PHP User System: Inserting new users

We will be walking through very quickly to show you how to implement a simple user system. We are not focused on security in this blog posting, however if you do have questions about making the script more secure email us or head over to hackhound.org and ask someone to help you.

You can get a copy of the users database we are using from our previous post here. If you don't know how to do it, refer to a MySQL tutorial, not a PHP tutorial. We are covering how to interface with MySQL, not how to build a MySQL database, sorry :/

Registration
When you implement user registration keep in mind that you can only get as much user info as your user table can hold, unfortunately we are left with a rather small users table to deal with. Some user tables can have as many as 30 fields, insane..

login.php

<form method="post" action="register.php">
    <p>username<br/>
    <input type="text" name="username">
    </p>

    <p>email<br/>
    <input type="text" name="email">
    </p>

    <p>password<br/>
    <input type="password" name="password">
    </p>

    <p><input type="submit" value="register user"></p>
</form>

 login.php will send the data to our register.php script.

register.php

<?php
mysql_connect("127.0.0.1","root","") or die(mysql_error());
mysql_select_db("test") or die(mysql_error());

$username = $_POST['username'];
$password = md5($_POST['password']);
$email = $_POST['email'];

mysql_query("insert into users value('','$username','$password','$email')") or die(mysql_error());

echo "user registered";
?>

 You would probably want to make sure they verify their email, but that's a bit advanced for you right now. I also did not clean the inputs, please do not use this on your own website, this is for development purposes/learning purposes only. You will also want to check if the user or email already exists, but like I said, this is pretty much bare bones development stuff.

Once registered you can let the user login using a login form, login.html

login.html

<form method="post" action="login.php">
<p>username<br/>
<input type="text" name="username">
</p>

<p>password<br/>
<input type="password" name="password">
</p>

<p><input type="submit" value="log me in">
</p>
</form>

login.php

<?php
mysql_connect("127.0.0.1","root","") or die(mysql_error());
mysql_select_db("test") or die(mysql_error());

$username = $_POST['username'];
$password = md5($_POST['password']);

$q = mysql_query("select * from users where username = '$username' and password = '$password'");
$g = mysql_fetch_array($q);

print_r($g);
?>

Once logged in you will want to start a session to carry the user from page to page.

PHP Connect to MySQL

MySQL is the preferred database to use when dealing with PHP. It's an old system that works quite well still and doesn't look to be replaced anytime soon. We are going to connect to a database, select a table, select some data then print the data back out.

<?php
mysql_connect("127.0.0.1","root","") or die(mysql_error());
mysql_select_db("test") or die(mysql_error());
?>

After connecting and selecting a database, select some data from the tables.

<?php
mysql_connect("127.0.0.1","root","") or die(mysql_error());
mysql_select_db("test") or die(mysql_error());

$query = mysql_query("select * from users");
$get_rows = mysql_fetch_array($query);

print_r($get_rows);
?>

Below is the sample database we used for this post.

CREATE TABLE IF NOT EXISTS `users` (
  `id` int(5) NOT NULL AUTO_INCREMENT,
  `username` varchar(32) NOT NULL,
  `password` varchar(32) NOT NULL,
  `email` varchar(80) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=4 ;

INSERT INTO `users` (`id`, `username`, `password`, `email`) VALUES
(1, 'admin', 'password', 'admin@unix.com'),
(2, 'codershed', 'admin', 'cs@codershed.us'),
(3, 'cs', 'cs', 'worker2@codershed.us');

PHP Read text files

Reading files is just as easy as writing them.

<?php
$str = file_get_contents("myfile.txt");
echo $str;
?>

People might not like it, but it works and is super easy.

PHP Write to file

Writing to files with PHP is a snap, it's super easy, like most everything about PHP. First, open a file handle (or stream), write to the stream, then close it. ALWAYS CLOSE.

<?php
$fh = fopen("myfile.txt","w");
fwrite($fh,"hello world\n");
fclose($fh);
?>

When you write to the file, try to write only once if you can. If you need to store data, build it up then write it to file, like below.

<?php
$data = array("My data","hello","world","goes","here","write","to","file");
$str = "";
for($i=0;$i<sizeof($data);$i++)
{
    $str .= $data[$i]."\r\n";
}

$fh = fopen("myfile.txt","w");
fwrite($fh,$str);
fclose($fh);
?>

PHP MD5

To MD5 some data is easy simply use the md5() function.

<?php
echo md5("hello");
?>

Store it in a variable

<?php
$md5_string = md5("hello world");
echo $md5_string;
?>

You can check if a string is an md5 string by comparing the two together, since it's a one-way hashing algorithm, this is called "colliding".

<?php
$password = md5("password");
$user_input = "password";
if(md5($user_input) == $password)
{
        echo "the password hash is <b>".$user_input."</b>.";
} else {
        echo "the password hash is NOT <b>".$user_input."</b>.";
}
?>

If you load a word list and loop through it, you have yourself a quick rough hash cracker.

PHP For Loop

For loops are a pretty common loop in programming. This loops syntax is exactly like c, since PHP is c based. The loop below will print 0-9 on the screen.

<?php
for($i=0;$i<10;$i++)
{
    echo $i;
}
?>

There are a couple ways you can setup and call For Loops.

<?php
$i=0;

for(;$i<10;$i++)
{
    echo $i;
}
?>

 You can do an infinite loop also with the For Loop.

<?php
for(;;)
{
    echo "Hello\n<br/>";
}
?>

Loop through an array

<?php
$a = array("hello","world","how","are","you");

for($i=0;$i<sizeof($a);$i++)
{
    echo $a[$i]." ";
}
?>

PHP Variables

PHP is a weakly typed language, so data types aren't a big deal. The hardest part is escaping strings, which is super simple. Here is a plain string variable, all variables always start with a dollar sign.

<?php
$my_string = "Hello World";
echo $my_string;
?>

 Here are some other ways to use and store data in variables.

<?php
$my_string = "Hello World";
$my_num = 122;
$my_string .= ", how are you";

echo $my_string;
?>