ben aktivasyonlu üyelik sistemini komple buraya ekliyorum...bilgisi olan arkadaşlar gerekli düzenlemeleri yapıp tekrar eklerse sevinirim.....
İhtiyacı olan başka arkadaşlarda kullanmış olur.Hello, ladies and gentleman, to one of my biggest tutorials yet! In this multi-page article I’m going to show you how to set up the server side scripting for a complete membership system, including everything from registration, to changing your password, validation emails, etc.
First of all I'll outline what I’m going to cover in this tutorial:
MySQL Table Configuration
Registration script
Login script
Activation script
Members page
Resending validation emails
Logout script
Processing member commands
This set of scripts includes 32bit md5() password encryption and the use of sha1() 40bit encryption to generate a 40 digit hash that we can use for the activation code. You can download all scripts used in this tutorial here, although you should be aware that I've added a nice CSS layout and collapsing menus into the final scripts to make things look a bit more spanky.
MySQL Table Configuration
The first step is to set up your MySQL database. If you have access via control panel software (i.e. cPanel), you should set everything up through there, and add your user as usual. Otherwise, use phpMyAdmin, or write some SQL syntax to do it, as I will only be providing you with SQL to set up the table.
Our database setup consists of a single table with 9 fields: User ID, Username, Password, Full name, Email, Date, IP when registering, Whether activated and the Activation key.
In the same order, we will be using these data types: int(11) PRIMARY auto_increment, Text, VARCHAR(32), Text, Text, Text, Text, int(1) DEFAULT 0, VARCHAR(40). Bamboozled? Not to worry, here’s the SQL syntax you can use to do it automatically for you:
CREATE TABLE `Users` (
`id` int(11) NOT NULL auto_increment,
`Username` text NOT NULL,
`Password` varchar(32) NOT NULL default '',
`Name` text NOT NULL,
`Email` text NOT NULL,
`Date` text NOT NULL,
`IP` text NOT NULL,
`Actkey` varchar(40) NOT NULL default '',
`Activated` int(1) NOT NULL default '0',
PRIMARY KEY (`id`)
)
With the database now set up, all we have to do is connect to it! In our scripts this is controlled by a single file, config.php, which connects to the server and opens the correct database.
Configuration Script (config.php)<?php
$l = mysql_connect ( "localhost" , "yourmysqlUser" , "password" ) or die("Error connecting:
".mysql_error());
mysql_select_db( "yourdatabase" ) or die("Error getting db:
".mysql_error());
?>
The connection is defined in a variable because we want to close it later, and we need a link identifier to use in mysql_close(). So, with the basics covered, its on to the coding of the individual scripts...
Registration Script (register.php)I think the best way for me to do this is to give you a big lump of code, then tell you what each part does. So, let’s do that:
<?php
include 'config.php';
if(isset($_POST['submit']))
{
$first = addslashes(trim($_POST['firstname']));
$surname = addslashes(trim($_POST['surname']));
$username = addslashes(trim($_POST['username']));
$email = addslashes(trim($_POST['email']));
$pass = addslashes(trim($_POST['password']));
$conf = addslashes(trim($_POST['confirm']));
$ip = $_SERVER['REMOTE_ADDR'];
$date = date("d, m y");
if ( $_POST['password'] == $_POST['confirm'] )
{}else{
echo '<script>alert("Your passwords were not the same, please enter the same password in each field.");</script>';
echo '<script>history.back(1);</script>';
exit;
}
$password = md5($pass);
if ((((( empty($first) ) || ( empty($surname) ) || ( empty($username) ) || ( empty($email) ) || ( empty($password) )))))
{
echo '<script>alert("One or more fields was left empty, please try again.");</script>';
echo '<script>history.back(1);</script>';
exit;
}
if((!strstr($email , "@")) || (!strstr($email , ".")))
{
echo '<script>alert("You entered an invalid email address. Please try again.");</script>';
echo '<script>history.back(1);</script>';
exit;
}
$q = mysql_query("SELECT * FROM Users WHERE Username = '$username'") or die(mysql_error());
if(mysql_num_rows($q) > 0)
{
echo '<script>alert("The username you entered is already in use, please try again.");</script>';
echo '<script>history.back(1);</script>';
exit;
}
$name = $first . ' ' . $surname;
$actkey = mt_rand(1, 500).'f78dj899dd';
$act = sha1($actkey);
$query = mysql_query("INSERT INTO Users (Username, Password, Name, Email, Date, IP, Actkey) VALUES ('$username','$password','$name','$email','$date','$ip','$act')") or die(mysql_error());
$send = mail($email , "Registration Confirmation" , "Thank you for registering with YourWebsite.\n\nYour username and password is below, along with details on how to activate your account.\n\nUser: ".$username."\nPass: ".$pass."\n\nClick the link below to activate your account:\nhttp://EDITTHISURL.COM/activate.php?id=".$act."\n\nPlease do not reply, this is an automated mailer.\n\nThanks", "FROM:
auto@mailer.com");
if(($query)&&($send))
{
echo ' <html>
<head>
<title>Success</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="success">
<p>Thank you for registering, you will recieve an email soon with your login details and your activation link so that you can activate your account.</p>
<p><a href="login.php">Click here[/url] to login once you have activated.</p>
</div>
</body>
</html>
';
} else {
echo '
<html>
<head>
<title>Error</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="error">
<p>We are sorry, there appears to be a problem with our script at the moment.</p>
<p>Your data was not lost. Username: '.$username.' | Password: '.$pass.' | Email: '.$email.' | Full name: '.$name.'</p>
<p>Please try again later.</p>
</div>
</body>
</html>
';
}
} else {
?>
<html>
<head>
<title>Register</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="wrapper">
<div id="head">the registration page</div>
<div id="main">
<p>Welcome to the registration, fill out the form below and hit Submit. All fields are required,so fill them all out! </p>
<form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="50%">First name </td>
<td width="50%"><input name="firstname" type="text" id="firstname"></td>
</tr>
<tr>
<td>Surname</td>
<td><input name="surname" type="text" id="surname"></td>
</tr>
<tr>
<td>Email Address </td>
<td><input name="email" type="text" id="email"></td>
</tr>
<tr>
<td>Username</td>
<td><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>Password</td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td>Confirm Password </td>
<td><input name="confirm" type="password" id="confirm"></td>
</tr>
<tr>
<td>Register</td>
<td><input name="submit" type="submit" class="textBox" value="Submit"></td>
</tr>
</table>
</form>
Upon confirmation of your details, you will be sent an email containing your username, password and details on how to activate your account so as to be able to use this website. </div>
</div>
</body>
</html>
<? } mysql_close($l); ?>
Our script starts with the essential first step - i.e. including the connection file config.php. The rest of the script is then fairly simple, and takes user submitted data, inserts it into pre-defined variables, and then TRIMs off each variable to remove any characterless space at either end of the values. Once these simple variable-handling steps have been performed, the script then runs through a few basic IF statements to protect the integrity of our data. In our case, these statements ensure that the email address has an @ and a . in it, the passwords are the same, the username is not already taken, and no fields are empty. Then it processes the registration and inserts all the data, including our newly generated activation key, which is a sha1() hash of a randomly generated number between 1 and 500 with some random letters added onto the end of it. Since the table’s column “Activated” has a default value of 0, the user is not activated until he/she clicks his link with this value in it.
With all these steps complete, the script then sends out the confirmation e-mail. You must make sure you change some of the details if you directly use our scripts though - just look for YourWebsite and CHANGETHISURL.COM, and change them accordingly.
Depending on the data entered, the script will finally display a message from a variety of errors or confirmation messages reporting any pertinent information (or just a nice big 'thank you' message).
Login Script (login.php)<?php
session_start();
include 'config.php';
if(isset($_POST['login']))
{
$username = trim(addslashes($_POST['username']));
$password = md5(trim($_POST['password']));
$query = mysql_query("SELECT * FROM Users WHERE Username = '$username' AND Password = '$password' LIMIT 1") or die(mysql_error());
$row = mysql_fetch_array($query);
// now we check if they are activated
if(mysql_num_rows($query) > 0)
{
if($row['Activated'] > 0)
{
$_SESSION['s_logged_n'] = 'true';
$_SESSION['s_username'] = $username;
$_SESSION['s_name'] = $row['Name'];
header("Location: member.php");
} else {
echo '
<html>
<head>
<title>Login</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="error"><p>Sorry, you must activate your account first. Please check your email for the email.</p>
<p>Didn'."'".'t get your validation email? <a href="resend.php">Click here[/url] to resend the validation email.</p></div>
</body>
</html>
';
}
} else {
echo '
<html>
<head>
<title>Login</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="error"><p>There was an error processing your login, it appears that your username and/or password was incorrect. Please try again.</p>
<p>Didn'."'".'t get your validation email? <a href="resend.php">Click here[/url] to resend the validation email.</p>
</div>
</body>
</html>
';
}
} else {
?>
<html>
<head>
<title>Login</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="wrapper">
<div id="head">the login page</div>
<div id="main">
<p>You must login to view this page. Enter your username and password below and hit submit:</p>
<form method="post" action="<?= $_SERVER['PHP_SELF'] ?>">
<p>Username:
<input name="username" type="text" Cid="username">
<p>Password:
<input name="password" type="password" id="password">
</p>
<p>
<input name="login" type="submit" id="login" value="Submit">
</p>
</form>
<p>Didn't get your validation email? <a href="resend.php">Click here[/url] to resend the validation email.</p>
<p>Need an account? <a href="register.php">Click here[/url] to register, it's completely free! </p>
</div>
</div>
</body>
</html>
<? } mysql_close($l); ?>
As you can probably guess, this script utilizes PHP SESSIONS, so a session is started with the session_start() command, and then config.php is included as before. We then check whether the user has submitted the form or not. If they have, it is processed, login details are checked, and the session variables are set to confirm that he/she is logged in. If this is not the case, the user is presented with a nice form instead. Nice and simple!
Activation Script (activate.php)Not many membership systems include activation scripts, but I wanted to show you how to make yours “unspammable” and this is the easiest way. To put it simply, the user must enter a valid e-mail address otherwise he/she will not be able to validate their account and will not be able to login! Its a nice way to ensure that all your e-mail addresses are valid. Here’s the code you need:
<?php
include 'config.php';
$id = $_GET['id'];
$query = mysql_query("SELECT * FROM Users WHERE Actkey = '$id' LIMIT 1") or die(mysql_error());
$row = mysql_fetch_array($query);
if(mysql_num_rows($query) > 0){
$user = $row['id'];
$do = mysql_query("UPDATE Users SET Activated = 1 WHERE id = '$user' LIMIT 1") or die(mysql_error());
$send = mail($row['Email'] , "Activation Confirmation" , "Thank you for activating your account, you are now fully registered and able to use our services.\n\nTo login, click the link below:\nhttp://CHANGETHISURL.COM/login.php" , "FROM:
auto@mailer.com");
if(($do)&&($send))
{
echo '<link href="style.css" rel="stylesheet" type="text/css">
<div id="success">
<p>Activation successful! A confirmation email has been dispatched. You can now login!</p>
<p><a href="login.php">Click here[/url] to goto the login page.</p>
</div>';
} else {
echo '<link href="style.css" rel="stylesheet" type="text/css">
<div id="error">
<p>We are sorry, there appears to be an error processing your activation. Please try again later.</p>
</div>';
}
} else {
echo '<link href="style.css" rel="stylesheet" type="text/css">
<div id="error">
<p>Sorry, your activation code was incorrect. Please try again.</p>
</div>';
}
mysql_close($l);
?>
This script takes the header variable “id” which is (when the script is run properly) a 40 character sha1() hash of a randomly generated number and some random letters. There is no need to process individual ID numbers in this script as we can just search through the database to find a user with the exact same activation key - the chances of two users awaiting validation having the same hashed code is infinitesimally small. Of course, once the appropriate user has been found, his/her Activated value will be set to 1, thus activating/validating them. If not, the user gets an error message.
The most important thing to remember in this script is that you must edit the mail() function and change the URL to your URL instead of the text “CHANGETHISURL.COM” - otherwise the user will not know where or how to login!
That was simple wasn't it? Activation is just there so that the registration form can’t be spammed, and ensures an authentic registrant. If you want to be superior, you could write yourself an administration panel with a function to delete all unactivated accounts that have been sitting for X amount of time, because when you register, it logs the date! This opens up a world of possibility for future modifications!
Ana Sayfa
Yardım
Ara
Giriş Yap
Kayıt
Logged
