User Login

[william205]

I am having trouble finding a tutorial on how to have a login system like facebook and many other sites where when you login you get taken to your own profile with your own information using PHP and Mysql.

 

Any help would be much appreciated.

 

Thanks

[adamlacombe]

I'll write out the basics for you 

 

Alright so first step would be to create the signup page.

so here is what signup.php should look like

<?php
include ('connect.php');
if($_POST['submit']){
$username=$_POST['username'];
$password=$_POST['pass'];

  $sql = "INSERT into `users`(`username`,`password`)
  VALUES ('$username','".md5($password)."');";

$query = mysql_query($sql) or die(mysql_error());

}else{ echo '
<form method="post" action="signup.php">

Username: <input  id="username" size="30" type="text" name="username"><br>
Password: <input  id="username" size="30" type="text" name="username"><br>

<input type="submit" name="submit" value="Signup!">';

} ?>

 

 

Now the login page:

<?php
include('connect.php');
if($_POST['submit']){
  $user = $_POST['usernamel'];
  $pass = $_POST['password'];

if($user && $pass)
{
$pass = md5($pass);
$sql="SELECT id,username,password FROM `users` WHERE `username`='$user' AND `password`='$pass'";
$query=mysql_query($sql) or die(mysql_error());

    if(mysql_num_rows($query) > 0)
    {
      $row = mysql_fetch_assoc($query);
      $_SESSION['id'] = $row['id'];
      $_SESSION['username'] = $row['username'];
      $_SESSION['password'] = $row['password'];


echo '<meta http-equiv="REFRESH" content="0;url=index.php">';
    }
    else
   {
    echo "Email and password combination is incorrect!";
   }	
}
else
{			
   echo "You need to gimme a email AND password!";
}

}else{
   echo "<form action='login.php' method='post'>
Username: <input type='text' name='username' size='30'><br />
Password: <input type='password' name='password' size='30'><br />
?>

 

 

then the user page:

<?php
include('connect.php');

if(!$_SESSION['id']){
echo "You are not logged in!";
}else{
echo "Welcome $_SESSION[username]";
}
?>

 

 

 

** dont forget to clean everything

[william205]

The use that I need it for doesn't need a sign up page because it is for a school so they have all the usernames and passwords of the students in a database already.

 

Before I saw your login script I had the following and still do because your one didn't work for some reason.

 

<?php
$host="localhost"; 
$username="root"; 
$password="root"; 
$db_name="portal"; 
$tbl_name="login"; 


mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");


$user=$_POST['user']; 
$pass=$_POST['pass'];


$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);

$sql="SELECT * FROM $tbl_name WHERE user='$user' and pass='$pass'";
$result=mysql_query($sql);


$count=mysql_num_rows($result);


if($count==1){

session_register("user");
session_register("pass"); 
header("location:aments.php");
}
else {
header("location:wrong.html");
}
?>

 

And I need it so that when a student logs on it will show them their own time table and grades, would your way work to do this?

 

If their is any other files you need to see just say and I will attach them.

 

Many Thanks

 

 

[adamlacombe]

<?php
$host="localhost"; 
$username="root"; 
$password="root"; 
$db_name="portal"; 
$tbl_name="login"; 


mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

function clean ($str){
    $str = strip_tags ($str);
    $str = htmlspecialchars ($str, ENT_NOQUOTES);
    $str = stripslashes ($str);
    $str = mysql_real_escape_string($str);
    return $str;
}

session_start();

$user=clean($_POST['user']); 
$pass=clean($_POST['pass']);

$sql="SELECT * FROM $tbl_name WHERE user='$user' and pass='$pass'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){

      $row = mysql_fetch_assoc($result);
      $_SESSION['id'] = $row['id'];
      $_SESSION['user'] = $row['user'];


echo '<meta http-equiv="REFRESH" content="0;url=aments.php">';
}else{
echo '<meta http-equiv="REFRESH" content="0;url=wrong.html">';
}
?>

That should work..

 

Always remember to put a session_start(); in every page though..

I cleaned all your $_POSTs also.

 

Now do you have their grades, etc. in a different table? if so all you would need to do is make sure that there is a field called "user" or something in that table with their id.

then select everything from the grades table where user=$_SESSION[id]

You can also do it by username but if someone wants to change their username it would be easier to use id's

[william205]

Thanks

 

At the moment I have a table called timetable and a table called grades and each pupil has an id in the first column of the table.

 

so would I put user=$_SESSION[id] like that or something like $user=mysql_query("SELECT * from timetable where user=$_SESSION[id]")

 

 

 

[gergy008]

I am having trouble finding a tutorial on how to have a login system like facebook and many other sites where when you login you get taken to your own profile with your own information using PHP and Mysql.

 

Any help would be much appreciated.

 

Thanks

 

Simpleauth would help you loads.

 

http://simpleauth.munk.me.uk/