internet security is a gate that blocks the user “your passwor?”
have you ever wondered how the password and email is stored? the password and emails are very vital information about a registered user and the password is sent to the database.
lets create a registration page for users and the login section to show you.
we will the using the folder as the site “fetch” now, we have a registration page “index.php”
the index page is the first page people see when they come over to the site.
<?php
include_once(‘inc/header.inc.php’);
?>
<?php
if (!isset($_SESSION[“user_login”])){
echo “”;
}
else
{
echo “<meta http-equiv=\”refresh\” content=\”0; url=home.php\”>”;
}
?>
<?php
$reg = @$_POST[‘reg’];
//declaring variables to prevent errors
$fn = “”;
$ln = “”;
$un = “”;
$em = “”;
$em2 = “”;
$pswd = “”;
$pswd2 = “”;
$d = “”;
$u_check = “”;
//registration form
$fn = strip_tags(@$_POST[‘fname’]);
$ln = strip_tags(@$_POST[‘lname’]);
$un = strip_tags(@$_POST[‘username’]);
$em = strip_tags(@$_POST[’email’]);
$em2 = strip_tags(@$_POST[’email2′]);
$pswd = strip_tags(@$_POST[‘password’]);
$pswd2 = strip_tags(@$_POST[‘password2’]);
$d = date(“y-m-d”);
if ($reg) {
if ($em==$em2){
//check if user already exists
$u_check = mysql_query(“SELECT username FROM users WHERE username=’$un'”);
//count the amount of rows where username = $un
$check = mysql_num_rows($u_check);
$e_check = mysql_query(“SELECT email FROM users WHERE email=’$em'”);
//count the number of rows returned
$email_check = mysql_num_rows($e_check);
if ($check == 0){
if ($email_check == 0){
if($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check the password match
if($pswd==$pswd2){
//check the maximum lenght of username/firstname/last name is 25 character!
if(strlen($un)>25||strlen($fn)>25||strlen($ln)>25){
echo “The maximum limit for username/firstname/lastname is 25 characters!”;
}
else
{
//check the maximum lenght of password does not exceed 25 and less than 5
if (strlen($pswd)>30||strlen($pswd)<5){
echo “your password must be between 5 and 30 characters long!”;
}
else
{
$query = mysql_query(“INSERT INTO users VALUES(”,’$un’,’$fn’,’$ln’,’$em’,’$pswd’,’$d’,’0′,’write something about yourself’,”,”)”);
die(“<h2>Welcome To Shardar</h2><a href=’index.php’>login to your account to get started …</a>”);
}
}
}
else{
echo “your passwords dont match”;
}
}
else
{
echo “please fill in all the fileds”;
}
}
else
{
echo “sorry, but it looks like some one has already used that email!”;
}
}
else
{
echo “username already taken …”;
}
}
else{
echo “your emails dont match!”;
}
}
// user login code
if (isset($_POST[“user_login”]) && isset($_POST[“password_login”])){
$user_login = preg_replace(‘#[^A-Za-z0-9] #i ‘,”, $_POST[“user_login”]); $password_login = preg_replace(‘#[^A-Za-z0-9] #i ‘,”,$_POST[“password_login”]); $sql = mysql_query(“SELECT id FROM users WHERE username=’$user_login’ AND password=’$password_login'”);
//check for their existence
$userCount = mysql_num_rows($sql);
if ($userCount == 1){
while($row = mysql_fetch_array($sql)){
$id = $row[“id”];
}
$_SESSION[“user_login”] = $user_login;
echo “<script>window.open(‘home.php’,’_self’)</script>”;
exit();
} else {
echo ‘<h2>that information is not correct. Try the second time</h2>’;
exit();
}
}
?>
<table>
<tr>
<td width=”60%” valign=”top”>
<h2>Already a member? Sign in below!</h2>
<form action=”” method=”POST”>
<input type=”text” name=”user_login” id=”f” size=”25″ placeholder=”Username” /><br/><br />
<input type=”text” name=”password_login” id=”f” size=”25″ placeholder=”Password” /><br/><br />
<input type=”submit” name=”login” value=”Login!” />
</form>
</td>
<td width=”40%” valign=”top”>
<h2>Sign Up Below!</h2>
<form action=”” method=”POST”>
<input type=”text” name=”fname” size=”25″ id=”f” placeholder=”First Name” /><br /><br />
<input type=”text” name=”lname” size=”25″ id=”f” placeholder=”Last Name” /><br/><br />
<input type=”text” name=”username” size=”25″ id=”f” placeholder=”Username” /><br/><br />
<input type=”text” name=”email” size=”25″ id=”f” placeholder=”Email” /><br/><br />
<input type=”text” name=”email2″ size=”25″ id=”f” placeholder=”Email(same email pls)” /><br/><br />
<input type=”text” name=”password” size=”25″ id=”f” placeholder=”Password” /><br/><br />
<input type=”text” name=”password2″ size=”25″ id=”f” placeholder=”Password(same password pls)” /><br/><br />
<input type=”submit” name=”reg” value=”Sign Up!” />
</form>
</td>
</div>
</tr>
</table>
<?php include(“inc/footer.inc.php”);?>
in these case, when the password is correct, it will take the user to “home.php”.
the “home.php” looks like these,
<?php
include_once(‘inc/header.inc.php’);
?>
<?php
echo “Hello,”.$user;
echo “<br /> Would you like to logout? <a href=’logout.php’>Logout</a>”;
?>
these is the database
the name of the table is “users”
the name of the database is “fetch”
now we will create a script that will connect to the database “connect.php”
these script will connect the user to the database. am using xammplite.
we have the profile.php
<?php
include_once(‘inc/header.inc.php’);
?>
<?php
if(isset($_GET[‘u’])){
$username = mysql_real_escape_string($_GET[‘u’]);
if (ctype_alnum($username)){
// check user exists
$check = mysql_query(“SELECT username, first_name FROM users WHERE username=’$username'”);
if(mysql_num_rows($check)===1){
$get = mysql_fetch_assoc($check);
$username = $get[‘username’];
$firstname = $get[‘first_name’];
}
else
{
exit();
}
}
}
?>
these is how your details are stored. these is just the basics which i have to tell you