Forum Moderators: coopster
I just started with PHP and followed a tutorial about a members sytem (worked fine, few errors i fixed)
Now i would want to give members their own page so every member has his own page when he logs in. That page could display his email/login name etc etc. I started looking on google/yahoo but i really didn't find anything so i was wondering if anyone here knows a good tutorial or article about this cause i really have no idea where to start.
Do you mean somewhat like a profile page? It would be easiest to have the data reside in a database and call it into a templated profile page written in php.
Our Library [webmasterworld.com] has many relevant threads regarding mysql and php; you may want to check some of those out. I'm not sure if you are using mysql already for the member login, but if you are it shouldn't be too hard to implement.
Do some research and try something out for yourself; remember, if you hit any roadblocks on the way you can always get help here ;)
Best of luck!
//
As for the member only being able to see it, you have to implement some sort of login for viewing that page. This is shown in depth at this thread titled PHP User Authentication and Passwords [webmasterworld.com].
We generally write our own code here so we would appreciate it if you gave it your best efforts. Of course we are always here to help out :)
Please let me know if you are using another database technology too, as this will change my recommendations :)
Being that you are also new to php I would recommend going to the library/bookstore and picking up a book or two on the subject. They have nice walkthroughs of the basics of php programming. If you are interested, here are some great Resources [webmasterworld.com] for various php related topics.
- mysql_settings.php
<?php// define properties
$sql_host = "server";
$sql_user = "user";
$sql_pass = "pass";
$sql_db = "database";
$forumEmailIn = "example@server.net";
$forumEmailOut = "admin@server.us";
?>
- mysql_functions.php
<?php// class definition
// class encapsulating database functions
class dbFunctions {
function __construct() {
//
}
// define properties
// ----------------------------------------------------------------------------
// define public methods
// ----------------------------------------------------------------------------
// handlers
// constructor
// public
function connectDb($sql_host, $sql_user, $sql_pass) {
$connection = $this->connectDatabase($sql_host, $sql_user, $sql_pass);
return $connection;
}
// selector
// public
function selectDb($connection, $sql_db) {
$this->selectDatabase($connection, $sql_db);
}
// destructor
// public
function closeDb($connection, $result) {
$this->closeDatabase($connection, $result);
}
// ----------------------------------------------------------------------------
// define private methods
// ----------------------------------------------------------------------------
// main methods
// Connect to MySQL server
// private
function connectDatabase($sql_host, $sql_user, $sql_pass) {
$connection = mysql_connect($sql_host, $sql_user, $sql_pass);
// check for connection errors
// mysql_connect_errno()
if (mysql_error()) {
die("Unable to connect to MySQL server: " . mysql_error());
}
return $connection;
}
// select database
// private
// $connection,
function selectDatabase($connection, $sql_db) {
if (!mysql_select_db($sql_db)) {
die("Unable to select database: " . $sql_db);
}
}
// Close MySQL connection
// private
function closeDatabase($connection, $result) {
// free result set memory
// mysql_free_result($result);
// close connection
mysql_close($connection);
$this->__destruct();
}
function __destruct() {
// unset variables
unset($this->sql_host);
unset($this->sql_user);
unset($this->sql_pass);
unset($this->sql_db);
}
// end class definition
}
?>
- security.inc
<?php
session_start(); // check login status
$newip = $_SERVER['REMOTE_ADDR'];
if (!isset($_SESSION['user']) or empty($_SESSION['user']) or $newip!= $_SESSION['ip']) {
$newip = "";
$loggedIn = false;
}
else {
$newip = "";
$loggedIn = true;
}
// User and item security levels must be checked everytime,
// otherwise any changes to their security level would
// not take effect until their next session.
// create database object
$secDbF = new dbFunctions();
// connect database
$connection = $secDbF->connectDb($sql_host, $sql_user, $sql_pass);
$secDbF->selectDb($connection, $sql_db);
// query database
if ($loggedIn) {
$login = $_SESSION['user'];
$sql = "select * from members where Login='$login'";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
$field = "Security_Level";
$securityLevel = $row[$field];
}
else {
$securityLevel = 'Guest';
}
$sql = "select * from masks where Mask='$securityLevel'";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
$field = "Level";
$userPermissionFlags = $row[$field];
// close database
$secDbF->closeDb($connection, $result);
// create functions
function securePage($itemAlias, $userPermissionFlags, $loggedIn) {
if (!secureItem($itemAlias, $userPermissionFlags, $loggedIn)) {
$_SESSION['error'] = "Your security level was insufficient to access the page.";
header('Location: http://www.server.us/notify.php');
}
}
function secureItem($itemAlias, $userPermissionFlags, $loggedIn) {
@include('mysql/mysql_settings.php');
@include('../mysql/mysql_settings.php');
// create database object
$secDbF = new dbFunctions();
// connect database
$connection = $secDbF->connectDb($sql_host, $sql_user, $sql_pass);
$secDbF->selectDb($connection, $sql_db);
$sql = "select * from levels where Alias='$itemAlias'";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
$field = "ID";
$itemID = $row[$field];
$field = "Access";
$itemAccess = $row[$field];
if (!$loggedIn and $itemAccess == "1") {
$_SESSION['error'] = "You are not logged in, you must be logged in to access the page.";
header('Location: http://www.server.us/notify.php');
}
$string = $userPermissionFlags;
if ($string{$itemID-1} == "1") {
$grantAccess = true;
}
// close database
$secDbF->closeDb($connection, $result);
if ($grantAccess) {
return true;
}
else {
return false;
}
}
function checkIntNumber($var) {
if (is_numeric($var)) {
return true;
}
}
?>
- update_profile.htm
<?php
@include('mysql/mysql_settings.php');
@include('mysql/mysql_functions.php');
require('security/security.inc');$itemAlias = "View Update Profile Page";
securePage($itemAlias, $userPermissionFlags, $loggedIn);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>example</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link href="styles.css" rel="stylesheet" type="text/css" />
</head>
<body bgcolor="#2C4E67">
<div align="center">
<div class="main">
<div class="header1">
<?php include("content/banner.htm");?>
</div>
<div class="contentGroup">
<div class="leftMenu1">
<?php include("content/links.htm");?>
</div>
<div class="content1">
<div class="spacer"></div>
<?php include("content/update_profile_page_body1.inc");?>
</div>
<div class="rightMenu1">
<?php include("content/links2.htm");?>
</div>
</div>
</div>
</div>
</body>
</html>
- update_profile_page_body1.inc
<?php
// create database object
$dbF = new dbFunctions();// connect database
$connection = $dbF->connectDb($sql_host, $sql_user, $sql_pass);
$dbF->selectDb($connection, $sql_db);
// set variables
$userId = $_SESSION['id'];
$fieldnames = array(Login, Name, Age, Email, Yahoo_identity, MSN_identity, AIM_identity, ICQ_identity, Signiture, Avatar, Favourite_Weapon, Favourite_Map, Location);
// process request
if ($_POST) {
// query database
$sql = "select * from members where ID='$userId'";
$result = mysql_query($sql);
while ($row = mysql_fetch_assoc($result)) {
// filter out empty fields
foreach ($fieldnames as $field) {
$_POST[$field] = trim($_POST[$field]);
if (!isset($_POST[$field]) or empty($_POST[$field])) {
$_POST[$field] = "Unspecified";
}
}
// compair passwords
if (isset($_POST['OldPass']) and!empty($_POST['OldPass']) and isset($_POST['NewPass1']) and!empty($_POST['NewPass1'])) {
if (isset($_POST['NewPass2']) and!empty($_POST['NewPass2'])) {
if ($_POST['NewPass1'] == $_POST['NewPass2']) {
if ($_POST['OldPass'] == $row['Pass']) {
$updatePass = true;
}
else {
$notice = "Invalid password, please try again.";
}
}
else {
$notice = "New Password comparison failure.";
}
}
else {
$notice = "You must retype your password if you wish to update it.";
}
}
// qualify mandatory field values
if ($_POST['Login'] == "Unspecified") {
$notice = "Please enter a valid username to continue.";
}
else if (!$okay = preg_match('/^[A-z0-9_\-]+[@]([A-z0-9_\-]+[\.])+([A-z]{2,4}[\.])*[A-z]{2,4}$/', $_POST['Email'])) {
$notice = "You must enter a valid email address.";
}
// update user profile
if (!$notice) {
foreach ($fieldnames as $field) {
$_POST[$field] = addslashes($_POST[$field]);
$fieldValue = $_POST[$field];
$sql = "UPDATE members SET " . $field . "='$fieldValue' WHERE ID='$userId'";
$boolResult = mysql_query($sql);
}
// update user pass
if ($updatePass) {
$updatePass = "";
unset($updatePass);
$OldPass = addslashes($_POST['OldPass']);
$NewPass = addslashes($_POST['NewPass1']);
$sql = "UPDATE members SET Pass='$NewPass' WHERE ID='$userId'";
$boolResult = mysql_query($sql);
}
}
}
}
?>
<p><font color="#c0c0c0"><b><u>Update Profile</u></b></font></p>
<p><font color="#c0c0c0"><b>This form is new, please treat it with caution and report any errors.</b></font></p>
<?php
if ($notice) {
echo '<p><font color="#FF0000"><b>* ' . $notice . '</b></font></p>';
}
// query database
$sql = "select * from members where ID='$userId'";
$result = mysql_query($sql);
// display results
while ($row = mysql_fetch_assoc($result)) {
echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="post"><table>';
foreach ($fieldnames as $field) {
echo '<tr><td width="150px"><font color="#c0c0c0"><b>' . $field . ': </b></font></td><td><input type="text" size="40" name="' . $field . '" value="' . htmlentities($row["$field"]) . '" /></td></tr>';
}
echo '</table>';
echo '<p> </p>';
echo '<p><font color="#c0c0c0"><b><u>Change Password</u></b></font></p>';
echo '<table>';
echo '<tr><td width="150px"><font color="#c0c0c0"><b>Old Pass: </b></font></td><td><input type="text" size="40" name="OldPass" value="" /></td></tr>';
echo '<tr><td> </td></tr>';
echo '<tr><td><font color="#c0c0c0"><b>New Pass: </b></font></td><td><input type="text" size="40" name="NewPass1" value="" /></td></tr>';
echo '<tr><td><font color="#c0c0c0"><b>Retype Pass: </b></font></td><td><input type="text" size="40" name="NewPass2" value="" /></td></tr>';
echo '<tr><td> </td></tr>';
echo '<tr><td><input type="submit" value="Submit" alt="Submit" title="Submit" /><input type="reset" value="Reset" alt="Reset" title="Reset" /></td></tr>';
echo '</table></form>';
}
// close database
$dbF->closeDb($connection, $result);
?>
