FullyFunctional Member System: Login/Logout, Admin Panel, Sessions, Self-Installation

[user-7256]

OVERVIEW

This is a fully-functional, self-installing members management system, now version 1.1.2. Translated, that means:

This is the major build #1, minor build #1, and 1 larger bux fix (so I just add 2 lol) (1.1.2)

FEATURES
Mostly Self-Installing, Login, Logout, Register, Simple Admin Panel, Mostly Commented Code, and Instructions.

Use it - customize it! Build onto it. Learn from it! But first, download and unzip it!

FUNCTIONAL SAMPLE

Click This Link To Try It!
**** SAMPLE DOWN **** My server is new and I have been too lazy to move it over yet.

To see what it's like, go ahead: Register and login. Play with it a bit. The sample provides an admin panel view (with disabled functions though to prevent abuse).

The other version is the same, but is shown and works exactly as the download would when installed properly. Admin panel is visible only to admins, etc, etc.

** CAUTION: I do not have the time to censor any data in this sample, so the admin panel displaying the usernames may contain vulgar data. If it does, please PM me and I will remove that user.

This uses PHP sessions. It's VERY easy to customize, since it's so simple to start off with and learn from.

USAGE RECOMMENDATIONS

*** SECURITY WARNING ***

THIS IS NOT A SECURE SCRIPT! It is a simple task to crack into it and present unwanted results such as data loss, corruption, or disfacement of site. Access to database is also a concern here. I am not to be blamed or held responsible for any security faults or data losses/unauthorized accesses. DOWNLOAD, INSTALL, AND USE AT YOUR OWN RISK.

Recommended Security Additions

• SQL Injection Detection - Prevent an injection via forms (PHP function: mysql_real_escape_string() is a common way of preventing injection)
• Create all variables from $_POST after a form submission so you won't use unwanted ones via the URL bar
• Create a more complex user login system (email validation is encouraged)
• Store more than the username in a session variable to track logins
• Check each login on every page load with the database and validate the data
• Create a logging system that will inform you of any bugs or security flaws
• Make the admin user detection in admincheck.php better, similar to user login detection

You can add on almost ANYTHING to this, but I HIGHLY recommend you improve it yourself! Learn from it and make a cool web app!

For those of who think this is junk, I agree. It is - if you just leave it as I have written it. The general idea behind my doing this is so people can learn from a practical project and build upon it themselves.

Bugs/Comments/Suggestions accepted via PM or reply. (No nasty ones, please.)

SCRIPT UPDATES & BUG FIXES

August 2005 - Ver. 1.0.1
A bug in the registration script (my bad!) that didn't insert the new user into the database. To fix this problem, re-download the zip file and replace register.php with the new one.
Don't want to redownload? Just change line 95 of register.php to:

$q = "INSERT INTO users VALUES(NULL, '$name', '$uname', '$pwd', '$date', '0', '$profile', 'normal', '$age')";

And you're done!

----------------------------

August 2005 - Ver. 1.1
I've decided to add a basic security feature to the script, since many new PHP'ers won't figure it out for quite a while I'm guessing.

The config.php file has a security vulnerability (sp?) that could easily reveal your database name, username, and password. This is now fixed and I highly advise you re-download the zip file and edit these files:

• config.php - Put this code into your current config.php file:
  

  <?php
  $dbname = ""; //Database name.
  $dbuser = ""; //Database user name
  $dbpwd = ""; //Database user password.
  ?>

  Then, fill in the values for these 3 variables. After this, delete the old content (should be 1 line) so that your config.php file consists ONLY of this new content.
• dbconn.php - Just replace the old one with the one in the zip file and it should work okay if you edited config.php right.

----------------------------

August 2005, ver. 1.1.2
There was an error in admin_edit.php. It said you were not an admin when you really were, so either re-download and replace "admin_edit.php" with this new one, or just do the following:

Put this code on the second line of "admin_edit.php":

include("dbconn.php");

Done!




Enjoy!

-Matt

INSTALLATION

1. Download the below .zip file to a temporary location.
2. Extract to a more permanent location, (E.g. C:\wwwroot\MemberSystem) and you may then delete the .zip file.
3. Refer the README file for more easy installation instructions.

 

[Eric]

Nice, I'll download er. Hehe, build on er a little Thanks.


-Eric

 

[Porte]

Let me see the structure of this..

Just read through it..nice, i like the coding style..not complicated and easy.

 

[user-7256]

Thanks!

I didn't modulate very much, using an fns.inc file, since this isn't a large-scale project. My goal with this is to get beginners in this field started and learn how to do their work with a practicle foundation.

 

[Outer]

Mind if I make certain additions to it and add it here matt?

A simplified version and one with some of the additions you stated and etc.?

 

[.PJ]

I might look at this later tonight.

Good work

PJ

 

[user-7256]

Outer - Actually I was hoping that new programmers would find it a useful and helpful foundation to start programming with. Adding features for them wouldn't teach them much of anything, would it?

 

[iNod]

Actually adding features to other scripts is how I learn php.

Some features which could be added are.

How many users there are stats (simple mysql_num_row code addtion)
Forget Password (Another file.. Not so simple)
Activation required email (Simple email and updating mysql db, New row)

There are many more functions which can be added.

Regards,

 

[user-7256]

First, there already IS a number of users stats in the admin panel.
Second, I don't care WHAT you add to your copy just as long as you don't redistribute it, as that's against copyright law.

 

[Muneeb2Good]

Hurra ! Thanks Bro this is AWESOME i just want to say Thank you For Sharing with Us !
So nice of you !

 

[user-7256]

^_^ You're welcome. It was fun to write. Again, if you notice any bugs, please inform me so I can fix it

 

[Muneeb2Good]

^_^ You're welcome. It was fun to write. Again, if you notice any bugs, please inform me so I can fix it

Yes sure why not !

 

[user-7256]

...anybody else like it?

 

[Zubair1]

hey thanks, its really nice but i think if you'd make it support to put all the sessions in the database, it'd be more secure i know you didn't had any intentions of securing this script, which you clearly explained above, but i think if you do that it'd be much better

Well, i was working on making some thing like that though i got stuck on a part,
which was detecting sessions when there browsers got closed this is the most painful
part for me in the script, every thing is cleared out but just stuck on this part
if any one has some solutions for this please do tell me,

you script is still nice for a basic page though

i dont know why but when i am trying to register with this script
its giving me this error,

ERROR > Could not insert into database. Error returned is Column count doesn't match value count at row 1

 

[unknownz]

Thanks alot. I dont need it currently, but would definitely look forward to it for next version of my website.
very well done.

 

[user-7256]

Zubair1 - Hmm... that may be the reason nobody has registered O.o ... but it worked for me... gosh thanks for reporting. That probably hurt my script's reputation. Fixed.

I've also updated the download file. Version 1.0.1 now released lol.

EDIT: Zubair1, this was taken from PHP.net:

The following code is a nice simple way to check for cookie support without needing any intermediary pages to check it has been set.

// Set the name of the cookie (nicer than default name)
session_name("SID");

// Set cookie to expire way into the future so it persists
session_set_cookie_params (60*60*24*365*10, '/', '.mydomain.com',0);

session_start();
if ( SID != "" ) {
   header("Location: /nocookie.php");
   exit();
}

You could alter things a bit... that session cookie expires in 10 years :lala:

 

[Zubair1]

lol, nps man but i think every one above didn't check weather it was fully functional
well nice job its working fine now the php snippet which you took from php.net
do we have to put this on every page of our script to detect weather cookies were set or not, and though the sessions are still not secure that way it'd be better if they were put on database, may i ask you a question?
Q-) Do you know how i can know when a user closes their browser
as i am having a lot of trouble with and also researched on it alot too, though i still didn't get any good results, what i am wanting to do is put the sessions data on the database i check for and retrieve all the session information from the database
like when a person clicks the logout link, they logout their sessions are ended, (destroyed) but what if the user never logs out, they're sessions are lost some where in the database, so i want to know when that happens (I.E When the user closes their browser), so i can tell the database to delete all the session information about that person, (got any solutiions for this bro)?

thanks in advance :d

 

[user-7256]

I'm sorry, I don't know... I'm not familliar with that type of sessions usage (with sessions + cookies), and I've wondered myself how to know whether a user is online or not.

Although... http://www.cj-design.com - they have a VERY simple users online script for free download, which tells you the NUMBER of people online. You might play with that a bit.

Cheers,
-Matt

 

[bbalegere]

Thankx.This is good.

 

[user-7256]

Great Enjoy.

 

[noswad]

This looks good but when I hit install I get...

Could not connect to database. Either the DB doesn't exist, or the username/pwd combo supplied was invalid.

Do I have to make my own MySQL database cos I dont have a clue how to do this lol :wave:

 

[Eric]

This looks good but when I hit install I get...

Could not connect to database. Either the DB doesn't exist, or the username/pwd combo supplied was invalid.

Do I have to make my own MySQL database cos I dont have a clue how to do this lol :wave:

Lol. Yes, yes you do. Do you have cpanel with your hosting account? if so, it is quite easy..

 

[noswad]

Yeah I have cpanel :great:

Any hints tips before I give it a go? :lol:

 

[Eric]

Yeah I have cpanel :great:

Any hints tips before I give it a go? :lol:

Login to Cpanel>Go to MySQL Databases>Add Db>Create User>Add User to DB

:tu: Then, just enter that info when asked to install the login script and you're good to go.

 

[noswad]

I just keep getting.....

Could not connect to database. Either the DB doesn't exist, or the username/pwd combo supplied was invalid. Back

I dont know what I have done wrong!