This selection of PHP files will allow you to implement a "member's only" area in your web site, complete with recognizing re-entering members and new member form. Uses MySQL back-end.
By : woodys
Instructions:
- copy the following source code into their respective files (i.e. File #1 into my_const.h, etc.)
- run the queries thru MySQL to create the back-end database structure
- Drop the correct values into my_const.h
- Make sure that you have the following files/pages in your site:
"header.txt" and "footer.txt" - take a customized HTML template and cut it in half with the top half in header.txt and the bottom half in footer.txt.
"visitorarea.html" - this is where non-members are vectored.
"memberarea.html" - this is where the authenticated members are vectored.
- offer the following links in your site:
<a href=authenticate.php3>Click here to enter the members only area</a>
<a href=newmember.php3>Click here to enter a membership application</a>
- drop the following line into any member-area page (near the top of the file) that you want fully secure:
<? include("auth.h"); ?>
- if you have any questions regarding implementation or bug reports, email me at woodystanford@yahoo.com
****** CREATION QUERIES:
create database databasename;
create table users (userid int auto_increment primary key, username char(25) not null, password char(255) not null, companyname char(255) not null, contactname char(255) not null, email char(255) not null, baddress1 char(255) not null, baddress2 char(255) not null, bcity char(255) not null, bstate char(50) not null, bzip char(50) not null, saddress1 char(255) not null, saddress2 char(255) not null, scity char(255) not null, sstate char(25) not null, szip char(50) not null, tel char(255) not null, fax char(255) not null, active tinyint, ccname char(255) not null, cctype tinyint not null, ccnum char(255) not null, expdate char(255) not null, scountry char(255) not null, bcountry char(255) not null, discount decimal(5,4), needsvalidation tinyint not null, taxexempt tinyint not null, terms int not null);
create table sessions (sessionid int auto_increment primary key, userid int, ipaddress char(255) not null, created timestamp, returnpage char(255) not null);
SOURCE CODE:
***** File #1: my_const.h
<?
if ($g_databasename=="")
{
// ********** ENTER CONSTANTS HERE! **************
$g_databasename="databasename";
$g_dbuid="mysqlusername";
$g_dbpwd="mysqlpassword";
$g_uservalidator_email="youremail@address.com";
// ************************************************
//Helper functions
function mysql_escape_string($s)
{
$sl=strlen($s);
for ($a=0;$a<$sl;$a++)
{
$c=substr($s,$a,1);
switch(ord($c))
{
case 0:
$c = "\\0";
break;
case 10:
$c = "\\n";
break;
case 9:
$c = "\\t";
break;
case 13:
$c = "\\r";
break;
case 8:
$c = "\\b";
break;
case 39:
$c = "\\'";
break;
case 34:
$c = "\\\"";
break;
case 92:
$c = "\\\\";
break;
case 37:
$c = "\\%";
break;
case 95:
$c = "\\_";
break;
}
$s2.=$c;
}
return $s2;
}
}
?>
**** File #2: "newmember.php3"
<? include("header.txt"); ?>
<font face=arial>
<font size=5><b>New Member Profile</font></b><br>
To use this site to the fullest, you must enter in some basic information to establish your identity when you visit. Required fields are indicated with a <font color=red>*</font>. A username and password will be issued to you via email.<p>
<small>(If you have already received a username and password, and have forgotten it, please do not re-submit your information, but rather contact us at via <a href="mailto:<? echo($g_uservalidator_email); ?>">email</a>.)</small><p>
<form action=submitmember.php3 method=post>
<font color=blue><b>Personal Information</b></font><br>
<hr>
<table>
<tr><td><b>Company Name</td><Td><input type=text name=companyname size=50></td></tr>
<tr><td><b>Your Name (first, last)<font color=red>*</font></td><Td><input type=text name=contactname size=50></td></tr>
<tr><td><b>Email Address<font color=red>*</font></td><Td><input type=text name=email size=50></td></tr>
<tr><td valign=top><b>Billing Address<font color=red>*</font></td><Td><input type=text name=baddress1 size=50><br><input type=text name=baddress2 size=50><br><input type=text name=bcity size=25>, <input type=text name=bstate size=2> <input type=text name=bzip size=10><br><input type=text name=bcountry size=10 value="USA"></td></tr>
<tr><td valign=top><b>Shipping Address<font color=red>*</font></td><Td><input type=text name=saddress1 size=50><br><input type=text name=saddress2 size=50><br><input type=text name=scity size=25>, <input type=text name=sstate size=2> <input type=text name=szip size=10><br><input type=text name=scountry size=10 value="USA"></td></tr>
<tr><td><b>Contact Telephone</font></td><Td><input type=text name=tel size=30></td></tr>
<tr><td><b>FAX Telephone</font></td><Td><input type=text name=fax size=30></td></tr>
</table><hr><p>
I certify that the above information is correct. Please process this information an email me my username and password as soon as possible.<p>
<input type=submit value="Process Request">
</form>
<? include("footer.txt"); ?>
**** File #3: "submitmember.php3"
<?
include("header.txt");
include("my_const.h");
//connect to database
$con = mysql_connect(localhost,$g_dbuid,$g_dbpwd);
if ($con==NULL)
{
echo("301 Couldn't connect to MySQL\n\n");
exit(-1);
}
$db = mysql_select_db($g_databasename,$con);
$t="insert into users (companyname, contactname, email, baddress1, baddress2, bcity, bstate, bzip, saddress1, saddress2, scity, sstate, szip, tel, fax, active, bcountry, scountry, needsvalidation) values (\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",0,\"%s\",\"%s\",1)";
$sql=sprintf($t, mysql_escape_string($companyname), mysql_escape_string($contactname), mysql_escape_string($email), mysql_escape_string($baddress1), mysql_escape_string($baddress2), mysql_escape_string($bcity), mysql_escape_string($bstate), mysql_escape_string($bzip), mysql_escape_string($saddress1), mysql_escape_string($saddress2), mysql_escape_string($scity), mysql_escape_string($sstate), mysql_escape_string($szip), mysql_escape_string($tel), mysql_escape_string($fax), mysql_escape_string($bcountry), mysql_escape_string($scountry));
//insert user record into database (active OFF)
//debug
//echo($sql);
mysql_query($sql,$con);
//send email to user_validator to get them to validate new user.
$msg = sprintf("A new customer has submitted their information. Log into back-end database and authorize userid ".strval(mysql_insert_id($con)).". \n\nThis can be accomplished by setting the \"active\" field (in the table \"users\") to 1. \n\n IMPORTANT: You must also set their username and password and send it to their email address. The username must be unique, and both the username and password should be less than 15 alphanumeric characters. Their entered email address is ".$email."\n");
mail($g_uservalidator_email,"New Customer Submission - Validate",$msg);
//autoresponder to visitor
//******PHP4 ERROR: mail will crash the process HARD if the email address is bogus. Filter it! ******
mail($email,"Welcome to our Member Area!","Thank You for submiting your information. We'll be emailing you your username and password to enter the customer area of our site by the next business day.");
?>
<font face=arial>
<font color=blue>
<h1>Request Entered!</h1>
</font>
A representative should contact you shortly via email to give you your username and password.<p>
Thank you for your interest!<p>
<a href=visitorarea.html>Click here to return to the visitor area.</a>
<?
include("footer.txt");
?>
***** File # 4: "authenticate.php3"
<?
include("my_const.h");
//allow reentry without re-authentication
$con = mysql_connect(localhost,$g_dbuid,$g_dbpwd);
if ($con==NULL)
{
echo("301 Couldn't connect to MySQL\n\n");
exit(-1);
}
$db = mysql_select_db($g_databasename,$con);
$sql=sprintf("select userid from sessions where ipaddress=\"$REMOTE_ADDR\"",$con);
$res=mysql_query($sql,$con);
if (mysql_num_rows($res)!=0)
{
echo("<html><head><META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=memberarea.php3\"></head></html>");
}
else
{
include("header.txt");
?>
<font face=arial>
<font size=5><b>Are you an Existing Member?</b></font><br>
If you already have an account, please enter your username and password:<p>
<center>
<form action=authenticate2.php3 method=post>
<table border=1 cellpadding=3>
<tr><Td><b>UserName</b><td><input type=text name=uid size=15></td></tr>
<tr><Td><b>Password</b><td><input type=password name=pwd size=15></td></tr>
</table>
<br>
<input type=submit value="Enter Customer Area">
</center><p>
If you are not already a member, please fill out our <a href=newmember.php3>account request form</a>
. Click here to link to our <a href="visitorarea.html"> Visitor's area</a>...<p>
<?
include("footer.txt");
}
?>
FILE #5: "authenticate2.php3"
<html>
<?
include("my_const.h");
//authenticate vistor
$con = mysql_connect(localhost,$g_dbuid,$g_dbpwd);
if ($con==NULL)
{
echo("301 Couldn't connect to MySQL\n\n");
exit(-1);
}
$db = mysql_select_db($g_databasename,$con);
$sql=sprintf("select userid from users where username=\"%s\" and password=\"%s\" and active=1",mysql_escape_string($uid),mysql_escape_string($pwd));
$res=mysql_query($sql,$con);
if ((mysql_num_rows($res)!=0)&&($uid!=""))
{
$row=mysql_fetch_row($res);
//cleanup
$sql=sprintf("delete from sessions where ipaddress=\"%s\"",$REMOTE_ADDR);
mysql_query($sql,$con);
//make a new session
$sql=sprintf("insert into sessions (userid, ipaddress) values (%s,\"%s\")",$row[0],$REMOTE_ADDR);
mysql_query($sql,$con);
?>
<head>
<META HTTP-EQUIV="refresh" CONTENT="2;url=memberarea.php3">
</head>
<?
}
else
{
?>
<font face=arial>
<h1>Access Denied!</h1>
If you have reached this page in error, <a href="javascript:history.go(-1)">click here to try again.</a><br> If you do not have a username and password, <a href="newmember.html">click here to fill out an application.</a>
<?
}
mysql_free_result($res);
?>
</html>
***** FILE #6 : "auth.h"
<?
//authenticate vistor
if ($g_databasename=="")
{
include("my_const.h");
}
$con2 = mysql_connect(localhost,$g_dbuid,$g_dbpwd);
if ($con2==0)
{
echo("303 Problem connecting to MySQL\n");
exit(0);
}
$db2 = mysql_select_db($g_databasename,$con2);
$sql2=sprintf("select userid from sessions where ipaddress=\"%s\"",$REMOTE_ADDR);
$res2=mysql_query($sql2,$con2);
$nr=mysql_num_rows($res2);
mysql_free_result($res2);
if ($nr==0)
{
echo("<font face=arial><h1>Access Denied!</h1>\n");
echo("If you have reached this page in error, <a href=\"javascript:history.go(-1);\">click here to try again.</a><br> If you do not have a username and password, <a href=\"newcustomer.html\">click here to fill out an application.</a>\n");
exit();
}
?>
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More User Management Code Articles
More By Codewalkers
 developerWorks - FREE Tools!
|
You'll get answers to many questions and more from David Barnes, Lead Evangelist for IBM Emerging Internet Technologies. David will discuss aspects of Web 2.0 that bring value to corporations, academia, and government. He'll also discuss IBM's vision around Web 2.0, including the importance of remixability and consumability. The discussion will culminate with examples of various IBM Software Group solutions you can use to get ahead of the Web 2.0 adoption curve.
FREE! Go There Now!
|
|
|
|
CakePHP is a stable production-ready, rapid-development aid for building Web sites in PHP. This "Cook up Web sites fast with CakePHP" series shows you how to build an online product catalog using CakePHP.
FREE! Go There Now!
|
|
|
|
Visit IBM developerWorks to download a free trial version of WebSphere Business Modeler Advanced V6.1.1, IBM’s premier business process modeling and analysis tool for business users that offers process modeling, simulation, and analysis capabilities. IBM WebSphere Business Modeler helps you visualize, understand, and document business processes for continuous improvement.
FREE! Go There Now!
|
|
|
|
Download the IBM WebSphere Portal V6.1 beta code and learn more about the rich features and enhancements in IBM WebSphere Portal V6.1. WebSphere Portal provides a composite application or business mashup framework and the advanced tooling needed to build flexible, SOA-based solutions, and scalability to meet the needs of any size organization.
FREE! Go There Now!
|
|
|
|
Join us for this web seminar to learn how you can defend your web applications from attack. Learn about the 3 most common web application attacks, including how they occur and what can be done to prevent them. We’ll also discuss manual versus automated approaches for scanning and identifying web application vulnerabilities and how IBM Rational AppScan, an automated vulnerability scanner, can help you automate more of what you are doing manually today.
FREE! Go There Now!
|
|
|
|
Asset Reuse is a key strategy for companies looking to create innovative solutions to solve complex software development problems. Searching for, identifying, updating, using and deploying software assets can be a difficult challenge. Listen to this webcast, to learn about strategies and tools that you can leverage for a successful project, including Rational Asset Manager, Rational Software Architect and WebSphere Service Registry and Repository.
FREE! Go There Now!
|
|
|
|
Informix Dynamic Server (IDS) Express Edition offers outstanding online transaction processing (OLTP) database performance, while helping to simplify and automate many of the tasks associated with deploying databases for small business applications. IDS 11 further extends the ease of management and applications integration with the Admin API and Scheduler, high availability with Continuous Log Restore for backup server recovery in case of a primary server failure, and column level encryption to protect personal and company private data.
FREE! Go There Now!
|
|
|
|
Visit IBM developerWorks to try the IBM SOA Sandbox for connectivity. The SOA Sandbox for connectivity provides a trial environment with the tooling and components to help you explore how to effectively connect your infrastructure and integrate all of the people, processes and information in your company. Use the hosted sandbox to explore SOA techniques that streamline connecting existing IT assets together, as well as learn how to connect them to new business logic.
FREE! Go There Now!
|
|
|
|
IBM Lotus Notes 8 provides a wide range of developers the ability to provide customized, integrated user interfaces via composite applications and via custom sidebar and toolbar plug-ins. This webcast provides you with tips and techniques to use with out-of-the-box capabilities of Lotus Notes 8, and survey how you can share useful components within your own company and within a larger community.
FREE! Go There Now!
|
|
|
|
The unprecedented scope of a service-oriented architecture (SOA) initiative brings to the forefront a number of management and governance issues that were sidestepped in the past. The key to a successful SOA implementation is managing and governing activities throughout the entire SOA delivery lifecycle by ensuring that services conform to the needs of all of the business’s stakeholders. Learn how service lifecycle management allows the business to ensure that the process by which services are defined, created, tested, deployed, optimized and retired is manageable, repeatable and auditable.
FREE! Go There Now!
|
|
|
|
All FREE IBM® developerWorks Tools!
|
