code-boxx/0-PHP-MEMBER.MD

## 0-PHP-MEMBER.MD

      
    Raw
  

              0-PHP-MEMBER.MD
            
          
    PHP MYSQL MEMBERSHIP SYSTEM

https://code-boxx.com/membership-system-php-mysql/
NOTES


Create a database and import 1-members.sql.
Open 2-lib-member.php and change the database settings to your own.
Launch 3-register.php to register a new user, 4-login.php to sign in.

LICENSE

Copyright by Code Boxx
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

  
## 1-members.sql
CREATE TABLE `members` (
  `id` bigint(20) NOT NULL,
  `name` varchar(255) NOT NULL,
  `email` varchar(255) NOT NULL,
  `password` varchar(255) NOT NULL,
  `start` datetime NOT NULL DEFAULT current_timestamp(),
  `till` datetime DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

ALTER TABLE `members`
  ADD PRIMARY KEY (`id`),
  ADD UNIQUE KEY `email` (`email`),
  ADD KEY `name` (`name`);

ALTER TABLE `members`
  MODIFY `id` bigint(20) NOT NULL AUTO_INCREMENT;

## 2-lib-member.php
<?php
class Member {
  // (A) CONSTRUCTOR - CONNECT TO THE DATABASE
  private $pdo = null;
  private $stmt = null;
  public $error;
  function __construct () {
    $this->pdo = new PDO(
      "mysql:host=".DB_HOST.";dbname=".DB_NAME.";charset=".DB_CHARSET,
      DB_USER, DB_PASSWORD, [
      PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
      PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
    ]);
  }

  // (B) DESTRUCTOR - CLOSE DATABASE CONNECTION
  function __destruct () {
    if ($this->stmt !== null) { $this->stmt = null; }
    if ($this->pdo !== null) { $this->pdo = null; }
  }

  // (C) HELPER - RUN SQL QUERY
  function query ($sql, $data=null) : void {
    $this->stmt = $this->pdo->prepare($sql);
    $this->stmt->execute($data);
  }

  // (D) GET MEMBER BY ID OR EMAIL
  function get ($id) {
    $this->query(sprintf("SELECT * FROM `members` WHERE `%s`=?",
      is_numeric($id) ? "id" : "email"
    ), [$id]);
    return $this->stmt->fetch();
  }

  // (E) ADD MEMBER
  function add ($name, $email, $password, $till=null) {
    // (E1) CHECK IF EMAIL ALREADY REGISTERED
    if ($this->get($email)) {
      $this->error = "$email is already registered";
      return false;
    }

    // (E2) SAVE MEMBER DATA
    $this->query(
      "INSERT INTO `members` (`name`, `email`, `password`, `till`) VALUES (?,?,?,?)",
      [$name, $email, password_hash($password, PASSWORD_DEFAULT), $till]
    );
    return true;
  }

  // (F) VERIFICATION
  function verify ($email, $password) {
    // (F1) GET MEMBER
    $member = $this->get($email);
    $pass = is_array($member);

    // (F2) CHECK MEMBERSHIP EXPIRY
    if ($pass && $member["till"]!="") {
      if (strtotime("now") >= strtotime($member["till"])) {
        $pass = false;
      }
    }

    // (F3) CHECK PASSWORD
    if ($pass) { $pass = password_verify($password, $member["password"]); }

    // (F4) REGISTER MEMBER INTO SESSION
    if ($pass) {
      foreach ($member as $k=>$v) { $_SESSION["member"][$k] = $v; }
      unset($_SESSION["member"]["password"]);
    }

    // (F5) RESULT
    if (!$pass) { $this->error = "Invalid email/password"; }
    return $pass;
  }
}

// (G) DATABASE SETTINGS - CHANGE TO YOUR OWN!
define("DB_HOST", "localhost");
define("DB_NAME", "test");
define("DB_CHARSET", "utf8mb4");
define("DB_USER", "root");
define("DB_PASSWORD", "");

// (H) START
session_start();
$_MEM = new Member();

## 3-register.php
<?php
// (A) LOAD LIBRARY + REDIRECT IF SIGNED IN
require "2-lib-member.php";
if (isset($_SESSION["member"])) {
  header("Location: 5-protected.php");
  exit();
}

// (B) PROCESS FORM SUBMISSION
// redirect to a "nice welcome page" in your own project
// this demo will redirect to login page directly
if (count($_POST)!=0) {
  if ($_MEM->add($_POST["name"], $_POST["email"], $_POST["password"])) {
    header("Location: 4-login.php");
    exit();
  }
} ?>
<!DOCTYPE html>
<html>
  <head>
    <title>Registration Demo</title>
    <meta charset="utf-8">
    <link rel="stylesheet" href="X-simple.css">
  </head>
  <body>
    <!-- (C) REGISTRATION FORM -->
    <?php
    if ($_MEM->error!="") { echo "<div class='error'>".$_MEM->error."</div>"; }
    ?>
    <form method="post">
      <h1>REGISTRATION</h1>
      <label>Name</label>
      <input type="text" name="name" required>
      <label>Email</label>
      <input type="email" name="email" required>
      <label>Password</label>
      <input type="password" name="password" required>
      <input type="submit" value="Register">
    </form>
  </body>
</html>

## 4-login.php
<?php
// (A) LOAD LIBRARY
require "2-lib-member.php";

// (B) CHECK LOGIN CREDENTIALS
if (count($_POST)!=0) {
  $_MEM->verify($_POST["email"], $_POST["password"]);
}

// (C) REDIRECT IF SIGNED IN
if (isset($_SESSION["member"])) {
  header("Location: 5-protected.php");
  exit();
} ?>
<!DOCTYPE html>
<html>
  <head>
    <title>Login Page</title>
    <meta charset="utf-8">
    <link rel="stylesheet" href="X-simple.css">
  </head>
  <body>
    <!-- (D) LOGIN FORM -->
    <?php
    if ($_MEM->error!="") { echo "<div class='error'>".$_MEM->error."</div>"; }
    ?>
    <form method="post">
      <h1>LOGIN</h1>
      <label>Email</label>
      <input type="email" name="email" required>
      <label>Password</label>
      <input type="password" name="password" required>
      <input type="submit" value="Login">
    </form>
  </body>
</html>

## 5-protected.php
<?php
// (A) LOAD LIBRARY
require "2-lib-member.php";

// (B) SIGN OUT
if (isset($_POST["out"])) {
  unset($_SESSION["member"]);
}

// (C) NOT SIGNED IN - BACK TO LOGIN PAGE
if (!isset($_SESSION["member"])) {
  header("Location: 4-login.php");
  exit();
} ?>
<!DOCTYPE html>
<html>
  <head>
    <title>Member Section</title>
    <meta charset="utf-8">
    <link rel="stylesheet" href="X-simple.css">
  </head>
  <body>
    <form method="post">
      <h1>MEMBER PAGE</h1>
      <p>You are in!</p>
      <?php print_r($_SESSION["member"]); ?>
      <input type="hidden" name="out" value="1">
      <input type="submit" value="Sign Out">
    </form>
  </body>
</html>

## X-simple.css
/* (A) WHOLE PAGE */
* {
  font-family: Arial, Helvetica, sans-serif;
  box-sizing: border-box;
}
body { background: #f2f2f2; }

/* (B) FORM */
form {
  width: 400px;
  padding: 20px;
  border: 1px solid #ccc;
  background: #fff;
}
form h1 {
  margin: 0 0 10px 0;
  font-size: 28px;
}
form label, form input {
  display: block;
  width: 100%;
}
form label {
  color: #9f9f9f;
  padding: 10px 0;
}
form input { padding: 10px; }
form input[type=submit] {
  margin-top: 20px;
  border: 0;
  color: #fff;
  background: #af1b1b;
  cursor: pointer;
}

/* (C) ERROR NOTIFICATION */
.error {
  background: #ffe5e5;
  padding: 10px;
  margin-bottom: 20px;
}
	CREATE TABLE `members` (
	`id` bigint(20) NOT NULL,
	`name` varchar(255) NOT NULL,
	`email` varchar(255) NOT NULL,
	`password` varchar(255) NOT NULL,
	`start` datetime NOT NULL DEFAULT current_timestamp(),
	`till` datetime DEFAULT NULL
	) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

	ALTER TABLE `members`
	ADD PRIMARY KEY (`id`),
	ADD UNIQUE KEY `email` (`email`),
	ADD KEY `name` (`name`);

	ALTER TABLE `members`
	MODIFY `id` bigint(20) NOT NULL AUTO_INCREMENT;
	<?php
	class Member {
	// (A) CONSTRUCTOR - CONNECT TO THE DATABASE
	private $pdo = null;
	private $stmt = null;
	public $error;
	function __construct () {
	$this->pdo = new PDO(
	"mysql:host=".DB_HOST.";dbname=".DB_NAME.";charset=".DB_CHARSET,
	DB_USER, DB_PASSWORD, [
	PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
	PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
	]);
	}

	// (B) DESTRUCTOR - CLOSE DATABASE CONNECTION
	function __destruct () {
	if ($this->stmt !== null) { $this->stmt = null; }
	if ($this->pdo !== null) { $this->pdo = null; }
	}

	// (C) HELPER - RUN SQL QUERY
	function query ($sql, $data=null) : void {
	$this->stmt = $this->pdo->prepare($sql);
	$this->stmt->execute($data);
	}

	// (D) GET MEMBER BY ID OR EMAIL
	function get ($id) {
	$this->query(sprintf("SELECT * FROM `members` WHERE `%s`=?",
	is_numeric($id) ? "id" : "email"
	), [$id]);
	return $this->stmt->fetch();
	}

	// (E) ADD MEMBER
	function add ($name, $email, $password, $till=null) {
	// (E1) CHECK IF EMAIL ALREADY REGISTERED
	if ($this->get($email)) {
	$this->error = "$email is already registered";
	return false;
	}

	// (E2) SAVE MEMBER DATA
	$this->query(
	"INSERT INTO `members` (`name`, `email`, `password`, `till`) VALUES (?,?,?,?)",
	[$name, $email, password_hash($password, PASSWORD_DEFAULT), $till]
	);
	return true;
	}

	// (F) VERIFICATION
	function verify ($email, $password) {
	// (F1) GET MEMBER
	$member = $this->get($email);
	$pass = is_array($member);

	// (F2) CHECK MEMBERSHIP EXPIRY
	if ($pass && $member["till"]!="") {
	if (strtotime("now") >= strtotime($member["till"])) {
	$pass = false;
	}
	}

	// (F3) CHECK PASSWORD
	if ($pass) { $pass = password_verify($password, $member["password"]); }

	// (F4) REGISTER MEMBER INTO SESSION
	if ($pass) {
	foreach ($member as $k=>$v) { $_SESSION["member"][$k] = $v; }
	unset($_SESSION["member"]["password"]);
	}

	// (F5) RESULT
	if (!$pass) { $this->error = "Invalid email/password"; }
	return $pass;
	}
	}

	// (G) DATABASE SETTINGS - CHANGE TO YOUR OWN!
	define("DB_HOST", "localhost");
	define("DB_NAME", "test");
	define("DB_CHARSET", "utf8mb4");
	define("DB_USER", "root");
	define("DB_PASSWORD", "");

	// (H) START
	session_start();
	$_MEM = new Member();
	<?php
	// (A) LOAD LIBRARY + REDIRECT IF SIGNED IN
	require "2-lib-member.php";
	if (isset($_SESSION["member"])) {
	header("Location: 5-protected.php");
	exit();
	}

	// (B) PROCESS FORM SUBMISSION
	// redirect to a "nice welcome page" in your own project
	// this demo will redirect to login page directly
	if (count($_POST)!=0) {
	if ($_MEM->add($_POST["name"], $_POST["email"], $_POST["password"])) {
	header("Location: 4-login.php");
	exit();
	}
	} ?>
	<!DOCTYPE html>
	<html>
	<head>
	<title>Registration Demo</title>
	<meta charset="utf-8">
	<link rel="stylesheet" href="X-simple.css">
	</head>
	<body>
	<!-- (C) REGISTRATION FORM -->
	<?php
	if ($_MEM->error!="") { echo "<div class='error'>".$_MEM->error."</div>"; }
	?>
	<form method="post">
	<h1>REGISTRATION</h1>
	<label>Name</label>
	<input type="text" name="name" required>
	<label>Email</label>
	<input type="email" name="email" required>
	<label>Password</label>
	<input type="password" name="password" required>
	<input type="submit" value="Register">
	</form>
	</body>
	</html>
	<?php
	// (A) LOAD LIBRARY
	require "2-lib-member.php";

	// (B) CHECK LOGIN CREDENTIALS
	if (count($_POST)!=0) {
	$_MEM->verify($_POST["email"], $_POST["password"]);
	}

	// (C) REDIRECT IF SIGNED IN
	if (isset($_SESSION["member"])) {
	header("Location: 5-protected.php");
	exit();
	} ?>
	<!DOCTYPE html>
	<html>
	<head>
	<title>Login Page</title>
	<meta charset="utf-8">
	<link rel="stylesheet" href="X-simple.css">
	</head>
	<body>
	<!-- (D) LOGIN FORM -->
	<?php
	if ($_MEM->error!="") { echo "<div class='error'>".$_MEM->error."</div>"; }
	?>
	<form method="post">
	<h1>LOGIN</h1>
	<label>Email</label>
	<input type="email" name="email" required>
	<label>Password</label>
	<input type="password" name="password" required>
	<input type="submit" value="Login">
	</form>
	</body>
	</html>
	/* (A) WHOLE PAGE */
	* {
	font-family: Arial, Helvetica, sans-serif;
	box-sizing: border-box;
	}
	body { background: #f2f2f2; }

	/* (B) FORM */
	form {
	width: 400px;
	padding: 20px;
	border: 1px solid #ccc;
	background: #fff;
	}
	form h1 {
	margin: 0 0 10px 0;
	font-size: 28px;
	}
	form label, form input {
	display: block;
	width: 100%;
	}
	form label {
	color: #9f9f9f;
	padding: 10px 0;
	}
	form input { padding: 10px; }
	form input[type=submit] {
	margin-top: 20px;
	border: 0;
	color: #fff;
	background: #af1b1b;
	cursor: pointer;
	}

	/* (C) ERROR NOTIFICATION */
	.error {
	background: #ffe5e5;
	padding: 10px;
	margin-bottom: 20px;
	}