my database setup
database table: tut_users
and in that table i have...
1.id
2.usr
3.pass
4.email
5.ip
6.dt
7.firstname
8.lastname
9.about
10.locaion
11.gender
init.inc.php
<?php
session_start();
mysql_connect('xxx', 'xxx', 'xx');
mysql_select_db('xxx');
$path = dirname(__FILE__);
include("user.inc.php");
$_SESSION['uid']=1;
?>
user.inc.php
<?php
function fetch_users(){
$result = mysql_query('SELECT `id` AS `id`, `usr` AS `username` FROM `tut_users`');
$users = array();
while (($row = mysql_fetch_assoc($result)) !== false){
$users[] = $row;
}
return $users;
}
function fetch_user_info($uid){
$uid = (int)$uid;
$sql = "SELECT
`usr` AS `username`,
`firstname` AS `firstname`,
`lastname` AS `lastname`,
`email` AS `email`,
`about` AS `about`,
`location` AS `location`,
`gender` AS `gender`
FROM `tut_users`
WHERE `id` = {$uid}";
$result = mysql_query($sql);
return mysql_fetch_assoc($result);
}
function set_profile_info($email, $about, $location) {
$email = mysql_real_escape_string(htmlentities($email));
$about = mysql_real_escape_string(nl2br(htmlentities($about)));
$location = mysql_real_escape_string($location);
$sql = "UPDATE `tut_users` SET
`email` = '{$email}',
`about` = '{$about}',
`location` = '{$location}'
WHERE `id` = {$_SESSION['uid']}";
mysql_query($sql);
}
?>
user_list.php
<?php
include('init.inc.php');
?>
<?php
foreach(fetch_users() as $user){
?>
<p>
<a href="profile.php?uid=<?php echo $user['id'];?>"><?php echo $user['username'];?></a>
</P>
<?php
}
?>
profile.php
<?php
include("init.inc.php");
$user_info = fetch_user_info($_GET['uid']);
?>
<html>
<head>
<title></title>
</head>
<body>
<div>
<?php
if ($user_info === false){
echo 'That user does not exist.';
}else{
?>
<h2><?php echo $user_info['firstname']; ?> <?php echo $user_info['lastname']; ?></h1>
<p>Username: <?php echo $user_info['username']; ?></p>
<p>Gender <?php echo ($user_info['gender'] == 1) ? 'Male' : 'Female'; ?></p>
<p>Email: <?php echo $user_info['email']; ?></p>
<p>Location: <?php echo $user_info['location']; ?></p>
<p><?php echo $user_info['about']; ?></p>
<p><a href="edit_profile.php">edit</a>
<?php
}
?>
</div>
</body>
</html>
edit_profile.php
<?php
include('init.inc.php');
if (isset($_POST['email'], $_POST['location'], $_POST['about'])){
$errors = array();
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
$errors[] = 'The email address you entered is not valid.';
}
if (preg_match('#^[a-z0-9 ]+#i', $_POST['location']) === 0){
$errors[] = 'Your location must only contain a-z 0-9 and spaces.';
}
if (empty($errors)){
set_profile_info($_POST['email'], $_POST['about'], $_POST['location']);
}
$user_info = array(
'email' => htmlentities($_POST['email']),
'about' => htmlentities($_POST['about']),
'location' => htmlentities($_POST['location'])
);
}else{
$user_info = fetch_user_info($_SESSION['uid']);
}
?>
<html>
<head>
<style type="text/css">
form { margin:10px 0px 0px 0px; }
form div { float:left; clear:both; margin:0px 0px 4px 0px; }
label { float:left; width:100px; }
input[text="text"], textarea { float:left; width:400px; }
input[type="submit"] {margin:10px 0px 0px 100px; }
</style>
<title>Edit your profile</title>
</head>
<body>
<div>
<?php
if (isset($errors) === false){
echo 'Click update to edit your profile.';
}else if (empty($errors)){
echo 'Your profile has been updated.';
}else{
echo '<ul><li>', implode('</li><li>', $errors), '</li></ul>';
}
?>
</div>
<form action"" method="post">
<div>
<label for="email">Email:</label>
<input type="text" name="email" id="email" value="<?php echo $user_info['email']; ?>" />
</div>
<div>
<label for="location">Location:</label>
<input type="text" name="location" id="location" value="<?php echo $user_info['location']; ?>" />
</div>
<div>
<label for="about">About me:</label>
<textarea name="about" id="about" rows="14" cols="50"><?php echo strip_tags($user_info['about']); ?></textarea>
</div>
<div>
<input type="submit" value="Update" />
</div>
</form>
</body>
</html>
login.php
<?php
require 'include/connect.php';
session_start();
if(isset($_GET['logoff']))
{
$_SESSION = array();
session_destroy();
header("Location: login.php");
exit;
}
if(isSet($_POST['submit']))
{
$err = array();
if(!$_POST['username'] || !$_POST['password'])
$err[] = 'All the fields must be filled in!';
if(!count($err))
{
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$remember = (int)$_POST['remember'];
$row = mysql_fetch_assoc(mysql_query("SELECT id,usr FROM tut_users WHERE usr='$username' AND pass='" .md5($password). "'"));
if($row)
{
$_SESSION['username']=$row['usr'];
$_SESSION['id'] = $row['id'];
$_SESSION['remember'] = $_POST['remember'];
setcookie('remember',$_POST['remember']);
}
else $err[]='Wrong username and/or password!';
}
if($err)
$_SESSION['err'] = implode('<br />',$err);
header("Location: login.php");
exit();
}
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PHP login / registration system | Tutorialpot</title>
<meta name="description" content="PHP login system | Tutorialpot" />
<meta name="keywords" content="cool, slick,html, css3, php, mysql, login, register, signup, user management "/>
<link rel="stylesheet" type="text/css" href="css/demo.css" />
<link rel="icon" href="../favicon.gif" />
</head>
<body>
<?php if(!$_SESSION['id']): ?>
<form id="login" method="post" action="">
<h1>Log in to your <strong>website.com</strong> account!</h1>
<p class="register">Not a member? <a href="register.php">Register here!</a></p>
<?php
if($_SESSION['err'])
{
echo '<div class="err">'.$_SESSION['err'].'</div>';
unset($_SESSION['err']);
}
?>
<div>
<label for="username">Username</label>
<input type="text" name="username" id="username" class="field required" title="Invaid Email" />
</div>
<div>
<label for="login_password">Password</label>
<input type="password" name="password" id="login_password" class="field required" title="Password is required" />
</div>
<p class="forgot"><a href="#" >Forgot your password?</a></p>
<div class="submit">
<input type="submit" id="submit" name="submit" value="Log in" />
<label>
<input type="checkbox" name="remember" id="login_remember" value="1" />
Remember my login on this computer
</label>
</div>
</form>
<?php else: ?>
<div class="member">
<h1>Welcome <?php echo $_SESSION['username'];?></h1>
<p>Secret page accessible to successfully logged in uesrs only</p>
<p>Secret page accessible to successfully logged in uesrs only</p>
<p>Secret page accessible to successfully logged in uesrs only</p>
<p>Secret page accessible to successfully logged in uesrs only</p>
<p>Secret page accessible to successfully logged in uesrs only</p>
<p><a href="profile.php?uid=13">Profile</a></p>
<p><a href="edit_profile.php?uid=13">Edit Profile</a></p>
<br />
<a href="?logoff">Log out here</a>
</div>
<?php endif; ?>
</body>
</html>
register.php
<?php
require 'include/connect.php';
session_start();
if(isSet($_POST['submit']))
{
$err = array();
if(strlen($_POST['username'])<4 || strlen($_POST['username'])>32)
{
$err[]='* Your username must be between 3 and 32 characters!';
}
if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['username']))
{
$err[]='* Your username contains invalid characters!';
}
if(!preg_match("/^[\.A-z0-9_\-\+]+[@][A-z0-9_\-]+([.][A-z0-9_\-]+)+[A-z]{1,4}$/",$_POST['email']))
{
$err[]=' * Your email is not valid!';
}
if(!count($err))
{
$email = mysql_real_escape_string($_POST['email']);
$username = mysql_real_escape_string($_POST['username']);
$pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6);
$insert = mysql_query("INSERT INTO tut_users(usr,pass,email,ip,dt)
VALUES(
'".$username."',
'".md5($pass)."',
'".$email."',
'".$_SERVER['REMOTE_ADDR']."',
NOW()
)");
if($insert)
{
$from="noreply@tutorialpot.com";
$subject = "Tutorialpot | login form demo";
$headers = "From: ".$from."\r\n";
$headers = "Reply-To: ".$from."\r\n";
$headers = 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$msg =
"<p><strong>You or someone using your email " .$email. " signed up on yourwebsite.com</p>
<p><strong>Password: </strong>" .$pass. "</p>
<br/>";
@mail($email, $subject, $msg, $headers);
$_SESSION['success']='Registration successfull Please check your inbox or spam!';
}
else $err[]='This username / email is already taken!';
}
if(count($err))
{
$_SESSION['err'] = implode('<br />',$err);
}
header("Location: register.php");
exit;
}
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PHP login / registration system | Tutorialpot</title>
<meta name="description" content="PHP login system | Tutorialpot" />
<meta name="keywords" content="cool, slick,html, css3, php, mysql, login, register, signup, user management "/>
<link rel="stylesheet" type="text/css" href="css/demo.css" />
<link rel="icon" href="../favicon.gif" />
</head>
<body>
<form id="register" method="post" action="">
<h1>Register on <strong>website.com</strong> account!</h1>
<p class="login">Already a member? <a href="login.php">Login here!</a></p>
<?php
if($_SESSION['err'])
{
echo '<div class="err">'.$_SESSION['err'].'</div>';
unset($_SESSION['err']);
}
if($_SESSION['success'])
{
echo '<div class="success">'.$_SESSION['success'].'</div>';
unset($_SESSION['success']);
}
?>
<div>
<label for="login_username">Username</label>
<input type="text" name="username" id="login_username" class="field required" title="Please provide your username" />
</div>
<div>
<label for="login_password">Email</label>
<input type="text" name="email" id="login_email" class="field required" title="Password is required" />
</div>
<div class="note">A password will be emailed to you</div>
<div class="submit">
<input type="submit" id="submit" name="submit" value="Register" />
</div>
</form>
</body>
</html>
Many thanks - Ratee
