PHP Login System with Admin Features

Introduction

I wrote the popular evolt.org tutorial PHP Login Script with Remember Me Feature
mainly as an introduction to user sessions and cookies in PHP. Since it was created as a
learning tool, many advanced features were left out of the script. By popular demand, I
have written and am presenting here a complete Login System, with all the features that
were left out of the first script, that can be easily integrated into any website.

Notes

This article is intended primarily for intermediate to advanced users of PHP, as it is not
exactly a tutorial, but a description of the implementation of an advanced Login System.
Beginners who are looking to learn about user session and cookies in PHP are advised to
read the above mentioned tutorial before reading this article.

Features

Here are some of the features in this Login System that weren't included in the initial
tutorial:

• Better Security - Passwords are not stored in cookies, randomly generated ids
take their place.
• Member Levels - Now users can be differentiated by what level they are (user,
admin, etc.)
• Admin Center - As an admin, you have full control over registered users. You
can view user info, upgrade/demote user levels, delete users, delete inactive users,
and ban users.
• Visitor Tracking - You can now tell how many guests and users are actively
viewing your site, and who those users are. You also know how many total
members your site has.
• Account Info - Users can now view their own information, and edit it as well.
They can also see the information of other users.
• Form Helper - No more ugly error pages! Now users are redirected to the form
they filled out and the errors that have occurred are displayed.
• Forgot Password - Users who forget their password can have a new one
generated for them and sent to their email address.
• Email - Now emails can be sent to newly registered users.
• Miscellaneous - Much better code design, smooth page transitions, and MORE!
Database

All the tables needed for the Login System are written in the file dbtables.sql. You can
look at the file and create each table manually or you can just run the file with mysql and
it will create all the necessary tables automatically.

btables.sql
#
# dbtables.sql
#
# Simplifies the task of creating all the database tables
# used by the login system.
#
# Can be run from command prompt by typing:
#
# mysql -u yourusername -D yourdatabasename < dbtables.sql
#
# That's with dbtables.sql in the mysql bin directory, but
# you can just include the path to dbtables.sql and that's
# fine too.
#
# Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
# Last Updated: August 13, 2004
#

#
# Table structure for users table
#
DROP TABLE IF EXISTS users;

CREATE TABLE users (

username varchar(30) primary key,
password varchar(32),
userid varchar(32),
userlevel tinyint(1) unsigned not null,
email varchar(50),
timestamp int(11) unsigned not null
);

#
# Table structure for active users table
#
DROP TABLE IF EXISTS active_users;

CREATE TABLE active_users (

username varchar(30) primary key,
timestamp int(11) unsigned not null
);

#
# Table structure for active guests table
#
DROP TABLE IF EXISTS active_guests;

CREATE TABLE active_guests (

ip varchar(15) primary key,
timestamp int(11) unsigned not null
);

#
# Table structure for banned users table
#
DROP TABLE IF EXISTS banned_users;

CREATE TABLE banned_users (

username varchar(30) primary key,
timestamp int(11) unsigned not null
);

Code Design

I will be presenting the Login System by showing only the important files, describing
what they do and how they interact with each other. By reading this you should get a
good idea of how the Login System works and understand how to integrate it into your
website. It is important to note before you start that the code relies on classes and the key
variables of this Login System are class objects.

constants.php

This file will contain all the constants and important information used by the login
system. Here you specify stuff like your database username and password, the admin
account name (which will be able to create other admins), visitor timeouts, email options,
etc.

<?
/**
* Constants.php
*
* This file is intended to group all constants to
* make it easier for the site administrator to tweak
* the login script.
*
* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
* Last Updated: August 19, 2004
*/

/**
* Database Constants - these constants are required
* in order for there to be a successful connection
* to the MySQL database. Make sure the information is
* correct.
*/
define("DB_SERVER", "localhost");
define("DB_USER", "your_name");
define("DB_PASS", "your_pass");
define("DB_NAME", "your_dbname");

/**
* Database Table Constants - these constants
* hold the names of all the database tables used
* in the script.
*/
define("TBL_USERS", "users");
define("TBL_ACTIVE_USERS", "active_users");
define("TBL_ACTIVE_GUESTS", "active_guests");
define("TBL_BANNED_USERS", "banned_users");

/**
* Special Names and Level Constants - the admin
* page will only be accessible to the user with
* the admin name and also to those users at the
* admin user level. Feel free to change the names
* and level constants as you see fit, you may
* also add additional level specifications.
* Levels must be digits between 0-9.
*/
define("ADMIN_NAME", "admin");
define("GUEST_NAME", "Guest");
define("ADMIN_LEVEL", 9);
define("USER_LEVEL", 1);
define("GUEST_LEVEL", 0);

/**
* This boolean constant controls whether or
* not the script keeps track of active users
* and active guests who are visiting the site.
*/
define("TRACK_VISITORS", true);

/**
* Timeout Constants - these constants refer to
* the maximum amount of time (in minutes) after
* their last page fresh that a user and guest
* are still considered active visitors.
*/
define("USER_TIMEOUT", 10);
define("GUEST_TIMEOUT", 5);

/**
* Cookie Constants - these are the parameters
* to the setcookie function call, change them
* if necessary to fit your website. If you need
* help, visit www.php.net for more info.
* <http://www.php.net/manual/en/function.setcookie.php>
*/
define("COOKIE_EXPIRE", 60*60*24*100); //100 days by default
define("COOKIE_PATH", "/"); //Available in whole domain

/**
* Email Constants - these specify what goes in
* the from field in the emails that the script
 * sends to users, and whether to send a
* welcome email to newly registered users.
*/
define("EMAIL_FROM_NAME", "YourName");
define("EMAIL_FROM_ADDR", "youremail@address.com");
define("EMAIL_WELCOME", false);

/**
* This constant forces all users to have
* lowercase usernames, capital letters are
* converted automatically.
*/
define("ALL_LOWERCASE", false);
?>

Refer this link

http://evolt.org/node/60384