Jump to content

Recommended Posts

  • 2 months later...
Posted (edited)

It depends what kind of platform you are using, wp? joomla? if you use a preconf platform like these you can find some plugins about members from their dashboard.
In case that you are using classic php :D <3 and just you want to keep a page in public but also hidden use this:

<?php
$username = "admin"; // username 
$password = "admin"; // password 


if ($_SERVER["PHP_AUTH_USER"] != $username || $_SERVER["PHP_AUTH_PW"] != $password) {
header("WWW-Authenticate: basic realm='Protected Area'");
header("HTTP/1.0 401 Unauthorized");
echo "KEEP OUT"; //Invalid Login
exit;
}
?>

or follow this guide from html-form-guide.com , is the complete answer to your question


Guide Credits: html-form-guide.com

 

We are going to walk you through every aspect of creating a membership based site, with a secure members area protected by password.

 

The whole process consists of two big parts: user registration and user authentication. In the first part, we are going to cover creation of the registration form and storing the data in a MySQL database. In the second part, we will create the login form and use it to allow users access in the secure area.
 

Download the code

You can download the whole source code for the registration/login system from the link below:
RegistrationForm.zip

Configuration & Upload
The ReadMe file contains detailed instructions.

Open the source\include\membersite_config.php file in a text editor and update the configuration. (Database login, your website’s name, your email address etc).

Upload the whole directory contents. Test the register.php by submitting the form.

 

The registration form

php-registration-form.png

In order to create a user account, we need to gather a minimal amount of information from the user. We need his name, his email address and his desired username and password. Of course, we can ask for more information at this point, but a long form is always a turn-off. So let’s limit ourselves to just those fields.

Here is the registration form:

 

<form id='register' action='register.php' method='post' 
accept-charset='UTF-8'>
<fieldset >
<legend>Register</legend>
<input type='hidden' name='submitted' id='submitted' value='1'/>
<label for='name' >Your Full Name*: </label>
<input type='text' name='name' id='name' maxlength="50" />
<label for='email' >Email Address*:</label>
<input type='text' name='email' id='email' maxlength="50" />
<label for='username' >UserName*:</label>
<input type='text' name='username' id='username' maxlength="50" />
<label for='password' >Password*:</label>
<input type='password' name='password' id='password' maxlength="50" />
<input type='submit' name='Submit' value='Submit' />
</fieldset>
</form>

So, we have text fields for name, email and the password. Note that we are using the password widget for better usability.

 

Form validation

At this point it is a good idea to put some form validation code in place, so we make sure that we have all the data required to create the user account. We need to check if name and email, and password are filled in and that the email is in the proper format.

We can use the free JavaScript form validation script to add form validations quickly and easily, with lesser code.

Here is a sample JavaScript validation code to be used for the sample form we created earlier:

 

var frmvalidator  = new Validator("register");
frmvalidator.EnableOnPageErrorDisplay();
frmvalidator.EnableMsgsTogether();
frmvalidator.addValidation("name","req","Please provide your name");
frmvalidator.addValidation("email","req","Please provide your email address");
frmvalidator.addValidation("email","email","Please provide a valid email address");
frmvalidator.addValidation("username","req","Please provide a username");
frmvalidator.addValidation("password","req","Please provide a password");

To be on the safe side, we will also have the same validations on the server side too. For server side validations, we will use the PHP form validation script

 

Handling the form submission

Now we have to handle the form data that is submitted.

Here is the sequence (see the file fg_membersite.php in the downloaded source):

 

function RegisterUser()
{
if(!isset($_POST['submitted']))
{
return false;
}
$formvars = array();
if(!$this->ValidateRegistrationSubmission())
{
return false;
}
$this->CollectRegistrationSubmission($formvars);
if(!$this->SaveToDatabase($formvars))
{
return false;
}
if(!$this->SendUserConfirmationEmail($formvars))
{
return false;
}
$this->SendAdminIntimationEmail($formvars);
return true;
}

First, we validate the form submission. Then we collect and ‘sanitize’ the form submission data (always do this before sending email, saving to database etc). The form submission is then saved to the database table. We send an email to the user requesting confirmation. Then we intimate the admin that a user has registered.

Saving the data in the database

Now that we gathered all the data, we need to store it into the database.
Here is how we save the form submission to the database.

 

function SaveToDatabase(&$formvars)
{
if(!$this->DBLogin())
{
$this->HandleError("Database login failed!");
return false;
}
if(!$this->Ensuretable())
{
return false;
}
if(!$this->IsFieldUnique($formvars,'email'))
{
$this->HandleError("This email is already registered");
return false;
}
if(!$this->IsFieldUnique($formvars,'username'))
{
$this->HandleError("This UserName is already used. Please try another username");
return false;
}        
if(!$this->InsertIntoDB($formvars))
{
$this->HandleError("Inserting to Database failed!");
return false;
}
return true;
}

Note that you have configured the Database login details in the membersite_config.php file. Most of the cases, you can use “localhost” for database host.
After logging in, we make sure that the table is existing.(If not, the script will create the required table).
Then we make sure that the username and email are unique. If it is not unique, we return error back to the user.

The database table structure

This is the table structure. The CreateTable() function in the fg_membersite.php file creates the table. Here is the code:

 

function CreateTable()
{
$qry = "Create Table $this->tablename (".
"id_user INT NOT NULL AUTO_INCREMENT ,".
"name VARCHAR( 128 ) NOT NULL ,".
"email VARCHAR( 64 ) NOT NULL ,".
"phone_number VARCHAR( 16 ) NOT NULL ,".
"username VARCHAR( 16 ) NOT NULL ,".
"password VARCHAR( 32 ) NOT NULL ,".
"confirmcode VARCHAR(32) ,".
"PRIMARY KEY ( id_user )".
")";
if(!mysql_query($qry,$this->connection))
{
$this->HandleDBError("Error creating the table \nquery was\n $qry");
return false;
}
return true;
}

 

The id_user field will contain the unique id of the user, and is also the primary key of the table. Notice that we allow 32 characters for the password field. We do this because, as an added security measure, we will store the password in the database encrypted using MD5. Please note that because MD5 is an one-way encryption method, we won’t be able to recover the password in case the user forgets it.

Inserting the registration to the table

Here is the code that we use to insert data into the database. We will have all our data available in the $formvars array.

 

function InsertIntoDB(&$formvars)
{
$confirmcode = $this->MakeConfirmationMd5($formvars['email']);
$insert_query = 'insert into '.$this->tablename.'(
name,
email,
username,
password,
confirmcode
)
values
(
"' . $this->SanitizeForSQL($formvars['name']) . '",
"' . $this->SanitizeForSQL($formvars['email']) . '",
"' . $this->SanitizeForSQL($formvars['username']) . '",
"' . md5($formvars['password']) . '",
"' . $confirmcode . '"
)';      
if(!mysql_query( $insert_query ,$this->connection))
{
$this->HandleDBError("Error inserting data to the table\nquery:$insert_query");
return false;
}        
return true;
}

 

Notice that we use PHP function md5() to encrypt the password before inserting it into the database.
Also, we make the unique confirmation code from the user’s email address.

 

Sending emails

Now that we have the registration in our database, we will send a confirmation email to the user. The user has to click a link in the confirmation email to complete the registration process.

 

function SendUserConfirmationEmail(&$formvars)
{
$mailer = new PHPMailer();
$mailer->CharSet = 'utf-8';
$mailer->AddAddress($formvars['email'],$formvars['name']);
$mailer->Subject = "Your registration with ".$this->sitename;
$mailer->From = $this->GetFromAddress();        
$confirmcode = urlencode($this->MakeConfirmationMd5($formvars['email']));
$confirm_url = $this->GetAbsoluteURLFolder().'/confirmreg.php?code='.$confirmcode;
$mailer->Body ="Hello ".$formvars['name']."\r\n\r\n".
"Thanks for your registration with ".$this->sitename."\r\n".
"Please click the link below to confirm your registration.\r\n".
"$confirm_url\r\n".
"\r\n".
"Regards,\r\n".
"Webmaster\r\n".
$this->sitename;
if(!$mailer->Send())
{
$this->HandleError("Failed sending registration confirmation email.");
return false;
}
return true;
}

We use the free PHPMailer script to send the email.
Note that we make the confirmation URL point to confirmreg.php?code=XXXX (where XXXX is the confirmation code).
In the confirmreg.php script, we search for this confirmation code and update the ‘confirmed’ field in the table.

After completing all these operations successfully, we send an email to the admin (configured in the membersite_config.php file)

See also:Making a login form using PHP

Updates

9th Jan 2012
Reset Password/Change Password features are added
The code is now 
shared at GitHub.

25th May 2011
Now you can display the logged-in user’s name with this code:

Welcome back <?= $fgmembersite->UserFullName(); ?>!
Edited by tramp0ukos

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Posts

    • I have a highly customized Hi5 pack based on L2JMobius with a lot of features for performance and modern game design. Disclaimer: I do not run any public server, but I run a "private" server for a group of 10 friends and about 2000 AI bots that required me to do heavy modifications on core systems of the game.  So my opinion will obivously be biased towards L2JMobius.   What I can tell you though without bias is: Most of the features you are asking for are nowadays considered de-facto, don't pay money for them. TvT, offline mode, community boards, premiums, vote rewards are in most packs including the open source ones. So before you pay a thousand plus euro for a pack ask yourself what you are paying that money for, that open source packs don't have.   Also a lot of the "strong points" some old packs were made for are nowadays obsolete. L2JFree derived packs for example used to have a lot of GC optimizations (Trove library) which are not not maintained, but most importantly not needed cause Java has evolved a lot since then and the performance issues these tricks tried to solve back then, are currently solved by Java's JVM itself. So if someone tries to sell you packed / unpacked integers in special hashmap data structures and other such things know that they have really lost their value nowadays.    A lot of people are selling thin air, things that everyone has. "Quality geodata" being one of them. I mean what's "quality geodata" ? Has someone painted them by hand ? Hell there's an online tool for free in github that extracts quality geodata, I think Galagard made it ? In contrast I'll tell you without wanting to boast about it that I use 3D navmesh on my project because 2000 bots could not pathfind large distances on A* on geodata. As far as I know, L2JMobius has it in its subscription version too. So if I could do an acceptable transition to navmesh from geodata in a week alone, I would assume that a decent pack with dedicated developers could do it better and faster. Red flag if someone still tries to sell you geodata in 2026.   Multi-protocol support gives small value and is a high risk.   I would not go for multi-protocol support for a public server cause you are locking yourself to specific providers and the functionality they support. If you need to change (eg pricing issues), you will be locked to a handful of providers. And what are you really gaining from a new client on an old game version ? Better UI ? The engine is still the same, static targeting and menus.    Agentic AI will make old hard features easy to implement, and drop their money value. Pay for AI-proof value. And compared to what most insecure devs claim, its a very powerful tool that allows those who know how to use it to accelerate their development. So a lot of features that took in the past a lot of time and effort to be developed and were a reason to charge money, are becoming a commodity today. So think to: The thing I am paying money for right now, how easy will it be to implement in a year from now ? If for example you are paying money for a game launcher that Claude Code can generate in top 1 hour without issues, I think you are wasting money.    I want to emphasise this a lot. Software engineering is in a transition atm. Most things that were mediocre to implement, launchers, guards, CMS, are nowadays easy. Yet the dev community continues to market them as premium content. They are not, sooner or later, when everyone starts selling them, they will realize that they will have to offer value in more complex features.  Private or public ? Bottom line is that a private pack and 1000 euro wont get you a sucessful server. You're the one that make it or break it. There have been many sucessful servers both in private packs and public packs in the past. It's really on the hands of the beholder, not on the source. A pack that plays good is a good indicator to buy as Trance said, but I would disagree that it's not enough. A server owner is not a player. He's a business man and has to account for longevity, vendor lock-in, expandability, hidden costs,  amortization, price changes and many more. Don't pick a pack based on how it played only.    
    • You don’t even need to look for a ghost project. Just buy the files from a project you’ve personally tested or played. That’s a much better starting point.
    • TG Support: https://t.me/buyingproxysup | Channel: https://t.me/buyingproxycom Discord support: #buyingproxy | Server: Join the BuyingProxy Discord Server!  Create your free account here
    • You have to put deep inside your pocket for something like this, for sure 😄
    • Hello everyone, I'm looking for a High Five Java server pack for a long-term project. I'm not looking for free packs. I'm interested in purchasing a professional pack with full source code if it's worth the investment. My priorities are: Stable core Clean and well-structured source code Good geodata and AI Modern Community Board Offline Trade / Offline Craft Premium Account system Vote Reward system Auto Events (TvT, CTF, DM, etc.) HWID protection Auto Farm  Buffer / QoL systems Modern admin tools Good Olympiad & Seven Signs implementation Excellent instance support (Freya, Frintezza, Zaken, Beleth, etc.) A huge bonus would be: Multi-protocol support (High Five + newer clients such as Salvation/Classical clients) Full source code (no closed binaries) Some custom things over Elegia At the moment I'm considering packs like Sunrise and L2-Scripts, but I'd really like to hear opinions from people who have actually worked with them. If you've been running a serious High Five project, I'd appreciate your honest feedback: Which pack are you using? What are its strengths and weaknesses? Would you buy it again? Are there any better alternatives available today? I'm looking for real experience rather than advertisements. Thanks!
  • Topics

×
×
  • Create New...

Important Information

This community uses essential cookies to function properly. Non-essential cookies and third-party services are used only with your consent. Read our Privacy Policy and We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue..