TECH6.0

webwizzy · #1 01-07-2008, 07:37 AM

Introduction (Must read)

Here's a tutorial for building a complete registration system in PHP/MySQL that can be easily implemented on your PHP website. Email address is verified by sending a confirmation mail. The passwords are encrypted via strong sha256 algorithm.

Summary of Process:-

Users fill in all the fields of the registration form that are validated via JavaScript before submission.
Requires unique email address. So, user is redirected to an error page if email address already exists in database.
If everything goes fine, all the records get inserted into a temporary table in the database and an activation mail is dispatched.
On following of a valid link in the email, the records are moved to the main registered_users table and the user registration is complete.

Please See:-

This tutorial is totally owned/written by webwizzy for Tech6.com. You may not copy or redistribute without the permission of the author.
This tutorial is built with a view that you are aware of basic HTML and have intermediate knowledge of PHP and databases.
You can see a live working Demo of this registration system at www.vinayaks.com
This tutorial has enough scope that additional required features such as forgot password, edit profile/email, resend activation mail, delete activation request and like features can be implemented. Will soon post tutorials on how to go about doing these. For the moment, you can test all these features at the above Demo link.

webwizzy · #2 01-07-2008, 07:51 PM

Part II - Account Confirmation or Email Authentication
Part III - Forgot Password feature Implementation

Part I - User Registration System Setup

1. Building the Registration form (register.php):-

a) Designing the form:-

I won't be giving a tutorial for designing a form that includes your colors and CSS. Simply use your favorite HTML editor like Adobe Dreamweaver. You must start your <form> tag declaration like this, so copy it. I don't think it needs description.

HTML Code:

<form action="<?php echo $editFormAction; ?>" METHOD="POST" name="registerform">

And create the fields as described below:-

Additionally, create 3 hidden fields (Copy/Paste the code below anywhere within <form> tag):-

HTML Code:

<!-- Grabbing IP of user -->
<input type="hidden" name="ip" id="ip" value="<?php echo $_SERVER['REMOTE_ADDR'];?>"  />
<!-- Grabbing current date -->
<input name="joindate" type="hidden" id="joindate" value="<?php echo date("F j, Y");?>" />
<!-- Required for inserting records into the table from registerform -->
<input type="hidden" name="MM_insert" value="registerform" />

You may download the Country List attached

webwizzy · #3 01-07-2008, 07:56 PM

b) Validating the fields:-

Simply refer to this post. It has complete documentation and example on validating fields.

However, the documentation provided in the above post won't be sufficient for our registration form as our requirement is somewhat more complex.

So, here is exact code you need according to the above field names that is to be put right after </form> tag. You may edit the input limits as desired.

Code:

<script language="JavaScript" type="text/javascript">

//You should create the validator only after the definition of the HTML form
var frmvalidator = new Validator("registerform");

frmvalidator.addValidation("email","maxlen=50");
frmvalidator.addValidation("email","req","Please enter your Email Address !!");
frmvalidator.addValidation("email","email","Please enter a valid email address !!");


frmvalidator.addValidation("password","req","Please enter a Password !!");
frmvalidator.addValidation("password","minlen=5",
"Min length for Password is 5");


frmvalidator.addValidation("repassword","req","Please retype your Password !!");


frmvalidator.addValidation("firstname","req","Please enter your First Name !!");
frmvalidator.addValidation("firstname","maxlen=30",
"Max length for FirstName is 30");
frmvalidator.addValidation("firstname","minlen=3",
"Min length for FirstName is 3");
frmvalidator.addValidation("firstname","alpha");



frmvalidator.addValidation("lastname","req","Please enter your Last Name !!");
frmvalidator.addValidation("lastname","maxlen=30",
"Max length for LastName is 30");
frmvalidator.addValidation("lastname","minlen=3",
"Min length for LastName is 3");
frmvalidator.addValidation("lastname","alpha");



frmvalidator.addValidation("city","req","Please enter your City !!");
frmvalidator.addValidation("city","maxlen=20",
"Max length for City is 20");
frmvalidator.addValidation("city","alpha");

frmvalidator.addValidation("country","dontselect=0","Select your country !!");

frmvalidator.addValidation("date","dontselect=0","Select your Date Of Birth !!");
frmvalidator.addValidation("month","dontselect=0","Select your Month of Birth !!");
frmvalidator.addValidation("year","dontselect=0","Select your Year of Birth !!");


//*************************************************************
//Custom Validating Agreement and Password Fields
//*************************************************************

//Matching Password Fields


function DoMyValidationOne()
{
var frm = document.forms["registerform"];
if(frm.password.value != frm.repassword.value)
{
alert('Password Fields do not match !!');
return false;
}
else
{
return true;
}
}
frmvalidator.setAddnlValidationFunction("DoMyValidationOne");

//Accepting Agreement

function DoMyValidationTwo()
{
var frm = document.forms["registerform"];
if (frm.acceptance[0].checked)
{
alert('You must ACCEPT our Terms and Conditions/Privacy Policy in order to register with my Site !!');
return false;
}
else
{
return true;
}

}
frmvalidator.setAddnlValidationFunction("DoMyValidationTwo");

function DoCustomValidation()
{
var frm = document.forms["registerform"];
if(false == DoMyValidationOne())
{
return false;
}
else
if(false == DoMyValidationTwo())
{
return false;
}
else
{
return true;
}
}
frmvalidator.setAddnlValidationFunction("DoCustomValidation");


//**********************************************
//End of Custom Validation
//**********************************************
</script>

Also, do not forget to upload and include the .JS file by adding the following code in your <head> tag. (Give a valid path for gen_validatorv2.js)

Code:

<script language="JavaScript" src="gen_validatorv2.js" type="text/javascript"></script>

We should now have our registration form ready. Test it before moving any further. There would be a difference in your colors and CSS, however, the functionality would remain the same if you followed the instructions above.

webwizzy · #4 01-07-2008, 08:15 PM

2. Getting ready with the Database:-

One good program I always use and recommend is SQLYog to directly connect to/or modify your database. It has a Community Edition which is free. Otherwise you can use any other program such as phpmyadmin.

We need two tables:

temp_data
registered_users

Create table temp_data in the following way:-

Create table registered_users in the following way

webwizzy · #5 01-07-2008, 08:36 PM

3. PHP Code Implementation:-

Right, so easy part is over. Now we move on to the actual PHP code implementation in register.php where we check for existing email address, insert the records and encrypted password into temporary table in the database and at last dispatching the activation email with a unique link generated.

Starting off with connection.php that is required to connect to database. Copy it as it is.

PHP Code:

  <?php
# FileName="Connection_php_mysql.htm"
# Type="MYSQL"
# HTTP="true"
$hostname_vin_conn = "Your_HOST_IP";
$database_vin_conn = "Database_Name";
$username_vin_conn = "Username_here";
$password_vin_conn = "Password_here";
$vin_conn = mysql_pconnect($hostname_vin_conn, $username_vin_conn, $password_vin_conn) or trigger_error(mysql_error(),E_USER_ERROR); 
?>

Simply save the above code as connection.php making the necessary editing.

Note: You or/and your host knows best what values to be put for above variables.

Now, first download the SHA256.INC, unzip and upload the .php file alongwith connection.php. (This is optional and do it ONLY if you have PHP4)

Here's the PHP code required that goes right at the beginning of the register.php page i.e. before the <form> and other HTML/CSS code (Please read the comments to understand code better)

PHP Code:

  <?php require_once('connection.php'); //Connection file that is required to connect to MySQL database
require_once('sha256.inc.php'); //This is required to encrypt passwords ONLY for PHP4, remove this if you have PHP5 and follow as described in post 27 about encrypting passwords.
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

// *** Redirect if username exists
$MM_flag="MM_insert";
if (isset($_POST[$MM_flag])) {
  $MM_dupKeyRedirect="regfail_email.php"; //Redirects to this page if email already exists
  $loginUsername = $_POST['email'];
  $LoginRS__query = sprintf("SELECT email FROM temp_data WHERE email=%s UNION ALL SELECT email FROM registered_users WHERE email=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($loginUsername, "text"));

  $LoginRS__query1 = sprintf("SELECT new_email FROM temp_data WHERE new_email=%s", GetSQLValueString($loginUsername, "text"));

  mysql_select_db($database_vin_conn, $vin_conn);
  $LoginRS=mysql_query($LoginRS__query, $vin_conn) or die(mysql_error());
  $LoginRS1=mysql_query($LoginRS__query1, $vin_conn) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  $loginFoundUser1 = mysql_num_rows($LoginRS1);

  //if there is a row in the database, the username was found - can not add the requested username
  if($loginFoundUser){
    $MM_qsChar = "?";
    //append the username to the redirect page
    if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
    $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername;
    header ("Location: $MM_dupKeyRedirect");
    exit;
  }
  if($loginFoundUser1){
    $MM_qsChar = "?";
    //append the username to the redirect page
    if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
    $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername;
    header ("Location: $MM_dupKeyRedirect");
    exit;
  }
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
//Generation of Activation Code and Encryption of Password.
$confirm_code = sha1(uniqid(rand()));
$password=$_POST['password'];
$encrypted_password=sha256($password);
//End

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "registerform")) {
  $insertSQL = sprintf("INSERT INTO temp_data (confirm_code, password, email, firstname, lastname, sex, dateofbirth, monthofbirth, yearofbirth, city, country, ip, joindate) VALUES ('$confirm_code', '$encrypted_password', %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['email'], "text"),
                       GetSQLValueString($_POST['firstname'], "text"),
                       GetSQLValueString($_POST['lastname'], "text"),
                       GetSQLValueString($_POST['sex'], "text"),
                       GetSQLValueString($_POST['date'], "text"),
                       GetSQLValueString($_POST['month'], "text"),
                       GetSQLValueString($_POST['year'], "text"),
                       GetSQLValueString($_POST['city'], "text"),
                       GetSQLValueString($_POST['country'], "text"),
                       GetSQLValueString($_POST['ip'], "text"),
                       GetSQLValueString($_POST['joindate'], "text"));

  mysql_select_db($database_vin_conn, $vin_conn);
  $Result1 = mysql_query($insertSQL, $vin_conn) or die(mysql_error());

  $insertGoTo = "reg_thanks.php"; //Redirected to this page and activation email dispatched if success
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
  
   // ---------------- SEND MAIL FORM ----------------
//If insertion successful
if($Result1){
$firstname=$_POST['firstname'];
$email=$_POST['email'];
$ip=$_POST['ip'];
$todaysdate=$_POST['joindate'];

// send e-mail to ...
$to=$email;
// Your subject
$subject="Action required for Account Activation at MySite";
// From
$headers = 'from: MySite Webmaster <noreply@mysite.com>' . "\r\n";
$headers .= 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'Return-Path: noreply@mysite.com' . "\r\n";
// Your message
$message="<html><body><head><center>
<img src=http://www.vinayaks.com/src/pics/emaillogo.jpg>
</center></head>
<br><br><font size=2 face=Verdana>
Dear $firstname,
<br><br>
Thank you for registering at MySite. Before I can activate your account one last step must be taken to complete your registration.
<br><br>
<b>Please note -</b> you must complete this last step to become a registered member. You will only need to visit this URL once to activate your account.
<br><br>
To complete your registration, please visit this URL:<br>
<a href=http://www.mysite.com/confirm.php?passkey=$confirm_code>http://www.vinayaks.com/confirm.php?passkey=$confirm_code</a>
<br><br>
The Admin,<br>
MySite
<br><br>
<b>Logged IP:</b> $ip<br>
<b>TimeStamp:</b> $todaysdate</font>
<br><br><br><hr><font size=1 face=Verdana>To delete your activation information and stop all future mails from MySite, simply <a href=http://www.mysite.com/delete_activation.php?passkey=$confirm_code>click here</a>. I hate spam as much as you do and really care for your privacy, view my <a href=http://www.mysite.com/docs/priv_policy.php>Privacy Policy</a>.</font>
<br /><div style="z-index:3" class="smallfont" align="center">SEO by <a rel="nofollow" href="http://www.vbseo.com/1394/">vBSEO</a> 3.3.0</div>
</body></html>";

// send email
mail($to,$subject,$message,$headers);
}
}
// Written by webwizzy. Copyright tech6.com
?>

A ScreenShot of the activation email:-

You should test the complete process uptill now. It should:-

Validate all Input Fields at client side
Insert records into the temporary table in the database
Dispatch an email to the user with the account confirmation link

Part I ends here

webwizzy · #6 01-07-2008, 09:16 PM

Part II describing what to do next coming soon !!

foodland · #7 14-07-2008, 05:46 PM

useful information
but i need some more basic think like installation process for php

webwizzy · #8 14-07-2008, 07:21 PM

This thread does not deal with the issue of installing PHP.

Anyways we always use a testing server to upload and test .php or any other server side scripting languages and hardly install PHP on our own PC.

Still if you want, check out a tutorial to Install PHP on Windows. And another nice tutorial here.

Spec_tray · #9 15-07-2008, 02:28 AM

great effort..

thank you for providing such a nice tutorial and links webwizzy..The user registration system is well described...keep it up lol..

regards
spec_tray

webwizzy · #10 15-07-2008, 02:30 AM

ha.. thanks for the compliment dear, I had been writing this since a week to post it here.

There's yet a lot more to go in it.

Spec_tray · #11 15-07-2008, 02:46 AM

Go on mate ..

so that i can also learn some php from here..:wink:

regards

spec_tray

sogah87 · #12 24-07-2008, 02:48 PM

Your tutorial was very helpful and concise, however I need additional help.

I understand how to setup a user registration system but I need help with AFTER they register. I'll explain my scenario:

I have a website that sells items that require users to upload pictures and copy(paragraphs/text). After they register how do I make it so users can select my item and upload their content. Then after they upload it stores all THEIR content on the database?

I need to make it so I can pull down each user's content i.e. pictures and text from the database.

Please help out a.s.a.p. thank you.

webwizzy · #13 24-07-2008, 11:14 PM

hii sogah and welcome to tech6 forums.

well.. I don't find your query anywhere related to user registration system.

Its a different topic on how to UPLOAD content onto the database through php. Kindly start a different thread on how to go about doing this so fellow members can have a look at it too.

By the way, a quick google search revealed these tutorials:-
http://www.w3schools.com/PHP/php_file_upload.asp
http://www.tizag.com/phpT/fileupload.php
http://www.phpeasystep.com/workshopview.php?id=2

Also, here's a nice tutorial on Uploading Files To MySQL Database

Hope this helps !

sogah87 · #14 08-08-2008, 02:33 PM

is it possible to create a pop-up error message for validation?

for example if the passwords do not match and the user clicks submit, instead of displaying echo 'passwords do not match' a pop-up error message window appears. Similar to windows error messages.

webwizzy · #15 09-08-2008, 05:57 AM

sorry.. I did not understand sogah !

Even the current one is a javascript pop-up error message, so I'm not sure what you are talking about. Can you explain in more detail or via screenshot!

Thanks

justin · #16 09-08-2008, 03:43 PM

Great Tutorial Post WebWizzy. I'm sure members will find this very useful. You have explained this process in an easy to follow manner. Well done

runrunforest · #17 20-10-2008, 11:52 AM

you are my man

When can i see the next part 2,3,4 ?

looking forward to doing your stuff more

webwizzy · #18 20-10-2008, 03:45 PM

you are my man

When can i see the next part 2,3,4 ?

looking forward to doing your stuff more

As Said by runrunforest

to tech6

glad you like it runforest and thanks for your feedback at Vinayaks.com

Not now.. but very soon as and when I get time.

runrunforest · #19 24-10-2008, 12:09 PM

There could be a conflict in naming of your database fields

the confirmcode isnt it the same as passcode ? if it is, you should have put confirmcode and forget_confirmcode instead of forgot_passcode.

But thats my preference when naming fields, making a consistent meaning. As long as the codes work, its cool.

webwizzy · #20 24-10-2008, 01:09 PM

All what matters is the correct column name in the code. So, personally I don't see any chance of *conflict* in that.

As far as fields/variable naming thing is concerned, then yes, it could had been what you said for kind of better understanding. But confirmcode/passcode hardly matters lol, coz they are almost similar.

Btw.. its just a tutorial/guideline to get things started, not a readymade script to install. There's a lot of things to adjust in it, so feel free to add and edit your fields/variables too.

Also, seeing your interest, I'd like to tell you that there's a lot of scope of optimization that can and should be done to the code which I have learned a bit later.

I'll suggest you:-

To completely discard the use of temp_data table and make a new column in registered_users table called activated that stores a value of 0 (for unactivated users) and 1 (for activated users). There's nothing much do in this case, just insert the default value 0 into the new activated column and despatch the email. When the user follows the URL in the activation email, simply update the activated column with value 1 for that user (this saves the delete query from temp_data as well as an insert query in registered_users table)

You can then query all your registered/activated members with:-

PHP Code:

  SELECT * FROM registered_users WHERE activated = '1';

Happy coding

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

LinkBacks (?) LinkBack to this Thread: http://tech6.com/f19/php-user-registration-system-t145/
Posted By	For	Type	Date
PHP User Registration System	This thread	Refback	15-09-2009 01:33 PM

TECH6.0

PHP User Registration System