New York Design & Development Forums - View Single Post

johnboulder · 12-12-2006, 03:39 PM

Part 1

Welcome, all to the first of a series of articles to implementing your own custom user registration and authentication modules.

I strongly suggest you develop this part of your website as a module, otherwise you'll be tied to a particular implementation when you decide to make changes (and trust me - you'll make the changes!!

What you'll need

An idea of what you need
A site that would benefit from users
Some ** PHP knowledge

** I say some, as you;ll need to understand how the language works, and connect to a mysql database or other datasource.

Setting up the data

The first and (possibly) the most important step is to have a logical way to group user data - a lot of people will push different forms on to you, but, in the end - whatever works best for you is the way you should do things.

Code:

Table: users
Caption: User authentication Data

Fields:
user_id INT auto_increment
user_email VARCHAR(250) # it's always wise to use an email address as a user identifier, as this is almost guaranteed to be unique for your user. **
user_password VARCHAR(200) # I recommend you store this as an md5 hashed value - it's more secure
user_status # This is specific to the system - if users can only do so much, it's not important to limit them using a user_status - but for a multiple user hierarchy (similar to that used on forums) - a user_status is important - see one of the future tutorials for alternative ways to do this.
user_hash VARCHAR(200) # I use this to make sure users do not suplpy spoof email addresses.
user_active INT
user_full_name VARCHAR(250) # Up to you really

Once you have your table - your 'a' for away - you can now start creating your registration and login forms - the reason I do this first is so that I know exactly what format data is going to be passed to my processing scripts.

An idea to make this easier is to include the files in .htm files that can be SSI'd into your scripts.

Right - down to the code

Code

First off - you need a data abstraction method - for more information on patterns - see http://phppatterns.com

I will post a sample a little later on in this thread for you to look at.

The assumption is you have created a persistent connection (or repeatedly established a new one) in $_SESSION['db'] - and that your class exports functions to retrieve data (using sql or otherwise).

Now we need to create the registration form - see the follwoing:

Code:

<form method="post" action="process.registration.php">
<ul>
  <li>email address</li>
  <li class="input"><input type="text" name="email" value="" /></li>
  <li>password</li>
  <li class="input"><input type="password" name="password" value="" /></li>
  <li>repeat password</li>
  <li class="input"><input type="password" name="repeat" value="" /></li>
  <li>your name</li>
  <li class="input"><input type="text" name="fullname" value="" /></li>
  <li class="buttons"><input type="submit" value="register" /></li>
</ul>
</form>

The next step, then, is to process whatever's been passed to us in the registration form and if it validates - then pop it in the database and send the user an email to activate their account.

PHP Code:

  <?php

  // process.registation.php

 
  class Register {

    var $post;

    var $errors;

 
    function Register($data) {

      foreach ($data as $key => $value) {

        $newitem['name'] = $key;

        $newitem['value'] = $value;

        $this->post[$key] = $newitem;

      }

      $this->errors = array();

    }

  

    function Validate {

      $valid = true; 

      foreach ($this->post as $field) {

        if (($field['required']) && ($field['value'] !== "")) {

          if ($field['validates'] === true) {

            // this validates - continue

          }

          else {

            $valid = false;

            $this->errors[] = "The " . $field['name'] . " field does not validate - please try again.";

          }

        }

        else {

          $valid = false;

          $this->errors[] = "The " . $field['name'] . " field is a required element - please fill it in.";

        }

      }

      return $valid;

    }

  }

 
  $register = new Register($_POST);

  $register->post['email']['validates'] = is_email($register->post['email']['value']);

  $register->post['email']['required'] = true;

  $register->post['password']['required'] = true;

  $register->post['repeat']['required'] = true;

  $register->post['fullname']['required'] = true;

  $register->post['password']['validates'] = ($register->post['password']['value'] == $register->post['repeat']['value']);

  $register->post['repeat']['validates'] =  ($register->post['password']['value'] == $register->post['repeat']['value']);

  if ($register->Validate()) {

    // register these details

  }

  else {

    // redirect back o error page.

  }

?>

More in a while - play with this until such point as you're happy with it.

By the way - the is_email function is a simple function to check an email against a regexp.

PHP Code:

  <?php

  function is_email($Addr) 

  {

   $p = '/^[a-z0-9!#$%&*+-=?^_`{|}~]+(\.[a-z0-9!#$%&*+-=?^_`{|}~]+)*';

   $p.= '@([-a-z0-9]+\.)+([a-z]{2,3}';

   $p.= '|info|arpa|aero|coop|name|museum)$/ix';

   return preg_match($p, $Addr);

  }

?>

Regards

12-12-2006, 03:39 PM	#1 (permalink)
johnboulder Administrator Enthusiast Join Date: Mar 2003 Posts: 97	PHP: Custom user authentication Part 1 Welcome, all to the first of a series of articles to implementing your own custom user registration and authentication modules. I strongly suggest you develop this part of your website as a module, otherwise you'll be tied to a particular implementation when you decide to make changes (and trust me - you'll make the changes!! What you'll need An idea of what you need A site that would benefit from users Some PHP knowledge I say some, as you;ll need to understand how the language works, and connect to a mysql database or other datasource. Setting up the data The first and (possibly) the most important step is to have a logical way to group user data - a lot of people will push different forms on to you, but, in the end - whatever works best for you is the way you should do things. Code: Table: users Caption: User authentication Data Fields: user_id INT auto_increment user_email VARCHAR(250) # it's always wise to use an email address as a user identifier, as this is almost guaranteed to be unique for your user. ** user_password VARCHAR(200) # I recommend you store this as an md5 hashed value - it's more secure user_status # This is specific to the system - if users can only do so much, it's not important to limit them using a user_status - but for a multiple user hierarchy (similar to that used on forums) - a user_status is important - see one of the future tutorials for alternative ways to do this. user_hash VARCHAR(200) # I use this to make sure users do not suplpy spoof email addresses. user_active INT user_full_name VARCHAR(250) # Up to you really Once you have your table - your 'a' for away - you can now start creating your registration and login forms - the reason I do this first is so that I know exactly what format data is going to be passed to my processing scripts. An idea to make this easier is to include the files in .htm files that can be SSI'd into your scripts. Right - down to the code Code First off - you need a data abstraction method - for more information on patterns - see http://phppatterns.com I will post a sample a little later on in this thread for you to look at. The assumption is you have created a persistent connection (or repeatedly established a new one) in $_SESSION['db'] - and that your class exports functions to retrieve data (using sql or otherwise). Now we need to create the registration form - see the follwoing: Code: <form method="post" action="process.registration.php"> <ul> <li>email address</li> <li class="input"><input type="text" name="email" value="" /></li> <li>password</li> <li class="input"><input type="password" name="password" value="" /></li> <li>repeat password</li> <li class="input"><input type="password" name="repeat" value="" /></li> <li>your name</li> <li class="input"><input type="text" name="fullname" value="" /></li> <li class="buttons"><input type="submit" value="register" /></li> </ul> </form> The next step, then, is to process whatever's been passed to us in the registration form and if it validates - then pop it in the database and send the user an email to activate their account. PHP Code: <?php // process.registation.php class Register { var $post; var $errors; function Register($data) { foreach ($data as $key => $value) { $newitem['name'] = $key; $newitem['value'] = $value; $this->post[$key] = $newitem; } $this->errors = array(); } function Validate { $valid = true; foreach ($this->post as $field) { if (($field['required']) && ($field['value'] !== "")) { if ($field['validates'] === true) { // this validates - continue } else { $valid = false; $this->errors[] = "The " . $field['name'] . " field does not validate - please try again."; } } else { $valid = false; $this->errors[] = "The " . $field['name'] . " field is a required element - please fill it in."; } } return $valid; } } $register = new Register($_POST); $register->post['email']['validates'] = is_email($register->post['email']['value']); $register->post['email']['required'] = true; $register->post['password']['required'] = true; $register->post['repeat']['required'] = true; $register->post['fullname']['required'] = true; $register->post['password']['validates'] = ($register->post['password']['value'] == $register->post['repeat']['value']); $register->post['repeat']['validates'] = ($register->post['password']['value'] == $register->post['repeat']['value']); if ($register->Validate()) { // register these details } else { // redirect back o error page. } ?> More in a while - play with this until such point as you're happy with it. By the way - the is_email function is a simple function to check an email against a regexp. PHP Code: <?php function is_email($Addr) { $p = '/^[a-z0-9!#$%&+-=?^_`{\|}~]+(\.[a-z0-9!#$%&+-=?^_`{\|}~]+)'; $p.= '@([-a-z0-9]+\.)+([a-z]{2,3}'; $p.= '\|info\|arpa\|aero\|coop\|name\|museum)$/ix'; return preg_match($p, $Addr); } ?> Regards __________________ Sean Johnstone To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.* Tutorials: To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts. - Tutorial on creating navigation tabs using CSS To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts. - Tutorial on PHP custom user authentication