Free PHP Users Management Scripts

NEW Version 3.0 Released 24 July 2003!

Now requires validation of email addreses supplied, by sending a verification link to the new user...

See the page on TWB: Users Manager for a simple, cheap, plug-in users management script for your database of members.

There are lots of benefits to managing your own users. The built-in HTTP authentication is good, but it's not pretty and is quite limited. Taking control of your own login process isn't too difficult, and the results are much more useable.

The users management system for The Webmaster's Bureau is based on these scripts. You can use them as they are, or change them in any way you like.

The base users management system consists of 2 scripts:

• auth.php - This script is placed at the top of every page you want to protect. It checks the user's ID and session details against the database and if the details don't match a current valid session, the browser is redirected to...
  
  
• login.php - This script handles the whole login process including sending a welcome email with a verification link. It even allows users to change their details once logged in.
  
  

There are another 2 files in the package:

• country.php - A very cool country selector for your users to choose from.
  
  
• login-test.php - A very simple test page to ensure you're redirected correctly.
  
  

Requirements

You need to be able to install the scripts in the root directory of your website. If you need an FTP tool, see the page on Telnet and FTP.

You need to enter your database login details into the two scripts using a text editor. If you need an HTML / PHP Editor, see the page on HTML Editors.

You need to have access to PHP and a MySQL Database. You'll need to know your database username and password because these must be entered into the scripts

Installation

• Download and unzip the script(s) onto your PC.
  
  
• Enter your database login info in the scripts where indicated.
  
  
• Upload the scripts, to the root directory of your website. This is the 'www' or 'public_html' directory.
  
  
• Cut and Paste the database definitions from the top of login.php into your database. You can enter SQL commands directly into PHPMyAdmin - which you're bound to have if you've got MySQL. See your webhosting control panel or ask your host!
  
  
• Put the following code at the top of all the webpages you refer people to (they must be PHP pages - ie.e file.php)
  
  <? include 'auth.php'; ?>
  

That's it!

Installation - Users Manager Script

See the page on TWB: Users Manager for details on installing the Users Manager script.

How Does It Work?

The process is as follows:

• All the protected pages on the website have a short piece of code at the top:
    <? include 'auth.php'; ?>
  
  
• Every time a user tries to access a page, auth.php checks the value of your 'user_id' and 'session_id'
  
  
• If the $session_id variable isn't set, or doesn't match one in the database, you're redirected to the login page login.php...
  
  
• At the login page, you enter your username/password, then click on 'submit'. The script checks them against the database...
  
  
• If the details match - a new, unique $session_id is generated, (a long string of letters and/or numbers) and it's entered in the database, along with your name, and the time the session started.
  
  
• A cookie, containing the same details is sent to your computer. Then, when you access any page on the site, your browser transmits the cookie contents (session details) to the page.
  
  
• ...and the page checks the user and session_id - only this time it should be valid - so the page contents are displayed.
  
  

This latest version of login.php now handles the process of creating new users. Previously, the adduser.php script could be used.