jenny21 Posted November 24, 2009 Share Posted November 24, 2009 Hello my name is Jenny from asia, I would like to request help for develop this script login I would like to request to you guys, how to create coding for edit password and edit profile for this scripts i share bellow : description 1. config.php - This script contains the database connection details. Edit this file to specify your own database's connection details. 2. register-form.php - A simple registration form 3. register-exec.php - Handler script for the the above form. This script will create member accounts for you. 4. login-form.php - Login form 5. login-exec.php - Handler script for the above login form. This script authenticates the login details and then sets up a session for the user. 6. logout.php - Script used to logout a user from the session. 7. member-index.php - Sample password protected page. 8. member-profile.php - Sample password protected page. 9. auth.php - Include this script at the top of any page you want to password protect. This script checks whether the user is logged in or not. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login Form</title> <link href="loginmodule.css" rel="stylesheet" type="text/css" /> </head> <body> <p> </p> <form id="loginForm" name="loginForm" method="post" action="login-exec.php"> <table width="300" border="0" align="center" cellpadding="2" cellspacing="0"> <tr> <td width="112"><b>Login</b></td> <td width="188"><input name="login" type="text" class="textfield" id="login" /></td> </tr> <tr> <td><b>Password</b></td> <td><input name="password" type="password" class="textfield" id="password" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="Submit" value="Login" /></td> </tr> </table> </form> </body> </html> Login-Exec as the process login checking <?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: member-index.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> If users not exist will be redirect here <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login Failed</title> <link href="loginmodule.css" rel="stylesheet" type="text/css" /> </head> <body> <h1>Login Failed </h1> <p align="center"> </p> <h4 align="center" class="err">Login Failed!<br /> Please check your username and password</h4> </body> </html> Config.php <?php define('DB_HOST', 'localhost'); define('DB_USER', 'admin'); define('DB_PASSWORD', ''); define('DB_DATABASE', 'l'); ?> This is for register form <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login Form</title> <link href="loginmodule.css" rel="stylesheet" type="text/css" /> </head> <body> <?php if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) { echo '<ul class="err">'; foreach($_SESSION['ERRMSG_ARR'] as $msg) { echo '<li>',$msg,'</li>'; } echo '</ul>'; unset($_SESSION['ERRMSG_ARR']); } ?> <form id="loginForm" name="loginForm" method="post" action="register-exec.php"> <table width="300" border="0" align="center" cellpadding="2" cellspacing="0"> <tr> <th>First Name </th> <td><input name="fname" type="text" class="textfield" id="fname" /></td> </tr> <tr> <th>Last Name </th> <td><input name="lname" type="text" class="textfield" id="lname" /></td> </tr> <tr> <th width="124">Login</th> <td width="168"><input name="login" type="text" class="textfield" id="login" /></td> </tr> <tr> <th>Password</th> <td><input name="password" type="password" class="textfield" id="password" /></td> </tr> <tr> <th>Confirm Password </th> <td><input name="cpassword" type="password" class="textfield" id="cpassword" /></td> </tr> <tr> <td> </td> <td><input type="submit" name="Submit" value="Register" /></td> </tr> </table> </form> </body> </html> and register process <?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $fname = clean($_POST['fname']); $lname = clean($_POST['lname']); $login = clean($_POST['login']); $password = clean($_POST['password']); $cpassword = clean($_POST['cpassword']); //Input Validations if($fname == '') { $errmsg_arr[] = 'First name missing'; $errflag = true; } if($lname == '') { $errmsg_arr[] = 'Last name missing'; $errflag = true; } if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } if($cpassword == '') { $errmsg_arr[] = 'Confirm password missing'; $errflag = true; } if( strcmp($password, $cpassword) != 0 ) { $errmsg_arr[] = 'Passwords do not match'; $errflag = true; } //Check for duplicate login ID if($login != '') { $qry = "SELECT * FROM members WHERE login='$login'"; $result = mysql_query($qry); if($result) { if(mysql_num_rows($result) > 0) { $errmsg_arr[] = 'Login ID already in use'; $errflag = true; } @mysql_free_result($result); } else { die("Query failed"); } } //If there are input validations, redirect back to the registration form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: register-form.php"); exit(); } //Create INSERT query $qry = "INSERT INTO members(firstname, lastname, login, passwd) VALUES('$fname','$lname','$login','".md5($_POST['password'])."')"; $result = @mysql_query($qry); //Check whether the query was successful or not if($result) { header("location: register-success.php"); exit(); }else { die("Query failed"); } ?> Now I'm really confused to coding edit password and edit-process.php because the script use MD5 protection Please help me to build coding content edit password and profile. I will wait for your reply very soon mate Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.