- Impact
- 111
OVERVIEW
This is a fully-functional, self-installing members management system, now version 1.1.2. Translated, that means:
This is the major build #1, minor build #1, and 1 larger bux fix (so I just add 2 lol) (1.1.2)
FEATURES
Mostly Self-Installing, Login, Logout, Register, Simple Admin Panel, Mostly Commented Code, and Instructions.
Use it - customize it! Build onto it. Learn from it! But first, download and unzip it!
FUNCTIONAL SAMPLE
Click This Link To Try It!
**** SAMPLE DOWN **** My server is new and I have been too lazy to move it over yet.
To see what it's like, go ahead: Register and login. Play with it a bit. The sample provides an admin panel view (with disabled functions though to prevent abuse).
The other version is the same, but is shown and works exactly as the download would when installed properly. Admin panel is visible only to admins, etc, etc.
** CAUTION: I do not have the time to censor any data in this sample, so the admin panel displaying the usernames may contain vulgar data. If it does, please PM me and I will remove that user.
This uses PHP sessions. It's VERY easy to customize, since it's so simple to start off with and learn from.
USAGE RECOMMENDATIONS
*** SECURITY WARNING ***
THIS IS NOT A SECURE SCRIPT! It is a simple task to crack into it and present unwanted results such as data loss, corruption, or disfacement of site. Access to database is also a concern here. I am not to be blamed or held responsible for any security faults or data losses/unauthorized accesses. DOWNLOAD, INSTALL, AND USE AT YOUR OWN RISK.
Recommended Security Additions
You can add on almost ANYTHING to this, but I HIGHLY recommend you improve it yourself! Learn from it and make a cool web app!
For those of who think this is junk, I agree. It is - if you just leave it as I have written it. The general idea behind my doing this is so people can learn from a practical project and build upon it themselves.
Bugs/Comments/Suggestions accepted via PM or reply. (No nasty ones, please.)
SCRIPT UPDATES & BUG FIXES
August 2005 - Ver. 1.0.1
A bug in the registration script (my bad!) that didn't insert the new user into the database. To fix this problem, re-download the zip file and replace register.php with the new one.
Don't want to redownload? Just change line 95 of register.php to:
And you're done!
----------------------------
August 2005 - Ver. 1.1
I've decided to add a basic security feature to the script, since many new PHP'ers won't figure it out for quite a while I'm guessing.
The config.php file has a security vulnerability (sp?) that could easily reveal your database name, username, and password. This is now fixed and I highly advise you re-download the zip file and edit these files:
----------------------------
August 2005, ver. 1.1.2
There was an error in admin_edit.php. It said you were not an admin when you really were, so either re-download and replace "admin_edit.php" with this new one, or just do the following:
Put this code on the second line of "admin_edit.php":
Done!
Enjoy!
-Matt
INSTALLATION
This is a fully-functional, self-installing members management system, now version 1.1.2. Translated, that means:
This is the major build #1, minor build #1, and 1 larger bux fix (so I just add 2 lol) (1.1.2)
FEATURES
Mostly Self-Installing, Login, Logout, Register, Simple Admin Panel, Mostly Commented Code, and Instructions.
Use it - customize it! Build onto it. Learn from it! But first, download and unzip it!
FUNCTIONAL SAMPLE
Click This Link To Try It!
**** SAMPLE DOWN **** My server is new and I have been too lazy to move it over yet.
To see what it's like, go ahead: Register and login. Play with it a bit. The sample provides an admin panel view (with disabled functions though to prevent abuse).
The other version is the same, but is shown and works exactly as the download would when installed properly. Admin panel is visible only to admins, etc, etc.
** CAUTION: I do not have the time to censor any data in this sample, so the admin panel displaying the usernames may contain vulgar data. If it does, please PM me and I will remove that user.
This uses PHP sessions. It's VERY easy to customize, since it's so simple to start off with and learn from.
USAGE RECOMMENDATIONS
*** SECURITY WARNING ***
THIS IS NOT A SECURE SCRIPT! It is a simple task to crack into it and present unwanted results such as data loss, corruption, or disfacement of site. Access to database is also a concern here. I am not to be blamed or held responsible for any security faults or data losses/unauthorized accesses. DOWNLOAD, INSTALL, AND USE AT YOUR OWN RISK.
Recommended Security Additions
- SQL Injection Detection - Prevent an injection via forms (PHP function: mysql_real_escape_string() is a common way of preventing injection)
- Create all variables from $_POST after a form submission so you won't use unwanted ones via the URL bar
- Create a more complex user login system (email validation is encouraged)
- Store more than the username in a session variable to track logins
- Check each login on every page load with the database and validate the data
- Create a logging system that will inform you of any bugs or security flaws
- Make the admin user detection in admincheck.php better, similar to user login detection
You can add on almost ANYTHING to this, but I HIGHLY recommend you improve it yourself! Learn from it and make a cool web app!
For those of who think this is junk, I agree. It is - if you just leave it as I have written it. The general idea behind my doing this is so people can learn from a practical project and build upon it themselves.
Bugs/Comments/Suggestions accepted via PM or reply. (No nasty ones, please.)
SCRIPT UPDATES & BUG FIXES
August 2005 - Ver. 1.0.1
A bug in the registration script (my bad!) that didn't insert the new user into the database. To fix this problem, re-download the zip file and replace register.php with the new one.
Don't want to redownload? Just change line 95 of register.php to:
PHP:
$q = "INSERT INTO users VALUES(NULL, '$name', '$uname', '$pwd', '$date', '0', '$profile', 'normal', '$age')";
----------------------------
August 2005 - Ver. 1.1
I've decided to add a basic security feature to the script, since many new PHP'ers won't figure it out for quite a while I'm guessing.
The config.php file has a security vulnerability (sp?) that could easily reveal your database name, username, and password. This is now fixed and I highly advise you re-download the zip file and edit these files:
- config.php - Put this code into your current config.php file:
PHP:<?php $dbname = ""; //Database name. $dbuser = ""; //Database user name $dbpwd = ""; //Database user password. ?>
- dbconn.php - Just replace the old one with the one in the zip file and it should work okay if you edited config.php right.
----------------------------
August 2005, ver. 1.1.2
There was an error in admin_edit.php. It said you were not an admin when you really were, so either re-download and replace "admin_edit.php" with this new one, or just do the following:
Put this code on the second line of "admin_edit.php":
PHP:
include("dbconn.php");
Done!
Enjoy!
-Matt
INSTALLATION
- Download the below .zip file to a temporary location.
- Extract to a more permanent location, (E.g. C:\wwwroot\MemberSystem) and you may then delete the .zip file.
- Refer the README file for more easy installation instructions.
Last edited: