Need Help Getting Started

[shdwfrk]

I'm going to go for broke here as this is the last thing I can think of that is going to help me learn anything...

 

First things first. I have been reading tutorials and guides and all other things about PHP and playing around with all the codes from these tutorials and guides on my localhost. All work well. Yet, they haven't really taught me a great deal since all the code is already written and it's extremely hard to customize with the limited knowledge I currently have. I do not learn very well from sitting down and reading something that someone else has already written and then trying to work out what all the parts are.

 

When I look at some code - I can usually figure out what is happening and what the code is doing. But it doesn't really help me understand how to write the code myself...

 

So I thought if I made a topic where I get people to help ME write out a complete code.. I would actually learn something as I go along.. asking questions where I need to and building it exactly the way I want it. Note the 'ME' is capitalized. I don't expect everyone else to write it all down for me. I want to write it - have you guys give it the ok and we'll move on to the next bit. I know there will be parts where I am completely lost and I will need people to write down something to keep the whole thing moving. I would then ask questions untill I understood what you have provided.

 

The whole idea of this is to build a User Login/Management system. If anyone is up for supporting this idea and helping me start from scratch let me know. Otherwise I'm not sure what else I'm going to have to do.

[gizmola]

Ok, so you want a login system -- how are you going to store the user data?  Will you implement permissions aka ACL's?

 

This is the first step.

[shdwfrk]

Umm.. I want to store the user data in MySQL and as far as permissions.. do you mean having 2 different types of user levels? Like a standard user and an Admin user? If so then no.. I just want to have all users as standard users, and afterwards make a system just for myself to manage the users. The management system I will do afterwards.. I just want a completely basic user login system to start with.

 

I'll give you a little more info on what I'm looking to do...

 

Basic register page. Username, password, confirm password and an email address.

Account Activation

Login problems - reset password via username or email lookup form

And a standard login page.

 

Thats the basic user system I want. Nothing fancy at this stage.

[Drummin]

So you need a database table for users.  I would suggest using these fields.

 

id int(11) NOT NULL AUTO_INCREMENT,     

user varchar(20) NOT NULL,   

userfirst varchar(20) NOT NULL,  //Remove if you don't want this info on registration form BUT it's good to have names for email etc.

userlast varchar(20) NOT NULL,  //Remove if you don't want this info on registration form BUT it's good to have names for email etc. 

mi varchar(1) NOT NULL,    //Remove if you don't want this info on registration form BUT it's good to have names for email etc.

pass char(32) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL,

email varchar(255) DEFAULT NULL, 

phone varchar(18) NOT NULL,    //Remove if you don't want this info on registration form BUT it's good to have in some venues.

level varchar(2) DEFAULT NULL, 

 

Do you know how to create these tables with a script and add the "Admin" user?

[shdwfrk]

I am not totally sure on how to make a database with a php script but I have phpMyAdmin to manage my database with.

 

And just for the purpose of this, I'm only going to use username, password and email. I don't need to add anything else just yet.

 

So to create the table in phpMyAdmin... something like this.

 

CREATE TABLE users (

  `id` int(11) NOT NULL AUTO_INCREMENT,

  `username` varchar(255) default NULL,

  `password` varchar(255) default NULL,

  `email` varchar(255) default NULL,

  PRIMARY KEY (`id`)

) TYPE=MyISAM AUTO_INCREMENT=1;

 

@Drummin - would you care to explain why you have CHARACTER SET latin1 COLLATE latin1_bin NOT NULL, at the password field in your code? What would be benefits or is it just personal preference?

[Drummin]

would you care to explain why you have CHARACTER SET latin1 COLLATE latin1_bin NOT NULL, at the password field in your code? What would be benefits or is it just personal preference?

The above actually came from a DUMP and I don't recall adding it initially but that was a year or so ago.  Possibly the default MySQL setting. 

 

I think you should add the level field to qualify the user logging in and directing them to the proper section.  Maybe think of it as level1 has registered but not approved or has been banned, level2 is a user and level3 will be for you down the road when you work on that Admin section.

[gizmola]

Don't worry about all that extra stuff he has. Your table is fine, and you can run that script in mysql. You of course need a database first, but I'm assuming you understand that and are using the database you want your tables to be in.

 

So looking at this here are a couple of comments:

 

username varchar(255) means you are going to allow usernames to be 255 characters.  Seems far too large to me.  Pick a reasonable username maximum size anywhere from 12-20 characters.

password varchar(255) is not what you want.  You are going to use a hash to store your passwords.  Your main choices are md5 or sha1  Look at the manual page for each and decide which you want to use then have the password column be a char() of exactly the size you need.

 

Make quick test scripts that call either or both of the functions if you want to understand how they work.

 

You will need to add one more column....

`salt` varchar(16) default NULL

 

 

[gizmola]

would you care to explain why you have CHARACTER SET latin1 COLLATE latin1_bin NOT NULL, at the password field in your code? What would be benefits or is it just personal preference?

The above actually came from a DUMP and I don't recall adding it initially but that was a year or so ago.  Possibly the default MySQL setting. 

 

I think you should add the level field to qualify the user logging in and directing them to the proper section.  Maybe think of it as level1 has registered but not approved or has been banned, level2 is a user and level3 will be for you down the road when you work on that Admin section.

 

Yes those are the character set defaults for your database.

[shdwfrk]

@gizmola - I know what md5 and sha1 do in a sense.. but I'm not sure how to get the data I need here. I know they change a password from 'apple' to 'blahblahblah' etc. but how would I find out any 6-12 char password? I changed the sql to what Drummin has with 32 - is that correct? Also, username set to max size of 18 chars and added salt.

 

I also want to add if the user is activated or not.. and obvioulsy it would be set to not by default.. (correct it if it's wrong please  )

 

CREATE TABLE users (

  `id` int(11) NOT NULL AUTO_INCREMENT,

  `username` varchar(18) default NULL,

  `password` char(32) default NULL,

  `email` varchar(255) default NULL,

  `active` int(1) default '0',

  `salt` varchar(16) default NULL,

  PRIMARY KEY (`id`)

) TYPE=MyISAM AUTO_INCREMENT=1;

[gizmola]

The char(32) will work for md5() so that's what you'll use.

 

For activation add a column named `activated` tinyint default 0.  You will set it to 1 when activated.

 

You will probably also want some sort of activation mechanism.  What a lot of people do is add column like: 

 

`activationkey` char(32) default NULL

 

And you can generate a seperate md5() hash of something and then you mail that to them filled in as a get parameter for an activation url you implement.  That script simply flips the active column from 0 to 1.

 

But before we get too far into the weeds, finish up the table design.  When you're sure you have what you want you can move on.  You should consider Drummin's suggestion of adding a status (also use a tinyint default 1. 

 

A scheme that could work pretty well might be:

 

status

--------

-2 = Banned

-1 = Inactive (maybe you'll allow users to deactivate their account or you'll deactivate old accounts)

1 = Active

 

This scheme makes it easy to check that the status > 0 and you can add new status that are either postive (they should login) or negative (they shouldn't) and your basic check won't break or require modification.

 

 

[shdwfrk]

Awesome gizmola. Very helpful. Just a question about the status and activated keys.. There wouldn't be any problem setting an unactivated account (unconfirmed) with a status of active would there? If not I'm happy with the table as it is. (If it's all correct.)

 

CREATE TABLE users (

  `id` int(11) NOT NULL AUTO_INCREMENT,

  `username` varchar(18) default NULL,

  `password` char(32) default NULL,

  `email` varchar(255) default NULL,

  `activated` tinyint default 0,

  `activationkey` char(32) default NULL,

  `status` tinyint default 1,

  `salt` varchar(16) default NULL,

  PRIMARY KEY (`id`)

) TYPE=MyISAM AUTO_INCREMENT=1;

[gizmola]

No problem with having an active account that is not activated. Typically you will let someone login who has an "active" but unactivated account and display them a message that explains they need to activate it, look for the activation email, yada yada, and provides them a way to request another activation email be sent.

 

People who have a status

[shdwfrk]

Ok so it's all good then. I suppose the next step would be to start on a registration page?

 

In many of the tutorials I've read the basic first step is to check if a user is already logged in, so that a logged in user can't register again. If so, redirect them back to the homepage or elsewhere... If I'm already ahead of myself let me know lol

 

I'm going to ask for a lot of help with the php from here... But as I said in the OP.. I don't want you guys to write everything. Give me some direction or a small piece of code and I'll look into whatever you post, ask questions, write something and see what the results are.

[gizmola]

You need to figure out what type of basic structure your framework is going to support.  The most used pattern is MVC.  You could take some time to look into that, but I can suggest a very simple plan which is to start with the concept of a controller.  The controller in your case will be the index.php.  So all scripts will be run through the index.php using this simple idea:

 

index.php?page=pagename

 

You will be able to have additional page specific parameters when needed

 

index.php?page=articles&title=i_am_a_php_guru_1

 

And one of your first "pages" or "actions" is going to be "login"

index.php?page=login

 

By using this scheme you now have some clarity on where things need to go. 

 

So you can begin to create functions and pieces of code that do individual things and for the framework specific code.

 

What I'd suggest in using this scheme is that you have a directory beneath the project root that you name /pages and you will put all your page/action scripts there.

 

Have a /config directory for configuration files you'll make and load in your index.php

 

The order of things you'll need to do in the index.php

 

-read in the configuration

-load the session

 

Read this if you haven't, because sessions are what you're going to use to provide the mechanics of your login.

 

sessions

[shdwfrk]

I hadn't actually thought of that gizmola, but it sounds like a good idea to me. Lets see if this structure is correct.

 

index.php

 

pages/login.php

pages/register.php and so on..

 

config/config.php

 

Within config.php we would set up the database details.

[Drummin]

Ya, I'd like to learn about building MVC framework as well.  Let's go.

[gizmola]

Yes exactly.

 

What most frameworks do is provide a config class.  I would just make an array for now, where you can have a key for each different section of configuration you will need. 

 

So you might start with something like this:

 

$config = array{
  'database' => array(
       'host' => 'localhost',
        'user' => 'dbusername',
        'password' => 'dbpw',
  ),
  'email' => array(
       'admin' => '[email protected]',
  )  etc.
);

 

One thing i forgot to mention is that you will probably want to setup your paths.  There are a few techniques for this  but an often used one is to make either variables or constants derived from the DIRNAME of __FILE__.  Based on where you put the file that contains this code, you will be able to know relatively where the other files will be.  Probably you want this script to be in config.

 

 

[Drummin]

Do you apply a constant to the base as in the following?

$base = dirname(__FILE__);
$config = array{
  'database' => array(
       'host' => 'localhost',
        'user' => 'dbusername',
        'password' => 'dbpw',
  ),
  'email' => array(
       'admin' => '[email protected]',
  )  etc.
);

[shdwfrk]

Ok lets take small steps here as this is where I'm going to ask a lot of questions. In most of the things I've read I'm used to seeing the whole config take place in a different way. Although, I can see what is happening, I like to kind of translate it back to english so I understand it. So let me try to get my head around this gizmola..

 

You have created a variable $config and put it into an array which holds all the database info, right? So that when we get around to connecting to the database we'll be using the $config variable, correct?

 

I hope I don't frustrate you all with my noobishness 

[gizmola]

Yes you got it.  You'll include this near the top of your controller (index.php) and that way you have access to everything you need.

 

In the example above, let's say you wanted to call mysql_connect() then you might have code like:

 

$conn = mysql_connect($config['database']['host'], $config['database']['user'].... etc

[shdwfrk]

I was a little worried when I first saw the code you wrote gizmola, but I was just reading about Arrays and, although I have read that page before, the code does make quite a bit more sense now.

 

As I said earlier, I was more familiar with a different approach so I am currently a little lost to what the next step would be?

[gizmola]

Do you apply a constant to the base as in the following?

$base = dirname(__FILE__);
$config = array{
  'database' => array(
       'host' => 'localhost',
        'user' => 'dbusername',
        'password' => 'dbpw',
  ),
  'email' => array(
       'admin' => '[email protected]',
  )  etc.
);

 

Yes exactly. Then you can create other variables like $configpath and $controllerpath etc. off the $base.

[Drummin]

What is the benefit of using an array for DB constants instead of just using constants?  Where I normally would use something like this on my page...

 
require("../access.inc.php");
$link = mysqli_connect($host, $login, $pass);
mysql_connect("$host","$login","$pass") OR DIE

[gizmola]

I was a little worried when I first saw the code you wrote gizmola, but I was just reading about Arrays and, although I have read that page before, the code does make quite a bit more sense now.

 

As I said earlier, I was more familiar with a different approach so I am currently a little lost to what the next step would be?

 

At this point you want to be bootstrapping your configuration info in your index.php.  The require_once function you're going to use require paths to the files on the file system.  At this point you know you need a $basepath variable, a $configpath variable and a $pagepath variable.  You should do this all in your $config.

 

You will require_once() your $config at the top of your index.php.  It should be clear how to specify that via a relative path.

 

Then you want to call a function that starts your session.  You can just have this function in your index.php.  It's not that important that it be a function in this case, but it's good practice to put a discrete piece of functionality into a functionality for organization purposes. 

 

Get that working and add a little code in there to test it out -- make a session variable and increment it each time you visit the index.php and display the session variable.

 

The next task you'll need is to grab any $_GET parameters and display them. 

 

So you can start to see something, create

[gizmola]

What is the benefit of using an array for DB constants instead of just using constants?  Where I normally would use something like this on my page...

 
require("../access.inc.php");
$link = mysqli_connect($host, $login, $pass);
mysql_connect("$host","$login","$pass") OR DIE

 

It's mainly a convenience as variables are easier to work with.    The point of the $config is to have one variable that holds all your configuration data.  This is often combined with a registry object that can be used to create various resource variables.  Since the registry would be a singleton, you don't have to pass variables to every function -- you implement a static method call that returns the registry, so it can be retrieved anywhere it's needed via something like:

 

$registry = Registry::getRegistry();

 

I don't plan to introduce all that complexity in this thread however.