how can I make individual accounts for each user login

  • christer
  • Newbie
  • Newbie
  • christer
  • Posts: 7

Post 3+ Months Ago

Hello folks, I have been searching everywhere and can't seem to find an answer.

I am building a personal training fitness website and I would like to have a client login form that will direct that client to their own individual fitness program.

What I've done so far:
Set up a mysql account with Godaddy were the site was created and hosted with linux.
Made a connection to it using Dreamweaver.

I am able to collect and upload info to the mysql database with the forms and have the clients log on with the form, but what I am unable to find out is how to make it so each client has their own page to view with their individual account that they logged on to. The personal trainer wants to be able to give each client their own fitness program.

I hope I make sense, if I need to elaborate in anyway please let me know. I thank you in advance for your help.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • elektric
  • Graduate
  • Graduate
  • User avatar
  • Posts: 130
  • Loc: Mexico

Post 3+ Months Ago

Hope this gives you an idea.

Your connection variables. You can put them in a separated file and use e.g. "require_once('mydbinfo.php');" in stead, this is very recommended.

Code: [ Select ]
 
<?php
 
$hostname_testing = "localhost";
$database_testing = "somedatabase";
$username_testing = "myusername";
$password_testing = "mypass";
$testing = mysql_pconnect($hostname_testing, $username_testing, $password_testing) or trigger_error(mysql_error(),E_USER_ERROR);
 
//
?>
  1.  
  2. <?php
  3.  
  4. $hostname_testing = "localhost";
  5. $database_testing = "somedatabase";
  6. $username_testing = "myusername";
  7. $password_testing = "mypass";
  8. $testing = mysql_pconnect($hostname_testing, $username_testing, $password_testing) or trigger_error(mysql_error(),E_USER_ERROR);
  9.  
  10. //
  11. ?>

Then you need to log them in.
Put the following code on your "login" form page.
Code: [ Select ]
<?php
// C O D E   S T A R T S
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}
 
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
 
if (isset($_POST['username'])) {
  $loginUsername=$_POST['username']; // change this to your form's username field name
  $password=$_POST['password']; // change this to your form's password field name
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "home.php";
  $MM_redirectLoginFailed = "index.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_testing, $testing);
 
  $LoginRS__query=sprintf("SELECT username, password FROM clients WHERE username=%s AND password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
   
  $LoginRS = mysql_query($LoginRS__query, $testing) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  $agentes = mysql_fetch_assoc($LoginRS);
 
  if ($loginFoundUser) {
     $loginStrGroup = "";
   
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;
 
    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; 
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
 
// C O D E   E N D S
?>
  1. <?php
  2. // C O D E   S T A R T S
  3. // *** Validate request to login to this site.
  4. if (!isset($_SESSION)) {
  5.   session_start();
  6. }
  7.  
  8. $loginFormAction = $_SERVER['PHP_SELF'];
  9. if (isset($_GET['accesscheck'])) {
  10.   $_SESSION['PrevUrl'] = $_GET['accesscheck'];
  11. }
  12.  
  13. if (isset($_POST['username'])) {
  14.   $loginUsername=$_POST['username']; // change this to your form's username field name
  15.   $password=$_POST['password']; // change this to your form's password field name
  16.   $MM_fldUserAuthorization = "";
  17.   $MM_redirectLoginSuccess = "home.php";
  18.   $MM_redirectLoginFailed = "index.php";
  19.   $MM_redirecttoReferrer = false;
  20.   mysql_select_db($database_testing, $testing);
  21.  
  22.   $LoginRS__query=sprintf("SELECT username, password FROM clients WHERE username=%s AND password=%s",
  23.     GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
  24.    
  25.   $LoginRS = mysql_query($LoginRS__query, $testing) or die(mysql_error());
  26.   $loginFoundUser = mysql_num_rows($LoginRS);
  27.   $agentes = mysql_fetch_assoc($LoginRS);
  28.  
  29.   if ($loginFoundUser) {
  30.      $loginStrGroup = "";
  31.    
  32.     //declare two session variables and assign them
  33.     $_SESSION['MM_Username'] = $loginUsername;
  34.     $_SESSION['MM_UserGroup'] = $loginStrGroup;
  35.  
  36.     if (isset($_SESSION['PrevUrl']) && false) {
  37.       $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; 
  38.     }
  39.     header("Location: " . $MM_redirectLoginSuccess );
  40.   }
  41.   else {
  42.     header("Location: ". $MM_redirectLoginFailed );
  43.   }
  44. }
  45.  
  46. // C O D E   E N D S
  47. ?>


Now we need to define which pages are protected.
This goes on every page that SHOULD be protected fron non-logged users

Code: [ Select ]
<?
// C O D E   S T A R T S
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";
 
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
  // For security, start by assuming the visitor is NOT authorized.
  $isValid = False;
 
  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
  // Therefore, we know that a user is NOT logged in if that Session variable is blank.
  if (!empty($UserName)) {
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
    // Parse the strings into arrays.
    $arrUsers = Explode(",", $strUsers);
    $arrGroups = Explode(",", $strGroups);
    if (in_array($UserName, $arrUsers)) {
      $isValid = true;
    }
    // Or, you may restrict access to only certain users based on their username.
    if (in_array($UserGroup, $arrGroups)) {
      $isValid = true;
    }
    if (($strUsers == "") && true) {
      $isValid = true;
    }
  }
  return $isValid;
}
 
$MM_restrictGoTo = "index.php"; // URL if not logged
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {  
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo);
  exit;
}
// C O D E   E N D S
?>
  1. <?
  2. // C O D E   S T A R T S
  3. if (!isset($_SESSION)) {
  4.   session_start();
  5. }
  6. $MM_authorizedUsers = "";
  7. $MM_donotCheckaccess = "true";
  8.  
  9. // *** Restrict Access To Page: Grant or deny access to this page
  10. function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
  11.   // For security, start by assuming the visitor is NOT authorized.
  12.   $isValid = False;
  13.  
  14.   // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
  15.   // Therefore, we know that a user is NOT logged in if that Session variable is blank.
  16.   if (!empty($UserName)) {
  17.     // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
  18.     // Parse the strings into arrays.
  19.     $arrUsers = Explode(",", $strUsers);
  20.     $arrGroups = Explode(",", $strGroups);
  21.     if (in_array($UserName, $arrUsers)) {
  22.       $isValid = true;
  23.     }
  24.     // Or, you may restrict access to only certain users based on their username.
  25.     if (in_array($UserGroup, $arrGroups)) {
  26.       $isValid = true;
  27.     }
  28.     if (($strUsers == "") && true) {
  29.       $isValid = true;
  30.     }
  31.   }
  32.   return $isValid;
  33. }
  34.  
  35. $MM_restrictGoTo = "index.php"; // URL if not logged
  36. if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {  
  37.   $MM_qsChar = "?";
  38.   $MM_referrer = $_SERVER['PHP_SELF'];
  39.   if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  40.   if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
  41.   $MM_referrer .= "?" . $QUERY_STRING;
  42.   $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  43.   header("Location: ". $MM_restrictGoTo);
  44.   exit;
  45. }
  46. // C O D E   E N D S
  47. ?>


Ones logged in, you can also use the $_SESSION['MM_Username'] as identifier to pull information. e.g.

Code: [ Select ]
<?
if (!isset($_SESSION)) {
  session_start();
}
$theuser = $_SESSION['MM_Username'];
 
mysql_select_db($database_dolthr, $dolthr);
$query_testing = "SELECT fitnessprogram FROM clients WHERE username = '$theuser' ORDER BY ciudad ASC";
$testing = mysql_query($query_testing, $dolthr) or die(mysql_error());
$row_testing = mysql_fetch_assoc($testing);
$totalRows_testing = mysql_num_rows($testing);
 
?>
  1. <?
  2. if (!isset($_SESSION)) {
  3.   session_start();
  4. }
  5. $theuser = $_SESSION['MM_Username'];
  6.  
  7. mysql_select_db($database_dolthr, $dolthr);
  8. $query_testing = "SELECT fitnessprogram FROM clients WHERE username = '$theuser' ORDER BY ciudad ASC";
  9. $testing = mysql_query($query_testing, $dolthr) or die(mysql_error());
  10. $row_testing = mysql_fetch_assoc($testing);
  11. $totalRows_testing = mysql_num_rows($testing);
  12.  
  13. ?>
  • christer
  • Newbie
  • Newbie
  • christer
  • Posts: 7

Post 3+ Months Ago

Hello Elektric, thank you so much for your help.

I see where you're going but there is so much that I still need to know. I have to admit I am a bit of a novice and I rely on snap tutorials and Dreamweaver to do the significant part of my coding.

First I'm wondering about the mysql database. I've made a table from a tutorial and connected to it, but I'm wondering how I can make an easy way for the personal trainer to add and delete clients to the database himself.

As far as all the coding on the PHP file. I just let Dreamweaver do all the work. By reading your above instructions I can make some sense to what is does but I'm still in the dark on how to use it. Does this make individual accounts? I think I'm getting lost by not knowing how to use this on the mysql end and on the individual account pages.
  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8388
  • Loc: USA

Post 3+ Months Ago

Let me try to explain this.

Firstly, you need a registration page, the place where people who want to use the service go to and register there.

For this case, I would probably ask for the following information.

First Name,
Last Name,
Genre,
Birthdate,
Email,
Password

And any other information that the personal trainer would deem necessary for the job to be done well. Well, required stuff, if it's about their eating habits, you could do that after the register and log in to their account.

For each piece of information, I would create a different column in a database table to be able to store it and retrieve it efficiently.

Something like the following SQL:
SQL Code: [ Select ]
CREATE TABLE `test` (
`ID` TINYINT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`fname` TEXT NOT NULL COMMENT 'First Name',
`lname` TEXT NOT NULL COMMENT 'Last Name',
`genre` TINYTEXT NOT NULL COMMENT 'Genre',
`bday` DATE NOT NULL COMMENT 'Birthdate',
`email` TEXT NOT NULL COMMENT 'Email',
`pass` TEXT NOT NULL COMMENT 'Password'
) ENGINE = innodb;
  1. CREATE TABLE `test` (
  2. `ID` TINYINT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
  3. `fname` TEXT NOT NULL COMMENT 'First Name',
  4. `lname` TEXT NOT NULL COMMENT 'Last Name',
  5. `genre` TINYTEXT NOT NULL COMMENT 'Genre',
  6. `bday` DATE NOT NULL COMMENT 'Birthdate',
  7. `email` TEXT NOT NULL COMMENT 'Email',
  8. `pass` TEXT NOT NULL COMMENT 'Password'
  9. ) ENGINE = innodb;

And so on for more fields that the personal trainer may deem necessary.

That's just for registration though, as for the program itself, it would be more advanced than that and would require much more coding than a simple registration and log in form.

Before you let a user submit data into the database though, strip the data from harmful things using the following function:
PHP Code: [ Select ]
$fname = mysql_real_escape_string($_POST['fname']);

Do that for every variable that the user submits so you don't get any SQL injection problems.

Don't forget to hash the password (like the md5(); or other functions) for security reasons.

If you don't want users to register but so the personal trainer would do it himself, you'll still do it this way, but have the registration form viewable only to the personal trainer. This way, the personal trainer would fill a form, press submit and VOILA. It's done automatically.

As for log in, I recommend you use SESSIONS. At successful log-in create a session and for every other page check if the session is created, and show member's stuff, and if the session is not created, show only the public things... something like the following piece of code.
PHP Code: [ Select ]
 
if(isset($_SESSION['SESSION_NAME']))
{
  // Show the member's stuff
}
else
{
  // Show the stuff that's only for public
}
// Show public stuff
 
  1.  
  2. if(isset($_SESSION['SESSION_NAME']))
  3. {
  4.   // Show the member's stuff
  5. }
  6. else
  7. {
  8.   // Show the stuff that's only for public
  9. }
  10. // Show public stuff
  11.  

I think you would be able to understand the code above better (and understand sessions) if you read about sessions. Although you already might know about it.

As for the page for every user, it would have to be a one page that is dynamic.

If you look at the SQL and the table it would produce, you would see that there is a field called ID. You don't fill it up, it is filled up automatically, counting up from 1. This means that each user who registers would have a unique ID, and that you can select that user using that ID from the database (and any other information that is associated with that ID), with the following code:
PHP Code: [ Select ]
$sql = "SELECT * FROM `test` WHERE ID = {$id)";
$process = mysql_query($sql) or die(mysql_error());
if($process)
  // Continue
}
else
{
  // There was an error... do error stuff here
}
  1. $sql = "SELECT * FROM `test` WHERE ID = {$id)";
  2. $process = mysql_query($sql) or die(mysql_error());
  3. if($process)
  4.   // Continue
  5. }
  6. else
  7. {
  8.   // There was an error... do error stuff here
  9. }

You store the result in variables and print it out, and since it associates the information based on the ID, every information from every user would/should be different, thus, creating a page for every user.

If you got any more questions, feel free to post them here.
  • christer
  • Newbie
  • Newbie
  • christer
  • Posts: 7

Post 3+ Months Ago

hello Bogey,

Thank you for the help. I have done the first step and made a table and registration page, but being the novice I am and relying on dreamweaver to do my code I am not able to understand stripping data and hashing passwords. I read the link about sessions and it makes some sense, I notice in dreamweaver there are functions to add all this.

Do you know of a way or of a step by step tutorial using dreamweaver on how to do what you mention above? The help pages of dreamweaver are very difficult to understand. I believe you totally know what I'm going for, though I have a hard time doing the code myself.

Thank you very much for taking you time to help me out.
  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8388
  • Loc: USA

Post 3+ Months Ago

I have used dreamweaver only once and that was for the 30 day trial... i didn't really like it and haven't used it anymore again, and don't have the program with me, so I won't be able to help you with that. All I do is code the programs by hand... I don't use any IDE (Well, I use Eclipse occasionally, but that's because of the file browser).

I might be able to find different tutorials for you that do similar things... I'll post them here once and if I find them.

But what you are doing is basically a database driven website. I have explained it as best as I could.

Lets try to compare what you are trying to do to social security number that everyone has. Everyone has a unique social security number. That means that no one has the same social security number, so the FBI could find your profile if they have your social security. Just with that one piece of information, they can find out anything/everything about you.

The put in the social security number in their form and have it search their database (or however it works), and it brings them the information. I don't know how the information is stored there, but I assume it's in a database that a dynamic database-driven page is retrieving the information from. (Secure of course :roll: )

This is the same in this case, except it doesn't matter if others know your Unique ID because they won't be able to do anything with it. It is used by the program automatically with barely any influence from the user. The only influence a user has on the ID is who is logged in.

Let's say Bob has an ID of 777 and Joe has an ID of 666. To log in, they type their username and password. The program then checks if the information exists in the database and then retrieves and stores the user's ID into a session.

On the next page, that is supposed to be a member's-only page, it checks if the session is set and if it's a valid one, if so, it would/should show the member's only information.

They click on the profile page. The page is dynamic and information changes based on your ID.

The ID is stored in the session and the program retrieves every data that is associated with that ID. Here is how a database would look like...

| ID | FNAME | LNAME | BIRTHDAY | GENRE | EMAIL | PASSWORD
| 666 | BOB | Jason | 1964-06-4 | MALE |j@o.com| 6g5h4567
| 777 | Joe | Lawrence | 1972-24-8 | Male |r@f.net| 32hg6h65

And so on... the information are associated to the ID if they are in the same row, so that is how the information is retrieved. And in the page that would show the information, it would be as PHP variables rather then the information itself. The variables would hold the information from the database and echo that, based on the ID set in the session.

I hope that this makes sense, I don't know though if you are able to create such a thing, although it's one of the basic things (at least this is the first thing that I created when I was learning PHP).

Good luck :)
  • christer
  • Newbie
  • Newbie
  • christer
  • Posts: 7

Post 3+ Months Ago

Hey Bogey, thanks again for your response. It's very helpful but I realize I will need to read actual books. I will check in later in a few days...

Thanks again!
  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8388
  • Loc: USA

Post 3+ Months Ago

To store something in the database you would either use INSERT or UPDATE sql commands.

To retrieve from a database (In the following example titled 'test') you would use the SELECT statement.
PHP Code: [ Select ]
<?php
$id = 2; // The ID that the information would be associated with.
$sql = "SELECT * FROM `test` WHERE id = `{$id}`";
$process = mysql_query($sql) or die(mysql_error());
if($process)
{
    // The information was retrieved successfully.
    $name = $info['fname'] .' '. $info['lname']; // First and last name
    $email = $info['email']; // Email
 
    echo "{$name}'s email address is {$email}";
}
?>
  1. <?php
  2. $id = 2; // The ID that the information would be associated with.
  3. $sql = "SELECT * FROM `test` WHERE id = `{$id}`";
  4. $process = mysql_query($sql) or die(mysql_error());
  5. if($process)
  6. {
  7.     // The information was retrieved successfully.
  8.     $name = $info['fname'] .' '. $info['lname']; // First and last name
  9.     $email = $info['email']; // Email
  10.  
  11.     echo "{$name}'s email address is {$email}";
  12. }
  13. ?>

That is pretty much it. The example above is an example of a dynamic page that changes based on the ID. The example above assumes that you have at least 2 people and their information in the database, with ID's going up from 1 by ones (1, 2, 3, 4, 5, 6...).

I don't know which book to recommend you as I haven't actually used any books.

Post Information

  • Total Posts in this topic: 8 posts
  • Users browsing this forum: No registered users and 170 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.