A Cool Login System - Extended

Easy registration management with PHP & jQuery...

and an extended set of functionality for the provision of a full customer login system.

 

Source Code Update - An error in the functionality has recently been highlighted and on investigation it turns out that a field type in the session table is incorrect in the code that I have been sending to people. If you have already received a copy of the code and were not able to get it working, then you will need to make the following change (to your database table or table create script):

From:

CREATE TABLE IF NOT EXISTS `iws_sessions` (
 `id` char(32) NOT NULL,
 `data` longtext NOT NULL,
 `last_accessed` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
 PRIMARY KEY (`id`)
 ) ENGINE=MyISAM DEFAULT CHARSET=latin1;

To:

CREATE TABLE IF NOT EXISTS `iws_sessions` (
 `id` char(32) NOT NULL,
 `data` longtext NOT NULL,
 `last_accessed` int(11) NOT NULL,
 PRIMARY KEY (`id`)
 ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
         

This change is now in the code that will be sent out, but let me know if you have any other issues. Thanks.

Firstly this is a continuation of work from Web-Kreation and the tutorial given on Tutorialzine, so credit to both for making this available, and for allowing others to use and enhance it. I wanted a more flexible version for my Intec Web Services site (work in progress), so I set to and added the following functionality. If you like the enhancements, then feel free to use and alter them to suit your needs. If you can also provide feedback or a link to this site, then that would be even better. I would rather be contacted for the source files so if you would like them, just use the Contact Form and I will send them to you.

Also, I am more than happy to integrate this or a similar login system on your site for you (for a small fee). So if you need a login system for your site, but don't have the time or inclination to do it, then give me call and I will do it for you!

Thanks.

I have made the following changes:

1. I have added a Session Class (based on a worked example by Chris from www.spiration.co.uk) that stores the session information in a MySQL database. I did this so that I could have better control of the session and could do things like see the number of people on a site at any one time via straight forward queries etc.

2. I have altered the database connection and queries to use the PHP PDO extension. I did this partly for my own learning experience as well as to make the script more flexible. It also means that it uses the built in security measures that these classes afford.

3. I removed the need for a username and replaced this with just an email address. This was done as a personal preference. More people remember their email address than a made up username. Also it removes the issue of duplicate names and having to force the user to choose a different name if the one they want is already taken.

4. I have added the functionality to allow the user to add their own password. It is very restrictive to try and force a user to use a password that you prescribe and does not go down well with most people.

5. Due to the fact that people can now choose their own password, I have added the use of an activation link to activate the account, rather than just sending the user a password. To this end, I have also used two tables for this, one that has a list of all new accounts that have not yet been activated, and a second, that has valid, activated, users. It is then easy to purge the former from time to time without affecting the valid users table.

6. I have added a forgotten password link. This requires the user to enter their email address, follow the resultant email and then change the password. Again, the user has to follow an activation link to ensure that they are who they say they are. It also sends an email confirmation of the renewal so as to warn the customer should the attempt to renew the password have been bogus.

7. I have added a change password link. This requires that they enter the old password and then the new one (twice). There is no need for email authentication, but it does send a confirmation email as a security precaution should the changer of the password not be who they seem.

Note: This is a FULL working demo. You can create an account, login in/out, request a forgotten password, change password etc. It will also send activation emails, so there is no point trying it with dummy email addresses as you will not receive the activation emails!

There are currently 37 people viewing this site (the benefits of using database managed sessions).

View a test page, only accessible by registered users.

You are free to build upon this code and use it in your own sites.