Create User Signup Page
Congratulations everyone for reaching Day 15. Now you have all the tools needed to start working on PHP projects!
Next 15 days we will be working on real project. So make sure you use same name for the example files now onwards, this is because we will be creating many all files, that will work together to form our final project.
Today we will create user signup page for our application. This have two pages, one HTML form page and a PHP page.
- signup.html
- signup.php
signup.html
This is the page where User enter his name, email address and password.
We don't ask for user name as we will be using email address as username to login to our application.
HTML Code:<!doctype html> <html lang="en"> <head> <meta charset="UTF-8"> <title>User Account Creation</title> </head> <body> <h1>Account Creation Form</h1> <form action="signup.php" method="POST"> Name <br> <input type="text" name="name" required> <br> Email <br> <input type="email" name="email" required> <br> Password <br> <input type="text" name="password" required> <br> <br> <button type="submit" name="submit" value="submit">Create Account</button> </form> </body> </html>
signup.php
This is backend script for signup.html, when user submit HTML form, this PHP script will read data through $_POST and save data to MYSQL Database.
This time, we have a new table called users as we are creating user accounts.
Make sure you create account using your own email as script will sent welcome mail. We will need to remember this email address and password for coming days as we will be working on it.PHP Code:
<?php
if (isset($_POST['submit'])) {
echo '<p>Server got following data through POST method.</p>';
echo '<pre>';
print_r($_POST);
echo '</pre>';
// lets read data from $_POST
$name = $_POST['name'];
$email = $_POST['email'];
$password = $_POST['password'];
// Connect to MYSQL Server
$db_server = '127.0.0.1';
$db_user = 'fwhphp_user';
$db_password = 'k5BJRaX6SFbs';
$db_name = 'fwhphp_db';
$mysqli = new mysqli($db_server, $db_user, $db_password, $db_name);
if ($mysqli->connect_errno) {
echo 'Connect failed: ' . $mysqli->connect_error;
exit();
}
// Lets save user submitted information to database.
$sql = "INSERT INTO `users` SET
`name`='" . $name . "',
`email`='" . $email . "',
`password`='" . $password . "'";
if ($mysqli->query($sql) === TRUE) {
echo '<h1>User Account Created. Welcome mail sent to ' . $email . '</h1>';
// lets send a welcome mail to user.
// With name, email address and password.
$mailMessage = "
Hello $name,
Your account created.
Email: $email
Password: $password
Please keep this password secure as we will need it for coming days.
";
mail($_POST['email'], 'Your account created', $mailMessage, "From: [email protected]\n\r");
} else {
echo '<h1>Failed to create user account</h1>';
echo $mysqli->error;
}
} else {
die('I got no data with POST method, have some ?');
}
We will create a reset password option for those who forget password, but it will be done after few days, so don't forget your password before that :)
Important
- You can only signup once per email account as in database, we set email field to unique.
- We do not validate email address, name or password on PHP side, this is bad practice. But we are just starting to code, so that is fine for now.
- We need to sanitize user input before passing it to mysql, or hackers can hack our web site, get all passwords. We will sanitize user inputs in coming days. We will be updating same signup.php, so name it exactly same as we will refer it/use it until end of the course.
- Now passwords are stored in plain text. That is bad practice, never do it in real life application, always encrypt password, so no one can read it.
Security
We are creating this script to learn PHP, so we don't add some essential checking required to make the script secure.
Number 1 rule to secure Web Application is never trust user. Always validate user input, if not your site can get hacked. We will secure our web application in the coming days.
Bookmarks