help with php and mysql

[h89]

Hello, I am new to this site and hope I am posting this in the right section...

 

The thing is.....

 

I would like some help with php and mysql..

 

What I want to create is a page where users can create an account by entering their name, email and password, and if the username is taken they will have to try again otherwise their details will be registered to the mysql table and have an account to login.

 

Also I would like a redirect so if the user is a standard user it goes to say “home”, but if the user is an admin it will go to another page ie “home2”, and how would I create the admin in the same table on mysql  or seperate?

Right the last thing is once the user can register and login, so can the admin, for instance if there are 10 users, when logged in I want each of those users to see different information can this be done and how could I do this ? I thought maybe have the table and the id would be from 1-10 so if user is 1 being dan show his column, and if user logged 2 being steve show column id 2.

 

Can somebody help me implement this please ?

 

I am currently learning php and mysql, im in university I managed to learn how to create the table, connect login, search, add to the database when logged in and edit etc.. but for what I want to achieve now I cannot find any tutorials or help, could somebody please help me with the coding for this and what pages are what and how to create the table in mysql being either 1 table for both user and admin, or 2 tables for separate users and admin.

 

Thanks for your help in advance guys

 

 

[acidpunk]

I read your post and: noones going to hand you everything you're looking for, it ruins the whole purpose of learning, but.

i figured i'd shoot you in the right direction, so I whipped up a quick little example of how a basic registration process works.

 

 

I used "name" and "email" you can problably go from there, by filling in a password, or whatever else you'd wan't.

 

I showed you an example by using rowCount() for checking if a user exists in the database.

 

Lastly, if no errors exist, it gets posted in the database.

 

//connection to the database.
$user = 'dbuserhere';
$pass = 'dbpasshere';
$dbh = new PDO('mysql:host=localhost;dbname=dbnamehere', $user, $pass);

//creat account.
if (isset($_POST['register'])) //triggered from the user clicking on 'Create Account'
{
    if (empty($_POST['name']))
    {
        $errors[] = 'Error: Name may not be empty.';
    }
    elseif(empty($_POST['email']))
    {
        $errors[] = 'Error: E-mail may not be empty.';
    }

    //check if the name being entered already exists in the database or not.
    $name = htmlentities($_POST['name']);
    $query = $dbh->prepare('SELECT `name` FROM `users` WHERE `name` = :name');
    $query->execute(array(
        ':name' => $name
        ));
    if ($query->rowCount() > 0)
    {
        $errors[] = 'Error: The name you entered already exists.';
    }

    //check if there were any errors during the process.
    if (!empty($errors))
    {
        foreach ($errors as $error)
        {
            echo $error;
        }
    }
    else
    {
        //no errors, so insert the data.
        $email = htmlentities($_POST['email']);
        $query = $dbh->prepare('INSERT INTO `users` (`name`,`email`) VALUES(:name,:email)');
        $query->execute(array(
            ':name' => $name,
            ':email' => $email
            ));
        echo 'Thank you '.$name.' for signing up!';
    }
}
 
//form for your create account.
echo '<form method="POST">
    Name: <input required type="text" name="name"><br />
    E-mail: <input required type="email" name="email">
    <input type="submit" name="register" value="Create Account">
    </form>';
?>

 

 

The login is basically the same thing as the register page. You have your form,

<form method="POST">
Name: <input required type="text" name="name">
Pass: <input reuired type="password" name="pass">

call your form

if (isset($_POST['login']))
{
   // 1. error check
   // 2. check if the user exists.
   // 3. if the user exits, fetch the users data.
   // 4. check the user pass against the form pass.
   // 5. create your session.
}

$name = htmlentities($_POST['name']);

$query = $dbh->prepare('SELECT `pass`,`id`,`name` FROM `users` WHERE `name` = :name');

$query->execute(array(

    ':name' = $name

    ));

if ($query->rowCount() > 0) //user exists. else, error.

{
    $row = $query->fetch();

    $user_pass = $row['pass'];



    $form_pass = htmlentities(['pass']);

    if ($form_pass != $user_pass)

    {

        echo 'oops! your passwords do not match!';

    }

    else

    {



        //passwords match!

        $_SESSION['userid'] = $row['id']; //creating your session variable.

        header('Location: members.php');

}

On your members page, just check to see if the $_SESSION is empty or not, if it' empty, direct the user back to the login page, if the session is not empty, stay logged in..

 

to query the logged user:

$query = $dbh->prepare('SELECT * FROM `users` WHERE `id` = :id');
$query->execute(array(':id'=>$_SESSION['userid']));
$user = $query->fetch();
 
$username = $user['name'];
$userid = $user['id'];
$email = $user['email'];

I got bored, decided to hopefully steer you in the right direction.

[Jacques1]

I got bored, decided to hopefully steer you in the right direction.

 

I doubt that. The code is full of security vulnerabilities, configuration issues, conceptual errors, bugs and plain nonsense.

 

Either hand out excellent code, or don't hand out code at all. It doesn't help anybody if you post some half-baked script . In fact, it's downright harmful, because people looking for help tend to blindly take anything they can get. I wouldn't be surprised if this very code is running on some live server right now.

 

Sorry for the harsh reaction, but sometimes less is more.