ссылка http://www.swish-db.com/forum/index.php?showtopic=15865
а вот и сам код
There are several files that we will build to make the magic happen. We also need to create the necessary tables in our mysql database since this is where we will store the information.
What we need:
+a registration form
+login form
+backend to registration form
+backend to login form
4 total files.
We are going to start with the easiest files which are the 2 html forms. Since these forms are basic html, I'm not going to explain what is happening.
The first form we are going to make is the registration form. Take out notepad or your favorite text editor (I use Crimson Editor) and before we begin, save this file as registration.html.
We have to make 4 input boxes named: name, email, username & password. Here is my setup:
<form name="login" method="post" action="register.php">
<table border="0" width="225" align="center">
<tr>
<td width="219" bgcolor="#999999">
<p align="center"><font color="white"><span style="font-size:12pt;"><b>Registration</b></span></font></p>
</td>
</tr>
<tr>
<td width="219">
<table border="0" width="282" align="center">
<tr>
<td width="116"><span style="font-size:10pt;">Name:</span></td>
<td width="156"><input type="text" name="name" maxlength="100"></td>
</tr>
<tr>
<td width="116"><span style="font-size:10pt;">Email:</span></td>
<td width="156"><input type="text" name="email" maxlength="100"></td>
</tr>
<tr>
<td width="116"><span style="font-size:10pt;">Username:</span></td>
<td width="156"><input type="text" name="username"></td>
</tr>
<tr>
<td width="116"><span style="font-size:10pt;">Password:</span></td>
<td width="156"><input type="password" name="password"></td>
</tr>
<tr>
<td width="116"> </td>
<td width="156">
<p align="right"><input type="submit" name="submit" value="Submit"></p>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="219" bgcolor="#999999"> </td>
</tr>
</table>
</form>
Now, create a new file and name this login.html. Only 2 input boxes are needed here: username & password.
<form name="login" method="post" action="login.php">
<table border="0" width="225" align="center">
<tr>
<td width="219" bgcolor="#999999">
<p align="center"><font color="white"><span style="font-size:12pt;"><b>Login</b></span></font></p>
</td>
</tr>
<tr>
<td width="219">
<table border="0" width="220" align="center">
<tr>
<td width="71"><span style="font-size:10pt;">Username:</span></td>
<td width="139"><input type="text" name="username"></td>
</tr>
<tr>
<td width="71"><span style="font-size:10pt;">Password:</span></td>
<td width="139"><input type="password" name="password"></td>
</tr>
<tr>
<td width="71"> </td>
<td width="139">
<p align="right"><input type="submit" name="submit" value="Submit"></p>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="219" bgcolor="#999999"><font color="white">Not Registered? </font><a href="register.html" target="_self"><font color="white">Register</font></a><font color="white"> </font><b><i><font color="white">Now!</font></i></b></td>
</tr>
</table>
</form>
We are now done with the forms. Before we start backend coding this, we need to set up the tables within our database which will be userid, name, email, username, & password. You can execute this line of code:
CREATE TABLE users (
userid int(25) NOT NULL auto_increment,
name varchar(25) NOT NULL default '',
email varchar(255) NOT NULL default '',
username varchar(25) NOT NULL default '',
password varchar(255) NOT NULL default '',
PRIMARY KEY (userid),
UNIQUE KEY username (username)
) TYPE=MyISAM COMMENT='Members';
The next file we are going to create is the registration.php file. This file will enable us to store all the data that’s entered in the registration.html file in our database. So, create a new file called registration.php. I’m going to break this code down bit by bit and then paste the full code at the end so that it’s easier for you to understand.
The first thing we will need to do is connect to our database.
//Database Information
$dbhost = "localhost";
$dbname = "your database name";
$dbuser = "username";
$dbpass = "yourpass";
//Connect to database
mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());
Now that the script can connect to the database, it needs to collect all the information from the html form.
$name = $_POST['name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = $_POST['password'];
This is all fine and dandy, but the end result is not secure. Anyone who opens up the database can immediately see everyone’s password. So, we need to encrypt it using md5, a method I just learned today by the way. We will need to change the above to:
$name = $_POST['name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = md5($_POST['password']);
What md5 does is generate a random sequence of letters and numbers. So if you enter abcdefg as your password, the result in database will display 7ac66c0f148de9519b8bd264312c4d64. Now no one will be able to view the passwords stored within the database.
The next few lines are very important. They will check the database for existing users and if any are found, the script will stop instantly and ask you to re-enter in your information using another username.
$checkuser = mysql_query("SELECT username FROM users WHERE username='$username'");
$username_exist = mysql_num_rows($checkuser);
if($username_exist > 0){
echo "I'm sorry but the username you specified has already been taken. Please pick another one.";
unset($username);
include 'register.html';
exit();
}
Now if no errors are present, store the data in our database and tell the user that they have successfully registered.
$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
mysql_query($query) or die(mysql_error());
mysql_close();
echo "You have successfully Registered";
The final stage in the registration script is to email the user their data. We will use the mail function for this. You will need to edit the yoursite, webmaster and youremail variables below.
$yoursite = ‘www.blahblah.com’;
$webmaster = ‘yourname’;
$youremail = ‘youremail’;
$subject = "You have successfully registered at $yoursite…";
$message = "Dear $name, you are now registered at our web site.
To login, simply go to our web page and enter in the following details in the login form:
Username: $username
Password: $password
Please print this information out and store it for future reference.
Thanks,
$webmaster";
mail($email, $subject, $message, "From: $yoursite <$youremail>\nX-Mailer:PHP/" . phpversion());
echo "Your information has been mailed to your email address.";
?>
That’s the end of the register.php script!
Now we will create the final file, the login.php file. This will check to see if the user has entered the correct information and then validate them.
Like all the other scripts that grab information from a database, we must first connect to it.
//Database Information
$dbhost = "localhost";
$dbname = "your database name";
$dbuser = "username";
$dbpass = "yourpass";
//Connect to database
mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());
Now the script needs to start the session, grab the variables from the login form and then check the database to make sure they are correct.
session_start();
$username = $_POST[‘username’];
$password = md5($_POST[‘password’]);
$query = “select * from users where username=’$username’ and password=’$password’”;
$result = mysql_query($query);
If they don’t match, display the error and the login form again.
if (mysql_num_rows($result) != 1) {
$error = “Bad Login”;
include “login.html”;
if they do match, begin the session and include the members page.
} else {
$_SESSION[‘username’] = “$username”;
include “memberspage.php”;
}
?>
That’s it! Now for the full code:
register.php
<?PHP
//Database Information
$dbhost = "localhost";
$dbname = "your database name";
$dbuser = "username";
$dbpass = "yourpass";
//Connect to database
mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());
$name = $_POST['name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = md5($_POST['password']);
// lets check to see if the username already exists
$checkuser = mysql_query("SELECT username FROM users WHERE username='$username'");
$username_exist = mysql_num_rows($checkuser);
if($username_exist > 0){
echo "I'm sorry but the username you specified has already been taken. Please pick another one.";
unset($username);
include 'register.html';
exit();
}
// lf no errors present with the username
// use a query to insert the data into the database.
$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
mysql_query($query) or die(mysql_error());
mysql_close();
echo "You have successfully Registered";
// mail user their information
$yoursite = ‘www.blahblah.com’;
$webmaster = ‘yourname’;
$youremail = ‘youremail’;
$subject = "You have successfully registered at $yoursite…";
$message = "Dear $name, you are now registered at our web site.
To login, simply go to our web page and enter in the following details in the login form:
Username: $username
Password: $password
Please print this information out and store it for future reference.
Thanks,
$webmaster";
mail($email, $subject, $message, "From: $yoursite <$youremail>\nX-Mailer:PHP/" . phpversion());
echo "Your information has been mailed to your email address.";
?>
login.php
<?php
//Database Information
$dbhost = "localhost";
$dbname = "your database name";
$dbuser = "username";
$dbpass = "yourpass";
//Connect to database
mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());
session_start();
$username = $_POST[‘username’];
$password = md5($_POST[‘password’]);
$query = “select * from users where username=’$username’ and password=’$password’”;
$result = mysql_query($query);
if (mysql_num_rows($result) != 1) {
$error = “Bad Login”;
include “login.html”;
} else {
$_SESSION[‘username’] = “$username”;
include “memberspage.php”;
}
?>
If you see any errors in the code, please submit them! Otherwise, enjoy your new login and registration system. And thanks to Ali Imran for clearing up some bugs :)
Happy coding!
ADDITIONS
***** Added May 23, 2005 *****
I get questions about how to prevent the user from skipping the login and registration page and going directly to the home page or whatever is called up after the user logs in if they know the address.
To counter this, you have to check for sessions on this page which is fairly simple. Open up the members page, and add this code:
<?
// members page
session_start();
if ( empty( $username ) ) {
print "Please login below!";
include 'login.html';
} else {
// you can use regular html coding below the ?>
// and before the <?
?>
<html>
<head>
<title>MEMBERS ONLY</title>
</head>
<body>
Your Members Page….
</body>
</html>
<?
?>
What this is saying is, if there is nothing placed in the variable username, include the login page again. Otherwise, if there is something in the variable, display the rest of the page.
================================
Some people have also pmed me about an error with the email sending the password encrypted. I would simply do this:
Store the submitted password in another variable like so:
$name = $_POST['name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = md5($_POST['password']);
$emailedpass = $_POST['password']; // this was added so the user gets a password gets sent.
Then in the email portion, change the variable $password to $emailedpass like so:
$message = "Dear $name, you are now registered at our web site.
To login, simply go to our web page and enter in the following details in the login form:
Username: $username
Password: $emailedpass
Please print this information out and store it for future reference.
Thanks,
$webmaster";