This selection of PHP files will allow you to implement a "member's only" area in your web site, complete with recognizing re-entering members and new member form. Uses MySQL back-end.
By : woodys
Instructions:
- copy the following source code into their respective files (i.e. File #1 into my_const.h, etc.)
- run the queries thru MySQL to create the back-end database structure
- Drop the correct values into my_const.h
- Make sure that you have the following files/pages in your site:
"header.txt" and "footer.txt" - take a customized HTML template and cut it in half with the top half in header.txt and the bottom half in footer.txt.
"visitorarea.html" - this is where non-members are vectored.
"memberarea.html" - this is where the authenticated members are vectored.
- offer the following links in your site:
<a href=authenticate.php3>Click here to enter the members only area</a>
<a href=newmember.php3>Click here to enter a membership application</a>
- drop the following line into any member-area page (near the top of the file) that you want fully secure:
<? include("auth.h"); ?>
- if you have any questions regarding implementation or bug reports, email me at woodystanford@yahoo.com
****** CREATION QUERIES:
create database databasename;
create table users (userid int auto_increment primary key, username char(25) not null, password char(255) not null, companyname char(255) not null, contactname char(255) not null, email char(255) not null, baddress1 char(255) not null, baddress2 char(255) not null, bcity char(255) not null, bstate char(50) not null, bzip char(50) not null, saddress1 char(255) not null, saddress2 char(255) not null, scity char(255) not null, sstate char(25) not null, szip char(50) not null, tel char(255) not null, fax char(255) not null, active tinyint, ccname char(255) not null, cctype tinyint not null, ccnum char(255) not null, expdate char(255) not null, scountry char(255) not null, bcountry char(255) not null, discount decimal(5,4), needsvalidation tinyint not null, taxexempt tinyint not null, terms int not null);
create table sessions (sessionid int auto_increment primary key, userid int, ipaddress char(255) not null, created timestamp, returnpage char(255) not null);
SOURCE CODE:
***** File #1: my_const.h
<?
if ($g_databasename=="")
{
// ********** ENTER CONSTANTS HERE! **************
$g_databasename="databasename";
$g_dbuid="mysqlusername";
$g_dbpwd="mysqlpassword";
$g_uservalidator_email="youremail@address.com";
// ************************************************
//Helper functions
function mysql_escape_string($s)
{
$sl=strlen($s);
for ($a=0;$a<$sl;$a++)
{
$c=substr($s,$a,1);
switch(ord($c))
{
case 0:
$c = "\\0";
break;
case 10:
$c = "\\n";
break;
case 9:
$c = "\\t";
break;
case 13:
$c = "\\r";
break;
case 8:
$c = "\\b";
break;
case 39:
$c = "\\'";
break;
case 34:
$c = "\\\"";
break;
case 92:
$c = "\\\\";
break;
case 37:
$c = "\\%";
break;
case 95:
$c = "\\_";
break;
}
$s2.=$c;
}
return $s2;
}
}
?>
**** File #2: "newmember.php3"
<? include("header.txt"); ?>
<font face=arial>
<font size=5><b>New Member Profile</font></b><br>
To use this site to the fullest, you must enter in some basic information to establish your identity when you visit. Required fields are indicated with a <font color=red>*</font>. A username and password will be issued to you via email.<p>
<small>(If you have already received a username and password, and have forgotten it, please do not re-submit your information, but rather contact us at via <a href="mailto:<? echo($g_uservalidator_email); ?>">email</a>.)</small><p>
<form action=submitmember.php3 method=post>
<font color=blue><b>Personal Information</b></font><br>
<hr>
<table>
<tr><td><b>Company Name</td><Td><input type=text name=companyname size=50></td></tr>
<tr><td><b>Your Name (first, last)<font color=red>*</font></td><Td><input type=text name=contactname size=50></td></tr>
<tr><td><b>Email Address<font color=red>*</font></td><Td><input type=text name=email size=50></td></tr>
<tr><td valign=top><b>Billing Address<font color=red>*</font></td><Td><input type=text name=baddress1 size=50><br><input type=text name=baddress2 size=50><br><input type=text name=bcity size=25>, <input type=text name=bstate size=2> <input type=text name=bzip size=10><br><input type=text name=bcountry size=10 value="USA"></td></tr>
<tr><td valign=top><b>Shipping Address<font color=red>*</font></td><Td><input type=text name=saddress1 size=50><br><input type=text name=saddress2 size=50><br><input type=text name=scity size=25>, <input type=text name=sstate size=2> <input type=text name=szip size=10><br><input type=text name=scountry size=10 value="USA"></td></tr>
<tr><td><b>Contact Telephone</font></td><Td><input type=text name=tel size=30></td></tr>
<tr><td><b>FAX Telephone</font></td><Td><input type=text name=fax size=30></td></tr>
</table><hr><p>
I certify that the above information is correct. Please process this information an email me my username and password as soon as possible.<p>
<input type=submit value="Process Request">
</form>
<? include("footer.txt"); ?>
**** File #3: "submitmember.php3"
<?
include("header.txt");
include("my_const.h");
//connect to database
$con = mysql_connect(localhost,$g_dbuid,$g_dbpwd);
if ($con==NULL)
{
echo("301 Couldn't connect to MySQL\n\n");
exit(-1);
}
$db = mysql_select_db($g_databasename,$con);
$t="insert into users (companyname, contactname, email, baddress1, baddress2, bcity, bstate, bzip, saddress1, saddress2, scity, sstate, szip, tel, fax, active, bcountry, scountry, needsvalidation) values (\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",0,\"%s\",\"%s\",1)";
$sql=sprintf($t, mysql_escape_string($companyname), mysql_escape_string($contactname), mysql_escape_string($email), mysql_escape_string($baddress1), mysql_escape_string($baddress2), mysql_escape_string($bcity), mysql_escape_string($bstate), mysql_escape_string($bzip), mysql_escape_string($saddress1), mysql_escape_string($saddress2), mysql_escape_string($scity), mysql_escape_string($sstate), mysql_escape_string($szip), mysql_escape_string($tel), mysql_escape_string($fax), mysql_escape_string($bcountry), mysql_escape_string($scountry));
//insert user record into database (active OFF)
//debug
//echo($sql);
mysql_query($sql,$con);
//send email to user_validator to get them to validate new user.
$msg = sprintf("A new customer has submitted their information. Log into back-end database and authorize userid ".strval(mysql_insert_id($con)).". \n\nThis can be accomplished by setting the \"active\" field (in the table \"users\") to 1. \n\n IMPORTANT: You must also set their username and password and send it to their email address. The username must be unique, and both the username and password should be less than 15 alphanumeric characters. Their entered email address is ".$email."\n");
mail($g_uservalidator_email,"New Customer Submission - Validate",$msg);
//autoresponder to visitor
//******PHP4 ERROR: mail will crash the process HARD if the email address is bogus. Filter it! ******
mail($email,"Welcome to our Member Area!","Thank You for submiting your information. We'll be emailing you your username and password to enter the customer area of our site by the next business day.");
?>
<font face=arial>
<font color=blue>
<h1>Request Entered!</h1>
</font>
A representative should contact you shortly via email to give you your username and password.<p>
Thank you for your interest!<p>
<a href=visitorarea.html>Click here to return to the visitor area.</a>
<?
include("footer.txt");
?>
***** File # 4: "authenticate.php3"
<?
include("my_const.h");
//allow reentry without re-authentication
$con = mysql_connect(localhost,$g_dbuid,$g_dbpwd);
if ($con==NULL)
{
echo("301 Couldn't connect to MySQL\n\n");
exit(-1);
}
$db = mysql_select_db($g_databasename,$con);
$sql=sprintf("select userid from sessions where ipaddress=\"$REMOTE_ADDR\"",$con);
$res=mysql_query($sql,$con);
if (mysql_num_rows($res)!=0)
{
echo("<html><head><META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=memberarea.php3\"></head></html>");
}
else
{
include("header.txt");
?>
<font face=arial>
<font size=5><b>Are you an Existing Member?</b></font><br>
If you already have an account, please enter your username and password:<p>
<center>
<form action=authenticate2.php3 method=post>
<table border=1 cellpadding=3>
<tr><Td><b>UserName</b><td><input type=text name=uid size=15></td></tr>
<tr><Td><b>Password</b><td><input type=password name=pwd size=15></td></tr>
</table>
<br>
<input type=submit value="Enter Customer Area">
</center><p>
If you are not already a member, please fill out our <a href=newmember.php3>account request form</a>
. Click here to link to our <a href="visitorarea.html"> Visitor's area</a>...<p>
<?
include("footer.txt");
}
?>
FILE #5: "authenticate2.php3"
<html>
<?
include("my_const.h");
//authenticate vistor
$con = mysql_connect(localhost,$g_dbuid,$g_dbpwd);
if ($con==NULL)
{
echo("301 Couldn't connect to MySQL\n\n");
exit(-1);
}
$db = mysql_select_db($g_databasename,$con);
$sql=sprintf("select userid from users where username=\"%s\" and password=\"%s\" and active=1",mysql_escape_string($uid),mysql_escape_string($pwd));
$res=mysql_query($sql,$con);
if ((mysql_num_rows($res)!=0)&&($uid!=""))
{
$row=mysql_fetch_row($res);
//cleanup
$sql=sprintf("delete from sessions where ipaddress=\"%s\"",$REMOTE_ADDR);
mysql_query($sql,$con);
//make a new session
$sql=sprintf("insert into sessions (userid, ipaddress) values (%s,\"%s\")",$row[0],$REMOTE_ADDR);
mysql_query($sql,$con);
?>
<head>
<META HTTP-EQUIV="refresh" CONTENT="2;url=memberarea.php3">
</head>
<?
}
else
{
?>
<font face=arial>
<h1>Access Denied!</h1>
If you have reached this page in error, <a href="javascript:history.go(-1)">click here to try again.</a><br> If you do not have a username and password, <a href="newmember.html">click here to fill out an application.</a>
<?
}
mysql_free_result($res);
?>
</html>
***** FILE #6 : "auth.h"
<?
//authenticate vistor
if ($g_databasename=="")
{
include("my_const.h");
}
$con2 = mysql_connect(localhost,$g_dbuid,$g_dbpwd);
if ($con2==0)
{
echo("303 Problem connecting to MySQL\n");
exit(0);
}
$db2 = mysql_select_db($g_databasename,$con2);
$sql2=sprintf("select userid from sessions where ipaddress=\"%s\"",$REMOTE_ADDR);
$res2=mysql_query($sql2,$con2);
$nr=mysql_num_rows($res2);
mysql_free_result($res2);
if ($nr==0)
{
echo("<font face=arial><h1>Access Denied!</h1>\n");
echo("If you have reached this page in error, <a href=\"javascript:history.go(-1);\">click here to try again.</a><br> If you do not have a username and password, <a href=\"newcustomer.html\">click here to fill out an application.</a>\n");
exit();
}
?>
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More User Management Code Articles
More By Codewalkers
developerWorks - FREE Tools! |
Hold your calendar on January 30, 2008 for this free webcast on the new i5/OS. Rational's Enterprise Modernization products will be discussed at this webcast as they help to drive the application development environment for this new System i OS. <br />And learn how i5/OS will take you to the next step of efficient, resilient business processing. You will hear about the new i5/OS capabilities as it will be the most significant i5/OS release in years. If you cannot join the webcast on 1/30/08 you can still use this link to listen to the replay.<br /> FREE! Go There Now!
|
|
|
|
Join this webcast, to learn how the Rational Process Library can help with compliance issues, drive process improvement, and assist in service-oriented architecture (SOA) or Agile development. We will take a peek into the Rational Process Library with content around software and systems engineering (including RUP), operations and systems management, program and portfolio management, and asset and SOA governance. FREE! Go There Now!
|
|
|
|
Learn field-tested SOA principles, methodology, technology and implementation from the global SOA market leader - in a new e-book by an IBM SOA expert. Written by IBM Certified SOA Solution Designer Bobby Woolf, "Exploring IBM SOA Technology & Practice" is the ultimate insider's guide to SOA - a PDF e-book packed cover to cover with IBM's specific advice on how to make your SOA implementation a success. FREE! Go There Now!
|
|
|
|
Join us for this on demand webcast to learn about developing complex systems more quickly and efficiently. We'll cover market drivers for developing, governing and reusing systems software assets and how you can develop system software assets with Rational Asset Manager. FREE! Go There Now!
|
|
|
|
Visit IBM developerWorks to download a free trial version of Lotus Quickr 8.0, which enables collaboration by transforming the way everyday business content such as documents, rich media, photos, and video can be shared. Lotus Quickr makes it faster and easier to share content of all types (not just documents) within virtual teams. It is designed to make it easier to collaborate across organizational boundaries, while continuing to work within the context of familiar desktop applications. FREE! Go There Now!
|
|
|
|
Visit IBM developerWorks to download a free trial of the latest release of IBM Lotus Sametime Standard V8.0. Lotus Sametime Standard V8.0 is a platform for unified communications and collaboration that combines security features with an extensible, open solution including integrated Voice over IP, geographic location awareness, mobile clients, and a robust Business Partner community offering telephony and video integration. FREE! Go There Now!
|
|
|
|
Visit IBM developerWorks to download a free trial version of IBM Rational Business Developer V7.1. Rational Business Developer offers rapid and simplified development of business applications and services through Enterprise Generation Language (EGL) tools, generating Java or mainframe solutions while shielding developers from technical complexities. FREE! Go There Now!
|
|
|
|
In this tutorial, you can learn how to install and configure the IBM Rational Asset Manager Eclipse client, explore the different views in the Asset Management perspective, learn various search techniques, work with existing assets, and submit a new asset. FREE! Go There Now!
|
|
|
|
In this webcast, IBM Rational will discuss the importance of Web application security and will share techniques and best practices to introduce application security testing into current QA processes including: understanding common security vulnerabilities and techniques to integrate security testing with defect tracking and remediation systems in an effort to safeguard sensitive online information. FREE! Go There Now!
|
|
|
|
Viper 2 brings a great value to developer communities including SQL, XML, PHP, Ruby, .NET and Java. You probably already know that DB2 Express-C is free for developers to develop, deploy and distribute. Viper 2 provides a variety of means that help move your application from the development stage to deployment more rapidly. This webcast shows how to best utilize the latest tools available for developing DB2 applications. FREE! Go There Now!
|
|
|
|
All FREE IBM® developerWorks Tools! |