Sign-up & Log-in Script

To skip the learning part and just get the user script, read on.

First we'll create an include file for the connection info, which will save us from having it separately in each script. Paste the following into a file called "config.php"

<?php
$server = "localhost";  // server to connect to.
$database = "mydata";  // the name of the database.
$db_user = "myusername";  // mysql username to access the database with.
$db_pass = "mypassword";  // mysql password to access the database with.
$table = "users";    // the table that this script will set up and use.
?>

You'll need to create the user table on your database to store the info in. To do so, paste the following into a file called "create.php". Then upload both create.php and config.php, and point your browser to create.php.

<?php

include ("config.php");

// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());

// create table on database
$create = "create table $table (
id smallint(5) NOT NULL auto_increment,
username varchar(30) NOT NULL,
password varchar(32) NOT NULL,
PRIMARY KEY (id),
UNIQUE KEY username (username)
);";

mysql_query($create)
or die ("Could not create tables because ".mysql_error());
echo "Complete.";
?>

Now you'll need to create your user signup form. This can be a regular HTML page that simply points to your PHP script. It should look like this:

<html><head>
<title>User Registration</title>
</head><body>

<form action="register.php" method="post">

Pick a Username: <input type="text" name="username" size="20"><br>
Pick a Password: <input type="password" name="password" size="20"><br>
<input type="submit" value="Sign Up">
</form>

</body></html>

Then, create a file called register.php, or whatever you pointed the form to, and put this code in it:

<?php 

include("config.php"); 

// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());

// check if the username is taken
$check = "select id from $table where username = '".$_POST['username']."';"; 
$qry = mysql_query($check) or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry); 
if ($num_rows != 0) { 
echo "Sorry, there the username $username is already taken.<br>";
echo "<a href=register.html>Try again</a>";
exit; 
} else {

// insert the data
$insert = mysql_query("insert into $table values ('NULL', '".$_POST['username']."',
'".$_POST['password']."')")
or die("Could not insert data because ".mysql_error());

// print a success message
echo "Your user account has been created!<br>"; 
echo "Now you can <a href=login.html>log in</a>"; 
}

?>

Now the log-in page, another HTML page pointing to another PHP script:

<html><head>
<title>User Registration</title>
</head><body>

<form action="login.php" method="post">

Username: <input type="text" name="username" size="20"><br>
Password: <input type="password" name="password" size="20"><br>
<input type="submit" value="Log In">
</form>

</body></html>

The log-in script that the above form points to:

<?php

include("config.php"); 

// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());

$match = "select id from $table where username = '".$_POST['username']."'
and password = '".$_POST['password']."';"; 

$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry); 

if ($num_rows <= 0) { 
echo "Sorry, there is no username $username with the specified password.<br>";
echo "<a href=login.html>Try again</a>";
exit; 
} else {

setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("mysite_username", "$username");
echo "You are now logged in!<br>"; 
echo "Continue to the <a href=members.php>members</a> section.";
}
?>

The check cookie function on all pages in the member's area, to make sure they're logged in:

<?php if (!isset($_COOKIE['loggedin'])) die("You are not logged in!
log in"); $mysite_username = $HTTP_COOKIE_VARS["mysite_username"]; echo "you are logged in as $mysite_username.

"; ?>

And finally, the log out script, which can just be pointed to with a regular link:

<?php

// expire cookie
setcookie ("loggedin", "", time() - 3600);

echo "You are now logged out.<br>";
echo "<a href=\"login.html\">Log in</a>.";

?>

That's it! If you're still unsure, you can download the files directly here.