injection which is a very common form of database hacking we are going to make a
function that will protect all strings stored in the database. This we will put in an external file called
functions.php. Here is the source –
1 <?php
2 function protect($string){
3 $string = trim(strip_tags(addslashes($string)));
4 return $string;
5 }
6 ?>
1 <?php
2 $con = mysqli_connect('localhost', 'root', '','content');
3 ?>
This function will trim our string (cut off any white space at the beginning or end of the string), strip tags
(remove all html and PHP tags in the string), and then add slashes to the string escaping speech marks
(’) and quotation marks (“).
Back to login.php
Now we have a place to store and check user information from, a function to protect strings being
passed to the database, and a nice looking layout for our login page! Below you can see the commented
code for our login.php file with the newly added PHP-
1 <?php
2
3 //allow sessions to be passed so we can see if the user is logged in
4
5 session_start();
6
7 ob_start();
8
9 //connect to the database so we can check, edit, or insert data to our users table
10
11 include('config.php');
12
13 //include out functions file giving us access to the protect() function made earlier
14
15 include "functions.php";
16
17 ?>
18
19 <html>
20
21 <head>
22
23 <title>Login with Users Online Tutorial</title>
24
25 <link rel="stylesheet" type="text/css" href="style.css" />
26
27 </head>
28
29 <body>
30
31 <?php
32
33 //If the user has submitted the form
34
35 if($_POST['submit']){
36
37 //protect the posted value then store them to variables
38
39 $username = protect($_POST['username']);
40
41 $password = protect($_POST['password']);
42
43 //Check if the username or password boxes were not filled in
44
45 if(!$username || !$password){
46
47 //if not display an error message
48
49 echo "<center>You need to fill in a <b>Username</b> and a <b>Password</b>!</center>";
50
51 }else{
52
//if the were continue checking
53 //if the were continue checking
54
55 //select all rows from the table where the username matches the one entered by the user
56
57 $res = mysqli_query($con,"SELECT * FROM `users` WHERE `username` = '".$username."'");
58
59 $num = mysqli_num_rows($res);
60
61 //check if there was not a match
62
63 if($num == 0){
64
65 //if not display an error message
66
67 echo "<center>The <b>Username</b> you supplied does not exist!</center>";
68
69 }else{
70
71 //if there was a match continue checking
72
73 //select all rows where the username and password match the ones submitted by the user
74
75 $res = mysqli_query($con,"SELECT * FROM `users` WHERE `username` = '".$username."'
AND `password` = '". md5($password)."'");
76
77 $num = mysqli_num_rows($res);
78
79 //check if there was not a match
80
81 if($num == 0){
82
83 //if not display error message
84
85 echo "<center>The <b>Password</b> you supplied does not match the one for that username!
</center>";
86
87 }else{
88
89 //if there was continue checking
90
91 //split all fields fom the correct row into an associative array
92
93 $row = mysqli_fetch_assoc($res);
94
95 //check to see if the user has not activated their account yet
96
97 if($row['active'] != 1){
98
99 //if not display error message
100
101 echo "<center>You have not yet <b>Activated</b> your account!</center>";
102
103 }else{
104
105 //if they have log them in
106
107 //set the login session storing there id - we use this to see if they are logged in or not
108
109 $_SESSION['uid'] = $row['id'];
110
111 //show message
112
113 echo "<center>You have successfully logged in!</center>";
114
115 //update the online field to 50 seconds into the future
116
117 $time = date('U')+50;
118
119 mysqli_query($con,"UPDATE `users` SET `online` = '" .$time."' WHERE `id` =
'".$_SESSION['uid']."'");
120
121 //redirect them to the usersonline page
122
123 header('Location: usersOnline.php');
124
125 }
126
127 }
128
129 }
130
131 }
132
133 }
134
135 ?>
136
137 <form action="login.php" method="post">
138
139 <div id="border">
140
141 <table cellpadding="2" cellspacing="0" border="0">
142
143 <tr>
144
145 <td>Username:</td>
146
147 <td><input type="text" name="username" /></td>
148
149 </tr>
150
151 <tr>
152
153 <td>Password:</td>
154
155 <td><input type="password" name="password" /></td>
156
157 </tr>
158
159 <tr>
160
161 <td colspan="2" align="center"><input type="submit" name="submit" value="Login" /></td>
162
163 </tr>
164
165 <tr>
166
167 <td align="center" colspan="2"><a href="register.php">Register</a> | <a
href="forgot.php">Forgot Pass</a></td>
168
169 </tr>
170
171 </table>
172
173 </div>
174
175 </form>
176
177 </body>
178
179 </html>
180
181 <?php
182
ob_end_flush();
183 ob_end_flush();
184
185 ?>
Most of this is explained by the commenting but one part I didn’t explain is the online field. When you
successfully login, we updated the online field to 50 seconds ahead of now. The date(‘U’) function gives
us a the amount of seconds since January 1 1970 00:00:00 GMT (Unix epoch). This means that
date(‘U’) will never get smaller, the value will always increase. If we set the online field to 50 seconds
ahead of now then when the Users Online page is loaded we can check to find all the users where the
online value is more than the time when the page is loaded, if this is the case then display each of their
names.
Now feel free to test your login page. Make sure that all the checks are performed correctly and that
once successfully logged in, you get redirected to the non existing users online page. You can also
check to see if it has successfully updated the online field by checking your users table!
1 <?php
2
3 //allow sessions to be passed so we can see if the user is logged in
4
5 session_start();
6
7 //connect to the database so we can check, edit, or insert data to our users table
8
9 include('config.php');
10
11 //include out functions file giving us access to the protect() function
12
13 include "functions.php";
14
15 ?>
16
17 <html>
18
19 <head>
20
21 <title>Login with Users Online Tutorial</title>
22
23 <link rel="stylesheet" type="text/css" href="style.css" />
24
25 </head>
26
27 <body>
28
29 <?php
30
31 //Check to see if the form has been submitted
32
33 if(isset($_POST['submit'])){
34
227 <tr>
228
229 <td colspan="2" align="center"><a href="login.php">Login</a> | <a href="forgot.php">Forgot
Pass</a></a></td>
230
231 </tr>
232
233 </table>
234
235 </form>
236
237 </div>
238
239 </body>
240
241 </html>
New Functions
This file contains some new things you may not be familiar with, therefore I will go over everything.
Firstly, the strlen() function, this returns the number of characters in a string allowing us to check how
long strings are. Then the preg_match() function, this checks to see if the formatting of a string matches
the formatting you specify (in this case being an email format). Finally the mail() function, this sends an
email from the server to any email of your choice, containing anything you want. You should save this
file as register.php
Now you can test you register page, you can see when you enter your correct email address you will
receive an email with an activation link contained inside. You can also see that a row containing the data
filled into the form is entered into the users table. The value of active is 0 showing that this account has
not yet been activated!
68 }
69
70 }
71
72 ?>
73
74 </div>
75
76 </body>
77
78 </html>
There are two new things in this file, we use the GET method instead of POST and also we use a
while() loop. The get method simply gets data from the address bar at the top of the user’s browser (in
this case being the code sent with the email to their email address). The while() loop is perfecting for
checking through multiple rows of data selected from the database (in this case to see if there is a
match with the codes).
Overview so Far
So far you should’ve learned many new things if your new to PHP and successfully created a half of a
login system. The pages completed so far are –
• style.css
• functions.php
• login.php
• register.php
• activate.php
• trim() – Cut unwanted white space of the beginning and end of a string
• addslashes() – Add slashes to s string allowing quotes and speech marks to be used safely
• mail() – Send mail from the server to the specified email address
1 <?php
2
3 //allow sessions to be passed so we can see if the user is logged in
4
5 session_start();
6
7 //connect to the database so we can check, edit, or insert data to our users table
8
9 include('config.php');
10 //include out functions file giving us access to the protect() function made earlier
11
12 include "functions.php";
13
14 ?>
15
16 <html>
17
18 <head>
19
20 <title>Login with Users Online Tutorial</title>
21
22 <link rel="stylesheet" type="text/css" href="style.css" />
23
24 </head>
25
26 <body>
27
28 <?php
29
30 //Check to see if the forms submitted
31
32 if($_POST['submit']){
33
34 //if it is continue checks
35
36 //store the posted email to variable after protection
37
38 $email = protect($_POST['email']);
39
40 //check if the email box was not filled in
41
42 if(!$email){
43
44 //if it wasn't display error message
45
46 echo "<center>You need to fill in your <b>E-mail</b> address!</center>";
47
48 }else{
49
50 //else continue checking
51
52 //set the format to check the email against
53
54 $checkemail = "/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i";
55
56 //check if the email doesnt match the required format
57
if(!preg_match($checkemail, $email)){
58 if(!preg_match($checkemail, $email)){
59
60 //if not then display error message
61
62 echo "<center><b>E-mail</b> is not valid, must be name@server.tld!</center>";
63
64 }else{
65
66 //otherwise continue checking
67
68 //select all rows from the database where the emails match
69
70 $res = mysqli_query($con,"SELECT * FROM `users` WHERE `email` = '".$email."'");
71
72 $num = mysqli_num_rows($res);
73
74 //check if the number of row matched is equal to 0
75
76 if($num == 0){
77
78 //if it is display error message
79
80 echo "<center>The <b>E-mail</b> you supplied does not exist in our database!</center>";
81
82 }else{
83
84 //otherwise complete forgot pass function
85
86 //split the row into an associative array
87
88 $row = mysqli_fetch_assoc($res);
89
90 //send email containing their password to their email address
91
92 mail($email, 'Forgotten Password', "Here is your password: ".$row['password']."\n\nPlease try
not too lose it again!", 'From: noreply@yourwebsitehere.co.uk');
93
94 //display success message
95
96 echo "<center>An email has been sent too your email address containing your password!
</center>";
97
98 }
99
100 }
101
102 }
103
104 }
105
106 ?>
107
108 <div id="border">
109
110 <form action="forgot.php" method="post">
111
112 <table cellpadding="2" cellspacing="0" border="0">
113
114 <tr>
115
116 <td>Email: </td>
117
118 <td><input type="text" name="email" /></td>
119
120 </tr>
121
<tr>
122 <tr>
123
124 <td colspan="2" align="center"><input type="submit" name="submit" value="Send" /></td>
125
126 </tr>
127
128 <tr>
129
130 <td colspan="2" align="center"><a href="register.php">Register</a> | <a
href="login.php">Login</a></a></td>
131
132 </tr>
133
134 </table>
135
136 </form>
137
138 </div>
139
140 </body>
141
142 </html>
This page consists of nothing new therefore I will spend less time looking over it. One thing I do want to
mention is that if you haven’t noticed because we have been including our css file into every page the
layout we are using for each page is staying very similar keeping a nice smart design throughout the
whole website.
The next and final page we will be doing in this tutorial will be slightly different. This page has the check
to see if the user is logged in or not, and in this case displays all the users online at that current moment
(or to be precise within the past 50 seconds).
1 <?php
2
//allow sessions to be passed so we can see if the user is logged in
3 //allow sessions to be passed so we can see if the user is logged in
4
5 session_start();
6
7 //connect to the database so we can check, edit, or insert data to our users table
8
9 include('config.php');
10
11 //include out functions file giving us access to the protect() function made earlier
12
13 include "functions.php";
14
15 ?>
16
17 <html>
18
19 <head>
20
21 <title>Login with Users Online Tutorial</title>
22
23 <link rel="stylesheet" type="text/css" href="style.css" />
24
25 </head>
26
27 <body>
28
29 <?php
30
31 //if the login session does not exist therefore meaning the user is not logged in
32
33 if(strcmp($_SESSION['uid'],"") == 0){
34
35 //display and error message
36
37 echo "<center>You need to be logged in to user this feature!</center>" ;
38
39 }else{
40
41 //otherwise continue the page
42
43 //this is out update script which should be used in each page to update the users online time
44
45 $time = date('U')+50;
46
47 $update = mysqli_query($con,"UPDATE `users` SET `online` = '" .$time."' WHERE `id` =
'".$_SESSION['uid']."'");
48
49 ?>
50
51 <div id="border">
52
53 <table cellpadding="2" cellspacing="0" border="0" width="100%">
54
55 <tr>
56
57 <td><b>Users Online:</b></td>
58
59 <td>
60
61 <?php
62
63 //select all rows where there online time is more than the current time
64
65 $res = mysqli_query($con,"SELECT * FROM `users` WHERE `online` > '".date('U')."'");
66
67 //loop for each row
68
while($row = mysqli_fetch_assoc($res)){
69 while($row = mysqli_fetch_assoc($res)){
70
71 //echo each username found to be online with a dash to split them
72
73 echo $row['username']." - ";
74
75 }
76
77 ?>
78
79 </td>
80
81 </tr>
82
83 <tr>
84
85 <td colspan="2" align="center"><a href="logout.php">Logout</a></td>
86
87 </tr>
88
89 </table>
90
91 </div>
92
93 <?php
94
95 //make sure you close the check if their online
96
97 }
98
99 ?>
100
101 </body>
102
103 </html>
As I mentioned, you can see this page is slightly different. Not only do we ensure that they are logged
in, but we update the online time keeping the online field ahead of the current time. Each time a page is
loaded with that script, it will update to put them online. Now we have one more final page to do and
then we are done. Once a user has logged in, he needs to be able to log out!
Logout.php
This has to be considered the easiest page to make which I am sure most of you are glad to hear. Now
here is the commented code for the logout.php file –
1 <?php
2
3 //allow sessions to be passed so we can see if the user is logged in
4
5 session_start();
6
7 //connect to the database so we can check, edit, or insert data to our users table
8
9 include('config.php');
10
11 //include out functions file giving us access to the protect() function made earlier
12
13 include "functions.php";
14
15 ?>
16
<html>
17 <html>
18
19 <head>
20
21 <title>Login with Users Online Tutorial</title>
22
23 <link rel="stylesheet" type="text/css" href="style.css" />
24
25 </head>
26
27 <body>
28
29 <?php
30
31 //check if the login session does no exist
32
33 if(strcmp($_SESSION['uid'],"") == 0){
34
35 //if it doesn't display an error message
36
37 echo "<center>You need to be logged in to log out!</center>" ;
38
39 }else{
40
41 //if it does continue checking
42
43 //update to set this users online field to the current time
44
45 mysqli_query($con,"UPDATE `users` SET `online` = '" .date('U')."' WHERE `id` =
'".$_SESSION['uid']."'");
46
47 //destroy all sessions canceling the login session
48
49 session_destroy();
50
51 //display success message
52
53 echo "<center>You have successfully logged out!</center>";
54
55 }
56
57 ?>
58
59 </body>
60
61 </html>
I think the comments in this file explain it enough, and I think your PHP knowledge now should be much
higher and you should be able to understand most of this now.
Thanks a lot
Masud Alam
Hi, My name is Masud Alam, love to work with Open Source Technologies, living in Dhaka,
Bangladesh. I’m a Certified Engineer on ZEND PHP 5.3, I served my first five years a number of
leadership positions at Winux Soft Ltd, SSL Wireless Ltd, Canadian International Development
Agency (CIDA), World Vision, Care Bangladesh, Helen Keller, US AID and MAX Group where I
worked on ERP software and web development., but now i’m a founder and CEO of TechBeeo
Software Company Ltd. I’m also a Course Instructor of ZCPE PHP 7 Certification and professional
web development course at w3programmers Training Institute – a leading Training Institute in the
country.
P H P & M Y S Q
P R O J E C T S
T A GP GH EP D L , PO HG PI N R EP G
A ,P
IG SHE TP R AF TO IR OG NO, P T HP PAP GA E ES M S A W I OL R
A C T I V A T I O N
REPLY
A L A M G I R K A B I R
1 3 J U L Y , 2 0 1 2 A T 6 : 1 1 A M
Great Job. Every part is specific. So that , anyone can understand. Great.
REPLY
F U A D H A S A N
1 4 J U L Y , 2 0 1 2 A T 2 : 5 3 A M
Excellent!!!!!!
REPLY
D A V U D N A Z A R I
1 8 S E P T E M B E R , 2 0 1 2 A T 9 : 1 7 P M
Tank you
REPLY
L
2 9 O C T O B E R , 2 0 1 2 A T 1 1 : 1 3 P M
REPLY
F U A D H A S A N
2 1 D E C E M B E R , 2 0 1 2 A T 2 : 0 5 P M
REPLY
K A M R U L H A S A N
6 F E B R U A R Y , 2 0 1 3 A T 1 2 : 2 9 A M
I have some confusions like, here you have shown login.php file for 2 times-
1. First of all only with html code
2. Secondly with php code
which one should i consider for this project ??
Though i consider for the Second one.
REPLY
S I R I V U R I R A J U
4 M A R C H , 2 0 1 3 A T 3 : 2 0 P M
I saw on point 5. Forgotten Password part, there this script send the password to user email but
my question is previously pasword was MD5 encrypted so is it working ?
REPLY
A D N A N
2 1 A P R I L , 2 0 1 3 A T 1 2 : 5 6 P M
It was great but a li’l bit over coding don’t u think? I mean u could do it much easier and shorter
with OOP
REPLY
A R U N
2 4 A P R I L , 2 0 1 3 A T 1 2 : 4 0 P M
REPLY
M A S U D ( A UL TA HM O
A R )
2 5 A P R I L , 2 0 1 3 A T 5 : 5 3 A M
REPLY
S A I F
1 0 J U L Y , 2 0 1 3 A T 8 : 4 5 A M
REPLY
S A I F
1 4 J U L Y , 2 0 1 3 A T 1 0 : 2 2 A M
It’s all great. But the register is not working and the user can not activate his account. Why?
REPLY
L U C K Y
2 9 J U L Y , 2 0 1 3 A T 8 : 0 8 A M
REPLY
Z A K I R
1 5 S E P T E M B E R , 2 0 1 3 A T 7 : 5 8 P M
REPLY
P H P L O V E R
9 N O V E M B E R , 2 0 1 3 A T 7 : 0 2 P M
REPLY
T A R U N
4 D E C E M B E R , 2 0 1 3 A T 8 : 0 5 A M
this code i want to download where is surce code and zip code
REPLY
R A S H A D
3 J U N E , 2 0 1 4 A T 1 1 : 0 8 P M
isset() function in php determines whether a variable is set and is not NULL. It returns a
boolean value, that is, if the variable is set it will return true and if the variable value is null it will
return false.
REPLY
A D E D I V I
1 J A N U A R Y , 2 0 1 5 A T 4 : 4 7 A M
when click register button, i got the following error pls help.
Warning: mail(): Failed to connect to mailserver at "localhost" port 25, verify your "SMTP" and
"smtp_port" setting in php.ini or use ini_set() in C:\wamp\www\on\register.php on line 156
REPLY
M D F A R I D K H A N D A K E R
1 6 F E B R U A R Y , 2 0 1 5 A T 7 : 0 2 A M
Musud bi Awsome.
REPLY
D E E P J Y O T I B A I S H Y A
3 N O V E M B E R , 2 0 1 7 A T 3 : 4 5 P M
Sir,
Thank you very much for your nice tutorial. And i hope that, we will get more tutorial about Php,
Javascript & others.
REPLY
A J I T
7 A P R I L , 2 0 1 8 A T 3 : 2 4 P M
REPLY
S Y E D I M R A N
1 0 M A Y , 2 0 1 8 A T 1 0 : 0 3 A M
Hi thanks Sir, problem is user is not activating after clicking on email link, database is working.
record generated just after submit register form, but when i click the link from email. its not
showing anything blank page
REPLY
D A N I E L
6 S E P T E M B E R , 2 0 1 8 A T 9 : 0 4 P M
excellent. job
REPLY
S O W E T
1 3 S E P T E M B E R , 2 0 1 8 A T 9 : 3 0 P M
GREAT JOB. GOD BLESS U. PLS CAN I GET OOP OF THIS? THANKS SIR
REPLY
J E F F D
2 4 S E P T E M B E R , 2 0 1 8 A T 4 : 3 8 A M
how do i fix?
REPLY
M D F A H M I D U Z Z A M A N S A G A R
3 N O V E M B E R , 2 0 1 8 A T 1 0 : 3 3 A M
Awesome sir
REPLY
M A R L E Y
1 2 N O V E M B E R , 2 0 1 8 A T 3 : 1 5 P M
Leave a Reply
YOUR EMAIL ADDRESS WILL NOT BE PUBLISHED. REQUIRED FIELDS ARE MARKED
*
C O M M E N T
N A *M E
E M *A I L
POST COMMENT
Categories
PHP Basics
CODEIGNITER
JAVASCRIPT
MySQL Tutorial
WordPress
Laravel
Joomla
Twitter Bootstrap
YII
Drupal
Angular JS
CakePHP
Magento
Symfony
Python
Node.js
PHP Excercises
Bangla Article
W3programmers
Facebook Group · 6,155 members
Join Group
JANUARY 2019
S S M T W T F
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
« Dec
C O P Y R I G H T © 2 0
No announcement available or all announcement expired.