Question

Submit PHP scripts and associated web pages developed to accept username and passwords/ Verify user information...

Submit PHP scripts and associated web pages developed to accept username and passwords/

  • Verify user information against the database?
  • Either give users access to the staff site or allow them to try again?

User session begins on their first attempt to log in and continues if their credentials are accepted. After five failed passwords the user session is terminated and access to their username is permanently blocked. Make sure to provide a username/password combination in a submission comment or attach a dumped file of your database regarding the login credentials.

Homework Answers

Answer #1

we are going to build a registration system that keeps track of which users are normal user.

let's start with creating the files, shall we? Navigate to the folder on your machine that is accessible to the server and create the following files folders:

Now open up register.php in your favorite text editor and let's start writing some code. In our blank register.php file, let's add this code:

<html>
<head>
   <title>Registration system PHP and MySQL</title>
</head>
<body>
<div class="header">
   <h2>Register</h2>
</div>
<form method="post" action="register.php">
   <div class="input-group">
       <label>Username</label>
       <input type="text" name="username" value="">
   </div>
   <div class="input-group">
       <label>Email</label>
       <input type="email" name="email" value="">
   </div>
   <div class="input-group">
       <label>Password</label>
       <input type="password" name="password_1">
   </div>
   <div class="input-group">
       <label>Confirm password</label>
       <input type="password" name="password_2">
   </div>
   <div class="input-group">
       <button type="submit" class="btn" name="register_btn">Register</button>
   </div>
   <p>
       Already a member? <a href="login.php">Sign in</a>
   </p>
</form>
</body>
</html>

--->> The output of the code is :

What we want now is for the user to fill the form and press the register button so that the info can be saved in the database. So we move on to the next step.

Let's create a database called multi_login. In multi_login database, create a table called users with the following fields:

  • id - int (10)
  • username - varchar (100)
  • email - varchar (100)
  • user_type - varchar (100)
  • password - varchar (100)

That's all we need for our database.

First we should make sure the form's method attribute is set to post and that the action attribute is set to register.php meaning that when the register button is clicked, the form values are submitted to the same page.

Let's now write the code to receive these values and stores them in the database. But it is my custom to avoid, as much as possible, mixing up php code in html so I'll go ahead and create a functions.php file to put this code inside and then make this code available in the register.php file.

At the very top (first line) of register.php file, add this line of code:

<?php include('functions.php') ?>
//...

Also, we want that when the user doesn't enter the form values correctly, error messages should be displayed guiding them to do it correctly. In the same register.php file, right after the opening <form> tag, add this code

<form method="post" action="register.php">
        <?php echo display_error(); ?>
//...
</form>

The display_error() is a simple function we are going to define shortly.

One last thing in the register.php file: Modify the username and email input fields by setting their value attributes to corresponding variables. Like so:

<input type="text" name="username" value="<?php echo $username; ?>">
<input type="email" name="email" value="<?php echo $email; ?>">

Now open up the empty functions.php file and add this code in it:

<?php
session_start();

// connect to database
$db = mysqli_connect('localhost', 'root', '', 'multi_login');

// variable declaration
$username = "";
$email = "";
$errors = array();

// call the register() function if register_btn is clicked
if (isset($_POST['register_btn'])) {
   register();
}

// REGISTER USER
function register(){
   // call these variables with the global keyword to make them available in function
   global $db, $errors, $username, $email;

   // receive all input values from the form. Call the e() function
// defined below to escape form values
   $username = e($_POST['username']);
   $email = e($_POST['email']);
   $password_1 = e($_POST['password_1']);
   $password_2 = e($_POST['password_2']);

   // form validation: ensure that the form is correctly filled
   if (empty($username)) {
       array_push($errors, "Username is required");
   }
   if (empty($email)) {
       array_push($errors, "Email is required");
   }
   if (empty($password_1)) {
       array_push($errors, "Password is required");
   }
   if ($password_1 != $password_2) {
       array_push($errors, "The two passwords do not match");
   }

   // register user if there are no errors in the form
   if (count($errors) == 0) {
       $password = md5($password_1);//encrypt the password before saving in the database

       if (isset($_POST['user_type'])) {
           $user_type = e($_POST['user_type']);
           $query = "INSERT INTO users (username, email, user_type, password)
                   VALUES('$username', '$email', '$user_type', '$password')";
           mysqli_query($db, $query);
           $_SESSION['success'] = "New user successfully created!!";
           header('location: home.php');
       }else{
           $query = "INSERT INTO users (username, email, user_type, password)
                   VALUES('$username', '$email', 'user', '$password')";
           mysqli_query($db, $query);

           // get id of the created user
           $logged_in_user_id = mysqli_insert_id($db);

           $_SESSION['user'] = getUserById($logged_in_user_id); // put logged in user in session
           $_SESSION['success'] = "You are now logged in";
           header('location: index.php');              
       }
   }
}

// return user array from their id
function getUserById($id){
   global $db;
   $query = "SELECT * FROM users WHERE id=" . $id;
   $result = mysqli_query($db, $query);

   $user = mysqli_fetch_assoc($result);
   return $user;
}

// escape string
function e($val){
   global $db;
   return mysqli_real_escape_string($db, trim($val));
}

function display_error() {
   global $errors;

   if (count($errors) > 0){
       echo '<div class="error">';
           foreach ($errors as $error){
               echo $error .'<br>';
           }
       echo '</div>';
   }
}  

Storing the user in a session variable means that the user is available even if you refresh and navigate to other pages (where session has been started). The user variable in the session doesn't get lost; it can only be lost by unsetting it (this is how we log the user out. Coming soon...).

Now back to our registration form, you notice that when you input values and click the register button, you are redirected to the index.php page. But it's blank. So let's make it look like an index page.

Open up index.php file in your text editor and put the following code in it.

   include('functions.php');
?>
<!DOCTYPE html>
<html>
<head>
   <title>Home</title>
   <link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
   <div class="header">
       <h2>Home Page</h2>
   </div>
   <div class="content">
       <!-- notification message -->
       <?php if (isset($_SESSION['success'])) : ?>
           <div class="error success" >
               <h3>
                   <?php
                       echo $_SESSION['success'];
                       unset($_SESSION['success']);
                   ?>
               </h3>
           </div>
       <?php endif ?>
       <!-- logged in user information -->
       <div class="profile_info">
           <img src="images/user_profile.png" >

           <div>
               <?php if (isset($_SESSION['user'])) : ?>
                   <strong><?php echo $_SESSION['user']['username']; ?></strong>

                   <small>
                       <i style="color: #888;">(<?php echo ucfirst($_SESSION['user']['user_type']); ?>)</i>
                       <br>
                       <a href="index.php?logout='1'" style="color: red;">logout</a>
                   </small>

               <?php endif ?>
           </div>
       </div>
   </div>
</body>
</html>

Just one tiny problem. If a person types the right url to this index.php page in the browser, they will be able to access this page without even logging in. We don't want that right? Let's fix it.

Let's visit our functions.php file once again and add this function at the bottom of the file:

function isLoggedIn()
{
        if (isset($_SESSION['user'])) {
                return true;
        }else{
                return false;
        }
}
Know the answer?
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for?
Ask your own homework help question
Similar Questions
ADVERTISEMENT
Need Online Homework Help?

Get Answers For Free
Most questions answered within 1 hours.

Ask a Question
ADVERTISEMENT
Active Questions
  • Consider insertsort. Suppose that the input array A has 1% probability to be monotonically decreasing. Show...
    asked 9 minutes ago
  • Your company is thinking of introducing a Bring Your Own Device (BYOD) policy. You have been...
    asked 15 minutes ago
  • Attached is the file GeometricObject.java. Include this in your project, but do not change. Create a...
    asked 17 minutes ago
  • Suppose the number of cars in a household has a binomial distribution with parameters n =...
    asked 20 minutes ago
  • HR needs some information on the new interns put into a database. Given an id, email,...
    asked 41 minutes ago
  • Problem solving strategies Questions years = input("Enter a number of years and I'll tell you how...
    asked 46 minutes ago
  • Calculate ?Hrxn for the following reaction: CH4(g)+4Cl2(g)?CCl4(g)+4HCl(g) Use the following reactions and given ?H?s. C(s)+2H2(g)?CH4(g)?H=?74.6kJC(s)+2Cl2(g)?CCl4(g)?H=?95.7kJH2(g)+Cl2(g)?2HCl(g)?H=?184.6kJ Express...
    asked 52 minutes ago
  • ASCII (American Standard Code for Information Interchange) has an encoding for every character of the alphabet,...
    asked 1 hour ago
  • Is home confinement with electronic monitoring a deterrent? Are there negatives to being confined to one’s...
    asked 1 hour ago
  • Social hostility can have severe lasting effects of interperpersonal relationship during our adolescence years, which if...
    asked 1 hour ago
  • - A series RLC circuit has R=15 ?, L=1.5 H, and C=15 ?F. (a) For what...
    asked 1 hour ago
  • TV Circuit has 30 large-screen televisions in a warehouse in Erie and 60 large-screen televisions in...
    asked 1 hour ago