dhanykoe Posted March 4, 2013 Share Posted March 4, 2013 Hello all. I've download and install a script register and login by php. the script is working well. i have plan to make 2-3 pages which diffirent each pages, and when the user/client login they will redirect to his own pages. please help me how to coded the script because i am newbie at php code.this is the code of that script. login.php <?PHP require_once("include/membersite_config.php"); if(isset($_POST['submitted'])) { if($fgmembersite->Login()) { $fgmembersite->RedirectToURL("login-home.php"); } } ?> <?php include_once ('include/header.php') ; ?> <!-- Form Code Start --> <div id='fg_membersite'> <form id='login' action='<?php echo $fgmembersite->GetSelfScript(); ?>' method='post' accept-charset='UTF-8'> <fieldset > <legend>Login</legend> <input type='hidden' name='submitted' id='submitted' value='1'/> <div class='short_explanation'>* required fields</div> <div><span class='error'><?php echo $fgmembersite->GetErrorMessage(); ?></span></div> <div class='container'> <label for='username' >User Name *:</label><br/> <input type='text' name='username' id='username' value='<?php echo $fgmembersite->SafeDisplay('username') ?>' maxlength="50" /><br/> <span id='login_username_errorloc' class='error'></span> </div> <div class='container'> <label for='password' >Password *:</label><br/> <input type='password' name='password' id='password' maxlength="50" /><br/> <span id='login_password_errorloc' class='error'></span> </div> <div class='container'> <input type='submit' name='Submit' value='Submit' /> </div> membership-config.php <?PHP require_once("class.phpmailer.php"); require_once("formvalidator.php"); class FGMembersite { var $admin_email; var $from_address; var $name; var $company; var $address; var $country; var $state; var $postal; var $phone; var $fax; var $email; var $website; var $situ; var $ip; var $pwd; var $database; var $tablename; var $connection; var $rand_key; var $error_message; //-----Initialization ------- function FGMembersite() { $this->sitename = 'gosulawesi.com'; $this->rand_key = '0iQx5oBk66oVZep'; } function InitDB($host,$uname,$pwd,$database,$tablename) { $this->db_host = $host; $this->username = $uname; $this->pwd = $pwd; $this->database = $database; $this->tablename = $tablename; } function SetAdminEmail($email) { $this->admin_email = $email; } function SetWebsiteName($sitename) { $this->sitename = $sitename; } function SetRandomKey($key) { $this->rand_key = $key; } //-------Main Operations ---------------------- function RegisterUser() { if(!isset($_POST['submitted'])) { return false; } $formvars = array(); if(!$this->ValidateRegistrationSubmission()) { return false; } $this->CollectRegistrationSubmission($formvars); if(!$this->SaveToDatabase($formvars)) { return false; } if(!$this->SendUserConfirmationEmail($formvars)) { return false; } $this->SendAdminIntimationEmail($formvars); return true; } function ConfirmUser() { if(empty($_GET['code'])||strlen($_GET['code'])<=10) { $this->HandleError("Please provide the confirm code"); return false; } $user_rec = array(); if(!$this->UpdateDBRecForConfirmation($user_rec)) { return false; } $this->SendUserWelcomeEmail($user_rec); $this->SendAdminIntimationOnRegComplete($user_rec); return true; } function Login() { if(empty($_POST['username'])) { $this->HandleError("UserName is empty!"); return false; } if(empty($_POST['password'])) { $this->HandleError("Password is empty!"); return false; } $username = trim($_POST['username']); $password = trim($_POST['password']); if(!isset($_SESSION)){ session_start(); } if(!$this->CheckLoginInDB($username,$password)) { return false; } $_SESSION[$this->GetLoginSessionVar()] = $username; return true; } function CheckLogin() { if(!isset($_SESSION)){ session_start(); } $sessionvar = $this->GetLoginSessionVar(); if(empty($_SESSION[$sessionvar])) { return false; } return true; } function UserFullName() { return isset($_SESSION['name_of_user'])?$_SESSION['name_of_user']:''; } function UserEmail() { return isset($_SESSION['email_of_user'])?$_SESSION['email_of_user']:''; } function LogOut() { session_start(); $sessionvar = $this->GetLoginSessionVar(); $_SESSION[$sessionvar]=NULL; unset($_SESSION[$sessionvar]); } function EmailResetPasswordLink() { if(empty($_POST['email'])) { $this->HandleError("Email is empty!"); return false; } $user_rec = array(); if(false === $this->GetUserFromEmail($_POST['email'], $user_rec)) { return false; } if(false === $this->SendResetPasswordLink($user_rec)) { return false; } return true; } function ResetPassword() { if(empty($_GET['email'])) { $this->HandleError("Email is empty!"); return false; } if(empty($_GET['code'])) { $this->HandleError("reset code is empty!"); return false; } $email = trim($_GET['email']); $code = trim($_GET['code']); if($this->GetResetPasswordCode($email) != $code) { $this->HandleError("Bad reset code!"); return false; } $user_rec = array(); if(!$this->GetUserFromEmail($email,$user_rec)) { return false; } $new_password = $this->ResetUserPasswordInDB($user_rec); if(false === $new_password || empty($new_password)) { $this->HandleError("Error updating new password"); return false; } if(false == $this->SendNewPassword($user_rec,$new_password)) { $this->HandleError("Error sending new password"); return false; } return true; } function ChangePassword() { if(!$this->CheckLogin()) { $this->HandleError("Not logged in!"); return false; } if(empty($_POST['oldpwd'])) { $this->HandleError("Old password is empty!"); return false; } if(empty($_POST['newpwd'])) { $this->HandleError("New password is empty!"); return false; } $user_rec = array(); if(!$this->GetUserFromEmail($this->UserEmail(),$user_rec)) { return false; } $pwd = trim($_POST['oldpwd']); if($user_rec['password'] != md5($pwd)) { $this->HandleError("The old password does not match!"); return false; } $newpwd = trim($_POST['newpwd']); if(!$this->ChangePasswordInDB($user_rec, $newpwd)) { return false; } return true; } //-------Public Helper functions ------------- function GetSelfScript() { return htmlentities($_SERVER['PHP_SELF']); } function SafeDisplay($value_name) { if(empty($_POST[$value_name])) { return''; } return htmlentities($_POST[$value_name]); } function RedirectToURL($url) { header("Location: $url"); exit; } function GetSpamTrapInputName() { return 'sp'.md5('KHGdnbvsgst'.$this->rand_key); } function GetErrorMessage() { if(empty($this->error_message)) { return ''; } $errormsg = nl2br(htmlentities($this->error_message)); return $errormsg; } //-------Private Helper functions----------- function HandleError($err) { $this->error_message .= $err."\r\n"; } function HandleDBError($err) { $this->HandleError($err."\r\n mysqlerror:".mysql_error()); } function GetFromAddress() { if(!empty($this->from_address)) { return $this->from_address; } $host = $_SERVER['SERVER_NAME']; $from ="noreply@$host"; return $from; } function GetLoginSessionVar() { $retvar = md5($this->rand_key); $retvar = 'usr_'.substr($retvar,0,10); return $retvar; } function CheckLoginInDB($username,$password) { if(!$this->DBLogin()) { $this->HandleError("Database login failed!"); return false; } $username = $this->SanitizeForSQL($username); $pwdmd5 = md5($password); $qry = "Select name, ip, email from $this->tablename where username='$username' and password='$pwdmd5' "; $result = mysql_query($qry,$this->connection); if(!$result || mysql_num_rows($result) <= 0) { $this->HandleError("Error logging in. The username or password does not match"); return false; } $row = mysql_fetch_assoc($result); $_SESSION['name_of_user'] = $row['name']; $_SESSION['email_of_user'] = $row['email']; return true; } function ResetUserPasswordInDB($user_rec) { $new_password = substr(md5(uniqid()),0,10); if(false == $this->ChangePasswordInDB($user_rec,$new_password)) { return false; } return $new_password; } function ChangePasswordInDB($user_rec, $newpwd) { $newpwd = $this->SanitizeForSQL($newpwd); $qry = "Update $this->tablename Set password='".md5($newpwd)."' Where id_user=".$user_rec['id_user'].""; if(!mysql_query( $qry ,$this->connection)) { $this->HandleDBError("Error updating the password \nquery:$qry"); return false; } return true; } function GetUserFromEmail($email,&$user_rec) { if(!$this->DBLogin()) { $this->HandleError("Database login failed!"); return false; } $email = $this->SanitizeForSQL($email); $result = mysql_query("Select * from $this->tablename where email='$email'",$this->connection); if(!$result || mysql_num_rows($result) <= 0) { $this->HandleError("There is no user with email: $email"); return false; } $user_rec = mysql_fetch_assoc($result); return true; } function SendUserWelcomeEmail(&$user_rec) { $mailer = new PHPMailer(); $mailer->CharSet = 'utf-8'; $mailer->AddAddress($user_rec['email'],$user_rec['name']); $mailer->Subject = "Welcome to ".$this->sitename; $mailer->From = $this->GetFromAddress(); $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n". "Welcome! Your registration with ".$this->sitename." is completed.\r\n". "\r\n". "Regards,\r\n". "Webmaster\r\n". $this->sitename; if(!$mailer->Send()) { $this->HandleError("Failed sending user welcome email."); return false; } return true; } function SendAdminIntimationOnRegComplete(&$user_rec) { if(empty($this->admin_email)) { return false; } $mailer = new PHPMailer(); $mailer->CharSet = 'utf-8'; $mailer->AddAddress($this->admin_email); $mailer->Subject = "Registration Completed: ".$user_rec['name']; $mailer->From = $this->GetFromAddress(); $mailer->Body ="A new user registered at ".$this->sitename."\r\n". "Name: ".$user_rec['name']."\r\n". "Email address: ".$user_rec['email']."\r\n"; if(!$mailer->Send()) { return false; } return true; } function GetResetPasswordCode($email) { return substr(md5($email.$this->sitename.$this->rand_key),0,10); } function SendResetPasswordLink($user_rec) { $email = $user_rec['email']; $mailer = new PHPMailer(); $mailer->CharSet = 'utf-8'; $mailer->AddAddress($email,$user_rec['name']); $mailer->Subject = "Your reset password request at ".$this->sitename; $mailer->From = $this->GetFromAddress(); $link = $this->GetAbsoluteURLFolder(). '/resetpwd.php?email='. urlencode($email).'&code='. urlencode($this->GetResetPasswordCode($email)); $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n". "There was a request to reset your password at ".$this->sitename."\r\n". "Please click the link below to complete the request: \r\n".$link."\r\n". "Regards,\r\n". "Webmaster\r\n". $this->sitename; if(!$mailer->Send()) { return false; } return true; } function SendNewPassword($user_rec, $new_password) { $email = $user_rec['email']; $mailer = new PHPMailer(); $mailer->CharSet = 'utf-8'; $mailer->AddAddress($email,$user_rec['name']); $mailer->Subject = "Your new password for ".$this->sitename; $mailer->From = $this->GetFromAddress(); $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n". "Your password is reset successfully. ". "Here is your updated login:\r\n". "username:".$user_rec['username']."\r\n". "password:$new_password\r\n". "\r\n". "Login here: ".$this->GetAbsoluteURLFolder()."/login.php\r\n". "\r\n". "Regards,\r\n". "Webmaster\r\n". $this->sitename; if(!$mailer->Send()) { return false; } return true; } function ValidateRegistrationSubmission() { //This is a hidden input field. Humans won't fill this field. if(!empty($_POST[$this->GetSpamTrapInputName()]) ) { //The proper error is not given intentionally $this->HandleError("Automated submission prevention: case 2 failed"); return false; } $validator = new FormValidator(); $validator->addValidation("name","req","Please fill in Name"); $validator->addValidation("company","req","Please fill in Company Name"); $validator->addValidation("address","req","Please fill in Company address"); $validator->addValidation("country","req","Please fill in Country"); $validator->addValidation("state","req","Please fill in state"); $validator->addValidation("postal","req","Please fill in postal"); $validator->addValidation("phone","req","Please fill in phone"); $validator->addValidation("fax","req","Please fill in fax"); $validator->addValidation("email","email","The input for Email should be a valid email value"); $validator->addValidation("website","req","Please fill in website"); if(!$validator->ValidateForm()) { $error=''; $error_hash = $validator->GetErrors(); foreach($error_hash as $inpname => $inp_err) { $error .= $inpname.':'.$inp_err."\n"; } $this->HandleError($error); return false; } return true; } function CollectRegistrationSubmission(&$formvars) { $formvars['name'] = $this->Sanitize($_POST['name']); $formvars['company'] = $this->Sanitize($_POST['company']); $formvars['address'] = $this->Sanitize($_POST['address']); $formvars['country'] = $this->Sanitize($_POST['country']); $formvars['state'] = $this->Sanitize($_POST['state']); $formvars['postal'] = $this->Sanitize($_POST['postal']); $formvars['phone'] = $this->Sanitize($_POST['phone']); $formvars['fax'] = $this->Sanitize($_POST['fax']); $formvars['email'] = $this->Sanitize($_POST['email']); $formvars['website'] = $this->Sanitize($_POST['website']); $formvars['situ'] = $this->Sanitize($_POST['situ']); $formvars['ip'] = $this->Sanitize($_SERVER['REMOTE_ADDR']); } function SendUserConfirmationEmail(&$formvars) { $mailer = new PHPMailer(); $mailer->CharSet = 'utf-8'; $mailer->AddAddress($formvars['email'],$formvars['name']); $mailer->Subject = "Your registration with ".$this->sitename; $mailer->From = $this->GetFromAddress(); $mailer->Body ="Hello ".$formvars['name']."\r\n\r\n". "Thanks you for registering with ".$this->sitename."\r\n". "You will receive username and password after authentication.\r\n". "This message is computer generated. Please do not reply.\r\n". "\r\n". "Thank You,\r\n". "Vifa Holiday Group \r \n". $this->sitename; if(!$mailer->Send()) { $this->HandleError("Failed sending registration confirmation email."); return false; } return true; } function GetAbsoluteURLFolder() { $scriptFolder = (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) ? 'https://' : 'http://'; $scriptFolder .= $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']); return $scriptFolder; } function SendAdminIntimationEmail(&$formvars) { if(empty($this->admin_email)) { return false; } $mailer = new PHPMailer(); $mailer->CharSet = 'utf-8'; $mailer->AddAddress($this->admin_email); $mailer->Subject = "New registration: ".$formvars['name']; $mailer->From = $this->GetFromAddress(); $mailer->Body ="A new user registered at ".$this->sitename."\r\n". "Name: ".$formvars['name']."\r\n". "Email address: ".$formvars['email']."\r\n". "UserName: ".$formvars['username']; if(!$mailer->Send()) { return false; } return true; } function SaveToDatabase(&$formvars) { if(!$this->DBLogin()) { $this->HandleError("Database login failed!"); return false; } if(!$this->Ensuretable()) { return false; } if(!$this->IsFieldUnique($formvars,'email')) { $this->HandleError("This email is already registered"); return false; } if(!$this->InsertIntoDB($formvars)) { $this->HandleError("Inserting to Database failed!"); return false; } return true; } function IsFieldUnique($formvars,$fieldname) { $field_val = $this->SanitizeForSQL($formvars[$fieldname]); $qry = "select username from $this->tablename where $fieldname='".$field_val."'"; $result = mysql_query($qry,$this->connection); if($result && mysql_num_rows($result) > 0) { return false; } return true; } function DBLogin() { $this->connection = mysql_connect($this->db_host,$this->username,$this->pwd); if(!$this->connection) { $this->HandleDBError("Database Login failed! Please make sure that the DB login credentials provided are correct"); return false; } if(!mysql_select_db($this->database, $this->connection)) { $this->HandleDBError('Failed to select database: '.$this->database.' Please make sure that the database name provided is correct'); return false; } if(!mysql_query("SET NAMES 'UTF8'",$this->connection)) { $this->HandleDBError('Error setting utf8 encoding'); return false; } return true; } function Ensuretable() { $result = mysql_query("SHOW COLUMNS FROM $this->tablename"); if(!$result || mysql_num_rows($result) <= 0) { return $this->CreateTable(); } return true; } function CreateTable() { $qry = "Create Table $this->tablename (". "id_user INT NOT NULL AUTO_INCREMENT ,". "name VARCHAR( 128 ) NOT NULL ,". "company VARCHAR( 64 ) NOT NULL ,". "address VARCHAR( 16 ) NOT NULL ,". "country VARCHAR( 16 ) NOT NULL ,". "state VARCHAR( 32 ) NOT NULL ,". "postal VARCHAR(32) NOT NULL ,". "phone VARCHAR(32) NOT NULL ,". "fax VARCHAR(32) NOT NULL ,". "email VARCHAR(32) NOT NULL ,". "website VARCHAR(32) NOT NULL ,". "situ VARCHAR(32) NOT NULL ,". "ip VARCHAR(50) NOT NULL ,". "PRIMARY KEY ( id_user )". ")"; if(!mysql_query($qry,$this->connection)) { $this->HandleDBError("Error creating the table \nquery was\n $qry"); return false; } return true; } function InsertIntoDB(&$formvars) { $insert_query = 'insert into '.$this->tablename.'( name, company, address, country, state, postal, phone, fax, email, website, situ, ip ) values ( "' . $this->SanitizeForSQL($formvars['name']) . '", "' . $this->SanitizeForSQL($formvars['company']) . '", "' . $this->SanitizeForSQL($formvars['address']) . '", "' . $this->SanitizeForSQL($formvars['country']) . '", "' . $this->SanitizeForSQL($formvars['state']) . '", "' . $this->SanitizeForSQL($formvars['postal']) . '", "' . $this->SanitizeForSQL($formvars['phone']) . '", "' . $this->SanitizeForSQL($formvars['fax']) . '", "' . $this->SanitizeForSQL($formvars['email']) . '", "' . $this->SanitizeForSQL($formvars['website']) . '", "' . $this->SanitizeForSQL($formvars['situ']) . '", "' . $this->SanitizeForSQL($formvars['ip']) . '" )'; if(!mysql_query( $insert_query ,$this->connection)) { $this->HandleDBError("Error inserting data to the table\nquery:$insert_query"); return false; } return true; } function SanitizeForSQL($str) { if( function_exists( "mysql_real_escape_string" ) ) { $ret_str = mysql_real_escape_string( $str ); } else { $ret_str = addslashes( $str ); } return $ret_str; } /* Sanitize() function removes any potential threat from the data submitted. Prevents email injections or any other hacker attempts. if $remove_nl is true, newline chracters are removed from the input. */ function Sanitize($str,$remove_nl=true) { $str = $this->StripSlashes($str); if($remove_nl) { $injections = array('/(\n+)/i', '/(\r+)/i', '/(\t+)/i', '/(%0A+)/i', '/(%0D+)/i', '/(%08+)/i', '/(%09+)/i' ); $str = preg_replace($injections,'',$str); } return $str; } function StripSlashes($str) { if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return $str; } } ?> Thanks so much and apologize for my bad englsih.. Quote Link to comment Share on other sites More sharing options...
mweldan Posted March 8, 2013 Share Posted March 8, 2013 i have some idea to let you start. 1. when the user logged in, you can set their status (admin?/user?/staff?) in session 2. by their status you can redirect them to their respective page. first of all, before these 2 things you would want to do, you might need to alter your database or table structure. it must at least store user status to database, so you can use it to check. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.