Introduction.
In this tutorial I will be showing you how to create an advanced PHP/MySQL membership system for you’re website. We are going to create the simple forms, and create the back end to allow users to login, register, and logout of you’re website.
This “Advanced” membership system is actually quite simple, what makes it advanced is the object oriented user that will allow for a very extendable membership system. This makes the membership system very versatile and usable on many different kinds of website.
You will need:
- A little bit of PHP knowledge.
We will be using some object oriented programming along with the basic required PHP for the membership system.
- HTML Knowledge.
I am just going to give code for basic forms just to make the scripts work.
- A Text Editor or IDE.
You will obviously need some sort of editor to edit your files in.
- A testing server.
You will need somewhere to test your project, we will be using PHP and MySQL so ensure that you’re testing server has these services available.
Create the basic files.
We are just going to create the HTML forms and files that we are going to use to access the membership system. We need to make one for existing users to login, that one will be simple because it is just 3 elements. Email/Username, Password, and Submit. We also will need to make a register form to allow new users to register on your website.
The files we will need in the root directory will be:
- index.php
The main page that the users will access. Will also include the Login form.
- register.php
The form for users to register into the website, if this is something that you want.
- handlers/login_handler.php
Will handle a login request by the user, check it against the database, and authorize or deny the login request.
- handlers/register_handler.php
Will handle a request by the user to register to the website.
- handlers/user_handler.php
Will be included in the beginning of all of your pages to load the users settings. Will also check the page permissions against the users permissions.
- handlers/User.class.php
This is the actual user class. This will hold all of the users information and provide different functions relating to the membership system.
Create the forms.
The forms you will want to customize to match you’re websites theme. I am just going to give you basic forms to get the tutorial running, and the HTML isn’t what this tutorial is really about so we are just going to skip over the HTML basics there.
Login Form (plus some php code for later):
<?php
require("handlers/user_handler.php");
if($user_data['loggedIn'] == 1)
{
$string = "Logged in as: ";
$string .= $User->get_info("email");
$string .= " <a href=?logout>Logout</a>";
echo $string;
}
if(isset($_GET['error']) && $_GET['error'] == 1)
{
echo "<span style=color:red>There was an error logging in!</span>";
}
?>
<form id="login" method="POST" action="handlers/login_handler.php">
Email: <input type="text" name="email" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" name="submit" value="Login!" />
</form>
Put this code into your “index.php” file. This will act as the login form.
Next paste this form (or create you’re own) in “register.php“:
<?php
if(isset($_GET['error']) && $_GET['error'] > 0)
{
echo "<span style=color:red>There was an error registering</span>";
}
?>
<form id="register" method="POST" action="handlers/register_handler.php">
First Name: <input type="text" name="first_name" /><br />
Last Name: <input type="text" name="last_name" /><br />
<br />
Email: <input type="text" name="email" /><br />
Password: <input type="password" name="password1" /><br />
Verify Password: <input type="password" name="password2" /><br />
<br />
<input type="submit" name="submit" value="Register!" />
</form>
Now that the base pages are done (ugly, but done) we can start to get into the back end of the membership system.
Create the MySQL Database.
The database is going to be very simple. A single table in the database will handle everything necessary for the entire membership system to work properly. Like I said in the introduction the “advanced” membership system is actually quite simple.
Create a database:
CREATE DATABASE `database_name` ;
Obviously you need to replace “
database_name” with the name of the database you are creating, If you’re website is already using a database you can skip that part and just add the table to the database.
Add the table to the database:
CREATE TABLE `database_name`.`users` (
`id` INT( 10 ) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`first_name` VARCHAR( 255 ) NOT NULL ,
`last_name` VARCHAR( 255 ) NOT NULL ,
`email` VARCHAR( 255 ) NOT NULL ,
`password` VARCHAR( 32 ) NOT NULL
) ENGINE = InnoDB;
Once again ensure to change “database_name” with the name of the database that you created before (or your existing database). Now that our table has been created we need to insert a default user into the database for testing.
INSERT INTO `database_name`.`users`
`id` ,
`first_name` ,
`last_name` ,
`email` ,
`password`
)
VALUES (
NULL , 'Daniel', 'Henry', 'daniel@codedopen.com', 'aa47f8215c6f30a0dcdb2a36a9f4168e'
);
Now we have a single row in the database holding a user. As of right now there is no user privileges or anything like that. Just a few simple different entries that a website would commonly use. We will get to adding user privileges and more fields later, but this should do for now. Also I should note that the password entry is an Md5 hash. I set the field “password” type to VARCHAR(32) to hold an Md5 hash perfectly, and the users password isn’t stored in plain text.
Starting the back end: User Handler and User Class.
The user handler will be included at the beginning of all of your pages and will determine if a user is logged in already, if not it will allow the user to log in. Otherwise it will load the logged in user from the database, create the user object, and verify the user’s information.
First off lets create the actual user handler:
<!--?php
mysql_connect("localhost", "root", "");
mysql_select_db("database_name");
session_start();
if(!isset($_SESSION['user']))
{
$user_data['loggedIn'] = 0;
}else{
$user_data = $_SESSION['user'];
$user_data['loggedIn'] = 1;
if($user_data['email'] == "" || $user_data['password'] == "")
{
unset($user_data);
unset($_SESSION['user']);
$user_data['loggedIn'] = 0;
}
require_once("handlers/User.class.php");
if(!$User = new User($user_data['email'], $user_data['password']))
{
unset($user_data);
unset($_SESSION['user']);
$user_data['loggedIn'] = 0;
}
}
if(isset($_GET['logout']) && $user_data['loggedIn'] == 1)
{
unset($_SESSION['user']);
unset($user_data);
unset($User);
$user_data['loggedIn'] = 0;
}
?>
This file is included at the beginning of every page. It pretty much handles everything user related. First it checks to see if a user is already logged in. If a user is already logged in it ensures verifies the information and creates the User object that allows the rest of the website to interact with the logged in user.
With the minimal settings that I have included in the tutorial so far there really isn’t much that you can do with the user but we will talk about expanding the membership system later.
Now the User class:
<?php
class User
{
private $user_information;
public function __construct($email, $password)
{
$password = md5($password);
if(!$result = mysql_query("SELECT * FROM users WHERE email='{$email}' && password='{$password}'"))
{
return 0;
}
$this->user_informaion = mysql_fetch_assoc($result);
}
public function get_info($field)
{
if($field == "")
{
return 0;
}
if(!key_exists($field, $this->user_informaion) || $field == "password")
{
return 0;
}
if(!$request = $this->user_informaion[$field])
{
return 0;
}
return $request;
}
}
?>
The User class is in my opinion what makes this membership system advanced. If you were to copy paste this code, yeah, maybe it’s pretty simple. But with some modifications to the code and some customizations to your website this code would allow you to just about anything without really changing too much on the back end of your website.
The class contains a function called get_info(). This function will allow you to grab and return any bit of information on the user except the password key. This will make life much simpler when we get to adding new functionality to your code membership system.
Handling a Login Request.
We will need a file for the login form to direct to. The action of the form that I created points to a file at handlers/login_handler.php. You can put it wherever you want but for the sake of the tutorial we will use the one I listed above. The login handler really doesn’t have to do that much. All it has to do is verify the information and set the session variables.
Login Handler:
<?php
mysql_connect("localhost", "root", "");
mysql_select_db("database_name");
session_start();
function clean($string)
{
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
return $string;
}
function go_home($error=0)
{
$string = "
<script type=\"text/javascript\">
<!--
window.location = \"../index.php";
if($error == 1)
{
$string .= "?error=1";
}
$string .= "\"
-->
</script>
There has been an error logging in, please click <a href=\"../index.php?error=1\">here</a> to go back home.
";
echo $string;
die();
}
if(!isset($_POST['submit']) || $_POST['email'] == "" || $_POST['password'] == "")
{
go_home(1);
}
$email = clean($_POST['email']);
$password = md5($_POST['password']);
$result = mysql_query("SELECT * FROM users WHERE email='{$email}' && password='{$password}'");
if(mysql_num_rows($result) < 1)
{
go_home(1);
}
$_SESSION['user']['email'] = $email;
$_SESSION['user']['password'] = $_POST['password'];
go_home();
?>
This file does exactly what I said it should, and really nothing too much more. Not too much advanced stuff to talk about here so we can move on. The only thing that I should mention is now you know how the code above the login form is used. It displays an error on a failed login, and it also displays a “logged in” message when a login is successful.
Handling a registration.
Now all we really need to do to have a complete (but bare) membership system is to add the registration handler. This will be almost as simple as the login handler, it will just be a little bit longer. We need to verify that the email address isn’t already in use, the passwords match, then insert it all into the database. Pretty simple right?
handlers/register_handler.php:
<?php
mysql_connect("localhost", "root", "");
mysql_select_db("database_name");
function clean($string)
{
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
return $string;
}
function go_back($error=0)
{
$string = "
<script type=\"text/javascript\">
<!--
window.location = \"../register.php";
if($error == 1)
{
$string .= "?error=1";
}
$string .= "\"
-->
</script>
There has been an error registering, please click <a href=\"../register.php?error=1\">here</a> to go back to the registration page.
";
echo $string;
die();
}
if(!isset($_POST['email']) || !isset($_POST['password1']) || !isset($_POST['password2']))
{
go_back(1);
}
if($_POST['password1'] != $_POST['password2'])
{
go_back(1);
}
$email = clean($_POST['email']);
$password = md5($_POST['password1']);
$first_name = clean($_POST['first_name']);
$last_name = clean($_POST['last_name']);
$result = mysql_query("SELECT email FROM users WHERE email='$email'");
if(@mysql_num_rows($result) > 0)
{
go_back(1);
}
$query = "INSERT INTO users
(first_name ,
last_name ,
email ,
password
)
VALUES (
'$first_name', '$last_name', '$email', '$password'
)";
mysql_query($query);
echo "Successfu Register. Click <a href=../index.php>here</a> to login!";
?>
The file creates a new entry in the database after ensuring that a.)The email has not been used yet and b.)that the users passwords match.
Making Additions.
Now that we have a plain jane membership system (Hooray!) we will probably need to start adding to it. First of all the forms need some work and the error handling for the registration and login could be better, but that isn’t our main focus for adding to the membership system.
Mainly what we will want to do is add functionality, like maybe add an address field, phone number, user permissions, etc. This will pe incredibly simple to do because of the way that you build your membership system.
As you know, all you need to do to get any of the users information is use the User objects function get_info() to get a any type of information on the user. So to do something simple like an address or phone number you just need to add them to the database. It will already be loaded into the object after you insert it,
For something like user permissions you would have to add the permissions to the database just like address/phone number, but there would be one more step. You would either have to create a function library to be included with every page, or create methods in the User class to handler user permissions. Either way is fine, I however prefer the latter.
Conclusion.
So after all of that you should have a working membership system on your website. It may have required some tinkering with the code a little bit to get working on your homepage but nonetheless, you learned something new and that it always great.
If you have any problems, errors, or if you see a typo feel free to leave a comment here and I will do my best to help you out. We also have a the forums where you could probably get some support, and I could use some help filling up the boards so if you feel like helping me and also helping start a great new online community for programmers everywhere freel free to stop by.
A timestamp is a sequence of characters, denoting the date and/or time at which a certain event occurred. 