---------------------------STEP ONE-----------
1st - create a table in your db named "users_table" with 3 fields, the first being "id" (INT, autoincrement, unique) the second being "username" (CHAR, unique) and the third being "password" (char)

2nd - create a new document, add a form, and within the form add two text boxes and a submit button. The first text field should be named "username" and the second "password"

3rd - set the form action to "signup.php?submit_reg=true"

4th, add the following code somewhere in "signup.php"
---------STEP 2 - REGISTRATION PROCESSING-------
<?php
$conn = mysql_connect("host", "user", "pass") or die(mysql_error());
@mysql_select_db("db_name", $conn) or die (mysql_error());
$sql = "INSERT INTO users_table (Id, username, password) VALUES ('', '$_POST[username]', '$_POST[password]'";
if ($_GET[submit_reg] == true) {
if ($_POST[username] == "" or $_POST[password] == "")
print "You must fill in both text fields!";
} else {
mysql_query($sql, $conn);
print "You are registered! <p> CLICK HERE to login!";
}
}
?>

You could add a bunch of error checking and stuff to that but i dont want to type much and its easier for beginners this way.

-------------------------STEP 3 -------LOGIN-------------
1st - create new document, named "login.php"
2nd - add a form, and within the form two text fields and a submit button. Again, name the first text field "username" and the second "password"
3rd - make the form action "login.php?submit_login=true
4th - add the following code at the top of the page/code

------ simple login script------

<?php session_start(); ?>
<?php
$conn = mysql_connect("host", "user", "pass") or die(mysql_error());
@mysql_select_db("db_name", $conn) or die (mysql_error());
$sql = "SELECT * FROM users_table WHERE username = '$_POST[username]' and password = '$_POST['password']'";
$query_sql = mysql_query($sql, $conn) or die (mysql_error());
if ($_GET[submit_login] == true) {
if (mysql_num_rows($query_sql) == 1) {
print "Your are now logged in!";
$_SESSION[username] = $_POST[username];
} else {
print ("incorrect username or password");
}
}
?>

Now upload both files to your server and test it out.
If there are any parse errors, post what happened here and ill revise the code (i wrote it quickly and did not proofread at all)
--------ALL FINISHED!-----------ADDITIONAL NOTES:----------
-make sure to put "session_start();" on every page
and to tell if they are logged in, just use:

if ($_SESSION[username]) {
// actions
} else {
print "not logged in";
}

-make sure your host supports php and includes a db
-------------FOR MORE PHP TUTORIALS : www.phpfreak.com ------

This PHP Tutorial brought to you by: www.myfreesite.cjb.net

Thats full of places to inject sql code.

I use cookies and sessions for my member systems (www.ovencaek.com)

Since I found out in opera you can change the session value and it works, and it was really fucking things up, I needed to make it somehow when you got assigned a cookie you coulden't change it

and I made my own wee script to do that via assigning the cookies to sessions, and when you close the page( sessions destroy obviously) then reopen , if cookie is set, the session attaches itself to it n stuff :D tis good stuff

At 11/29/04 03:33 PM, chis- wrote: I use cookies and sessions for my member systems (www.ovencaek.com)

Since I found out in opera you can change the session value and it works, and it was really fucking things up, I needed to make it somehow when you got assigned a cookie you coulden't change it

and I made my own wee script to do that via assigning the cookies to sessions, and when you close the page( sessions destroy obviously) then reopen , if cookie is set, the session attaches itself to it n stuff :D tis good stuff

yeah cookies are great, but a lot of people block cookies so they might be disouraged from being logged out all the time. So i usually only use sessions, ....and personally, i clear out my cookies every few days, even though they are like 1 byte or so, i just dont like extra files being added on my comp.

At 11/29/04 01:29 AM, henke37 wrote: Thats full of places to inject sql code.

what do you mean?

Sql injection is entering some thing like ' or ''='' in the password box and thus geting acces they shouldn't have.
$sql="select userid from users where username='$username' and password='$password'";//insecure code

$sql='select userid from users where username=\''.addslashes($username).\'' and password=\''.addslashes($password).'\'';//secure code

You need to make sure numbres is numbers to or else somebody might chose to delete mesage 0 or ''=''.

You should also take care of html input so people don't puts a simple javascript that does bad stuff or just puts a <table> so the rest of the page won't be displayed.

It should be(hard to avoid those smal typos):
$sql='select userid from users where username=\''.addslashes($username).'\' and password=\''.addslashes($password).'\'';//secure code

At 12/5/04 05:17 PM, iLLiCit_JmBd wrote: I am a tutorial writer for PHPFreaks.com and the one you wrote is shit compared to the stuff that is posted at PHPFreaks.com.

Put more into your tutorials before you whore it out to the BBS, because I did not understand how your piece of shit registration works when I can do it way better than how you do it, and have auto redirect to the login page instead of giving users a link.

This is just a simple tutorial i wrote up ona friggin forum, not an active php website dedicated to this type of stuff.

OHHH DUUUUUUDDEEEEEEe DISSS!!!!1
not really...

i hope it didnt take you 2 months to think of that comeback.

wow since when did this forum turn into a such a hacker forum. but good job Mad_Guy. ppl shouldn't teach shit code.

At 2/6/05 03:10 PM, Mad_guy wrote: I can't believe people don't fucking listen when I give them a motherfucking PHP protection guide to learn shit from. It even teaches people how to protect against SQL injection attacks. I acknowledged a while back that some people on this site were fucking brick-headed retards, but come ON.

To be fair:

Mad_guy's PHP protection guide was posted 1/29/05 01:07 AM
Php Member System was posted 11/28/04 08:29 PM

Not that you're wrong at all about the quality of this so-called tutorial/guide, but that was a bit of a false potshot.

At 12/5/04 05:17 PM, iLLiCit_JmBd wrote: I am a tutorial writer for PHPFreaks.com and the one you wrote is shit compared to the stuff that is posted at PHPFreaks.com.

Put more into your tutorials before you whore it out to the BBS, because I did not understand how your piece of shit registration works when I can do it way better than how you do it, and have auto redirect to the login page instead of giving users a link.

Josh come on, give him a break. He probably writes tutorials, as I do, but since he isn't getting paid or anything, he doesn't feel the need to make them excellent. I feel the exact same way.

If someone personally contacts me, I'll be glad to show them steps in and out. But, I don't want to just free code everything for everyone to see. Granted it is supposedly teaching them, but, for a lot of us, it takes motivation.