Jump to content

Welcome to NulledBlog
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!
Photo

PHP Login System with Admin Features


  • Please log in to reply
44 replies to this topic

#1
VictoriaSecret

  • Offline
  • Victoria's Secret

  • Posts:
    43
    Reputation:
    275
    Joined:
    11 Dec, 2015

PHP Login System with Admin Features
Introduction:
I wrote the popular evolt.org tutorial PHP Login Script with Remember Me Feature mainly as an introduction to user sessions and cookies in PHP. Since it was created as a learning tool, many advanced features were left out of the script. By popular demand, I have written and am presenting here a complete Login System, with all the features that were left out of the first script, that can be easily integrated into any website.
Notes:
This article is intended primarily for intermediate to advanced users of PHP, as it is not exactly a tutorial, but a description of the implementation of an advanced Login System. Beginners who are looking to learn about user session and cookies in PHP are advised to read the above mentioned tutorial before reading this article
Features:
Here are some of the features in this Login System that weren't included in the initial tutorial:

==>Better Security - Passwords are not stored in cookies, randomly generated ids take their place.
==>Member Levels - Now users can be differentiated by what level they are (user, admin, etc.)
==>Admin Center - As an admin, you have full control over registered users. You can view user info, upgrade/demote user levels, delete users, delete inactive users, and ban users.
==>Visitor Tracking - You can now tell how many guests and users are actively viewing your site, and who those users are. You also know how many total members your site has.
==>Account Info - Users can now view their own information, and edit it as well. They can also see the information of other users.
==>Form Helper - No more ugly error pages! Now users are redirected to the form they filled out and the errors that have occurred are displayed.
==>Forgot Password - Users who forget their password can have a new one generated for them and sent to their email address.
==>Email - Now emails can be sent to newly registered users.
==>Miscellaneous - Much better code design, smooth page transitions, and MORE!

 

Database:
dbtables.sql

Code:

Spoiler

 

Code Design==>

I will be presenting the Login System by showing only the important files, describing what they do and how they interact with each other. By reading this you should get a good idea of how the Login System works and understand how to integrate it into your website. It is important to note before you start that the code relies on classes and the key variables of this Login System are class objects.

constants.php==>

This file will contain all the constants and important information used by the login system. Here you specify stuff like your database username and password, the admin account name (which will be able to create other admins), visitor timeouts, email options, etc.[/size][/font]

 

Spoiler

 

database.php==>

This file contains all the functions that perform database operations, like adding new users to the database table, verifying username and password, retrieving user info, deleting users, etc. It also makes the initial connection to the MySQL database. The functions are members of the Database class, which means they can only be called through a variable of that class. At the end of the file, the $database variable is defined, which is the class object that gets used throughout the Login System.
Code:

Spoiler

 

session.php==>

This file is the heart and soul of the Login System. It contains the code to login, logout and register users. It also holds all the information about the user that is viewing the site. All the variables and functions are part of the Session class, and the $session class object variable is created so you can access those variables and functions. You will be using this class object whenever you want to get information about the visitor of your site, like whether or not they are logged in. How to use this object, and others as well, is apparent when looking through the example pages which are given (main.php, userinfo.php, etc.).
Code:

Spoiler

 

Read through the code and get a feel for how the script knows when the users are logged in or not (checks cookies and $_SESSION variables). Everything is commented so you won't have trouble. Note that the Session functions make good use of the $database object because the database needs to be queried for a lot of functions. Visitor tracking is also being done here. Whenever this page loads, the visitor is added as an active guest or active user, depending on if they are logged in or not, and it also performs the operation to remove any inactive users/guests (people who haven't loaded any pages within the timeout specified in constants.php).

Forms==>

The creation of a Form class was meant to facilitate the handling of errors with user-submitted forms. It keeps track of what the user entered into the form fields (the values) and what errors have occurred with the form.

form.php
Code:

Spoiler

 

The $form class object is actually defined at the bottom of session.php, for reasons explained there. Basically how it works is there is a value array and an error array. They can be indexed with the names of the fields in the HTML form. So if you had a field whose name was "email", once the user submits the form and an error occurred, you can display what the user already typed in by calling $form->value("email"). If there was an error with what the user typed into the "email" field, you can display the error with $form->error("email").

Look at session.php, login and register functions, they use the form object well and show how to appropriately specify the form errors. Also look later on at main.php and you'll see how to appropriately use the form object when displaying any HTML form on your website.

process.php==>

All forms submitted by the user have to be processed in some way, and this file takes care of that. Every form the user fills out is directed to this page, and this page figures out which form needs to be processed (whether it be login, register, forgot pass, etc.) and calls the appropriate functions to handle the request.

This page is also in charge of re-directing the user to the correct page after the form has been processed, whether it be to the page referrer (default), or some other specified page. When errors have been found with the submitted form, the default action is to re-direct to the page where the user filled out the form in order to let them know about the error and fix it. If you want your users when just logging-in to be re-directed to their own specific home page, instead of the website main page, this is the file you want to edit to do that.
Code:

Spoiler

 

Active Visitors==>

Tracking active visitors is accomplished in the following way: There are two database tables, one to hold the active users and one to hold the active guests. The users are distinguished by their username and the guests by their IP address. This is so we won't add any given user or guest to the tables more than once, because if we did, our information would be incorrect.

Associated with the user or guest is a timestamp, this is updated every time he/she loads a page. The timestamp tells us when the user/guest was last active. When a visitor loads a page, not only are they added/updated in the active table, but a clean-up operation is performed, one that removes any IP addresses or usernames in the database tables that haven't recently been active, the ones who have a timestamp older than the current time minus the timeout specified in constants.php. The tracking of visitors is accomplished in session.php.

Admin Center==>

The admin center is the page where admins go to do what they do best, administer the Login System. There they can view the table of users and all the user information, except for user passwords because they are encrypted. But how does someone become an admin, how does the system even recognize admins? Well, I'll tell you. If you look in constants.php you'll see that the admin level and admin name are specified. When a user logs in to the website, their user level is retrieved from the database, if their user level equals the admin level, then they are an admin, and they have all admin priviledges.

Admin Name==>
Well, who gets the admin name as a username? You do, but you have to register it, just like any other name. You should do this once you get the script up and running. Once you register the admin name, the Login System gives that username an admin user level. Let's assume someone were to steal it from you. You have access to constants.php, which means you can edit it, so you could create a new admin name, then register that name, go to the admin center and delete the guy from the system.

Adding Admins==>
Let's say you need help with your website, and you want your buddy to help out and be an admin. You can have him register under some username of his choice, then you can go to the admin center and give his username the admin user level. Done. That would put him at your level, ...maybe you don't want to give him that much power. Well, the user level is a number from 0-9. By default, guests are 0, users are 1, and admins are 9. You can just give him a user level of 8, and let your website define what that means as far as privileges.

Main Page==>
The following is an example for your website's main page. It shows a little bit how to use the $session, $form, and $database variables. It contains the login form of the Login System. Note when looking at the HTML form, there's a hidden field called "sublogin", that's the name of the form. That's important because when process.php is loaded it needs to know what form is being processed. So if you want to create different forms later on, make sure you give it a unique name.
main.php==>
Code:

<?
/**
* Main.php
*
* This is an example of the main page of a website. Here
* users will be able to login. However, like on most sites
* the login form doesn't just have to be on the main page,
* but re-appear on subsequent pages, depending on whether
* the user has logged in or not.
*
* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
* Last Updated: August 26, 2004
*/
include("include/session.php");
?>

<html>
<title>Jpmaster77's Login Script</title>
<body>

<table>
<tr><td>


<?
/**
* User has already logged in, so display relevant links, including
* a link to the admin center if the user is an administrator.
*/
if($session->logged_in){
echo "<h1>Logged In</h1>";
echo "Welcome <b>$session->username</b>, you are logged in. <br><br>"
."[<a href=\"userinfo.php?user=$session->username\">My Account</a>] "
."[<a href=\"useredit.php\">Edit Account</a>] ";
if($session->isAdmin()){
echo "[<a href=\"admin/admin.php\">Admin Center</a>] ";
}
echo "[<a href=\"process.php\">Logout</a>]";
}
else{
?>

<h1>Login</h1>
<?
/**
* User not logged in, display the login form.
* If user has already tried to login, but errors were
* found, display the total number of errors.
* If errors occurred, they will be displayed.
*/
if($form->num_errors > 0){
echo "<font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font>";
}
?>
<form action="process.php" method="POST">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>"></td><td><? echo $form->error("user"); ?></td></tr>
<tr><td>Password:</td><td><input type="password" name="pass" maxlength="30" value="<? echo $form->value("pass"); ?>"></td><td><? echo $form->error("pass"); ?></td></tr>
<tr><td colspan="2" align="left"><input type="checkbox" name="remember" <? if($form->value("remember") != ""){ echo "checked"; } ?>>
<font size="2">Remember me next time
<input type="hidden" name="sublogin" value="1">
<input type="submit" value="Login"></td></tr>
<tr><td colspan="2" align="left"><br><font size="2">[<a href="forgotpass.php">Forgot Password?</a>]</font></td><td align="right"></td></tr>
<tr><td colspan="2" align="left"><br>Not registered? <a href="register.php">Sign-Up!</a></td></tr>
</table>
</form>

<?
}

/**
* Just a little page footer, tells how many registered members
* there are, how many users currently logged in and viewing site,
* and how many guests viewing site. Active users are displayed,
* with link to their user information.
*/
echo "</td></tr><tr><td align=\"center\"><br><br>";
echo "<b>Member Total:</b> ".$database->getNumMembers()."<br>";
echo "There are $database->num_active_users registered members and ";
echo "$database->num_active_guests guests viewing the site.<br><br>";

include("include/view_active.php");

?>


</td></tr>
</table>


</body>
</html>
 

 

Download==>

As you've probably noticed, pages have been left out of the article. Where's the Admin Center? User Account Page? Forgot Password Form? ... Well, there's too much code to show it all here, plus most of it is self-explanatory. So if you want to see that stuff, and use what I've shown you, download it!

 

Hidden Content
You'll be able to see the hidden content once you reply to this topic.


  • 40

#2
kiuctrovels

  • Offline
  • Member

  • Posts:
    43
    Reputation:
    9
    Joined:
    14 Jul, 2015

Thanks bro


  • 1

#3
VictoriaSecret

  • Offline
  • Victoria's Secret

  • Posts:
    43
    Reputation:
    275
    Joined:
    11 Dec, 2015

Thanks bro

thank you for the reviews, glad to serve you


  • 1

#4
kiuctrovels

  • Offline
  • Member

  • Posts:
    43
    Reputation:
    9
    Joined:
    14 Jul, 2015

no problem


  • 0

#5
VictoriaSecret

  • Offline
  • Victoria's Secret

  • Posts:
    43
    Reputation:
    275
    Joined:
    11 Dec, 2015

no problem

I will try harder.


  • 0

#6
kiuctrovels

  • Offline
  • Member

  • Posts:
    43
    Reputation:
    9
    Joined:
    14 Jul, 2015

I will wait you ;)


  • 0

#7
remyg0d

  • Offline
  • <heart3

  • Posts:
    6
    Reputation:
    0
    Joined:
    11 Dec, 2015

Will check out this, thanks so much for the share :o)


  • 0

#8
VictoriaSecret

  • Offline
  • Victoria's Secret

  • Posts:
    43
    Reputation:
    275
    Joined:
    11 Dec, 2015

Will check out this, thanks so much for the share :o)

no matter what, I hope that you will like it ^_^


  • 0

#9
Thelaluda

  • Offline
  • Underwater Squad

  • PipPipPipPip
  • Posts:
    142
    Reputation:
    7
    Joined:
    04 Jun, 2015

Thx


  • 0

s067MLf.png


#10
OneFree

  • Offline
  • Lurker

  • Posts:
    4
    Reputation:
    0
    Joined:
    09 Dec, 2015

Thanks.


  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users