Hello all.

I've download and install a script register and login by php. the script is working well. i have plan to make 2-3 pages which diffirent each pages, and when the user/client login they will redirect to his own pages. please help me how to coded the script because i am newbie at php code.this is the code of that script.

login.php
PHP Code:
<?PHP
require_once("include/membersite_config.php");

if(isset(
$_POST['submitted']))
{
   if(
$fgmembersite->Login())
   {
        
$fgmembersite->RedirectToURL("login-home.php");
   }
   
}

?>
<?php 
include_once ('include/header.php') ; ?>
<!-- Form Code Start -->
<div id='fg_membersite'>
<form id='login' action='<?php echo $fgmembersite->GetSelfScript(); ?>' method='post' accept-charset='UTF-8'>
<fieldset >
<legend>Login</legend>

<input type='hidden' name='submitted' id='submitted' value='1'/>

<div class='short_explanation'>* required fields</div>

<div><span class='error'><?php echo $fgmembersite->GetErrorMessage(); ?></span></div>
<div class='container'>
    <label for='username' >User Name *:</label><br/>
    <input type='text' name='username' id='username' value='<?php echo $fgmembersite->SafeDisplay('username'?>' maxlength="50" /><br/>
    <span id='login_username_errorloc' class='error'></span>
</div>
<div class='container'>
    <label for='password' >Password *:</label><br/>
    <input type='password' name='password' id='password' maxlength="50" /><br/>
    <span id='login_password_errorloc' class='error'></span>
</div>

<div class='container'>
    <input type='submit' name='Submit' value='Submit' />
</div>
membership-config.php
PHP Code:
<?PHP

require_once("class.phpmailer.php");
require_once(
"formvalidator.php");

class 
FGMembersite
{
    var 
$admin_email;
    var 
$from_address;
    var 
$name;
    var 
$company;
    var 
$address;
    var 
$country;
    var 
$state;
    var 
$postal;
    var 
$phone;
    var 
$fax;
    var 
$email;
    var 
$website;
    var 
$situ;
    var 
$ip;
    var 
$pwd;
    var 
$database;
    var 
$tablename;
    var 
$connection;
    var 
$rand_key;
 
    var 
$error_message;
    
    
//-----Initialization -------
    
function FGMembersite()
    {
        
$this->sitename 'mydomain.com';
        
$this->rand_key '0iQx5oBk66oVZep';
    }
    
    function 
InitDB($host,$uname,$pwd,$database,$tablename)
    {
        
$this->db_host  $host;
        
$this->username $uname;
        
$this->pwd  $pwd;
        
$this->database  $database;
        
$this->tablename $tablename;
        
    }
    function 
SetAdminEmail($email)
    {
        
$this->admin_email $email;
    }
    
    function 
SetWebsiteName($sitename)
    {
        
$this->sitename $sitename;
    }
    
    function 
SetRandomKey($key)
    {
        
$this->rand_key $key;
    }
    
       
    function 
Login()
    {
        if(empty(
$_POST['username']))
        {
            
$this->HandleError("UserName is empty!");
            return 
false;
        }
        
        if(empty(
$_POST['password']))
        {
            
$this->HandleError("Password is empty!");
            return 
false;
        }
        
        
$username trim($_POST['username']);
        
$password trim($_POST['password']);
        
        if(!isset(
$_SESSION)){ session_start(); }
        if(!
$this->CheckLoginInDB($username,$password))
        {
            return 
false;
        }
        
        
$_SESSION[$this->GetLoginSessionVar()] = $username;
        
        return 
true;
    }
    
    function 
CheckLogin()
    {
         if(!isset(
$_SESSION)){ session_start(); }

         
$sessionvar $this->GetLoginSessionVar();
         
         if(empty(
$_SESSION[$sessionvar]))
         {
            return 
false;
         }
         return 
true;
    }
    
    function 
UserFullName()
    {
        return isset(
$_SESSION['name_of_user'])?$_SESSION['name_of_user']:'';
    }
    
    function 
UserEmail()
    {
        return isset(
$_SESSION['email_of_user'])?$_SESSION['email_of_user']:'';
    }
    
    function 
LogOut()
    {
        
session_start();
        
        
$sessionvar $this->GetLoginSessionVar();
        
        
$_SESSION[$sessionvar]=NULL;
        
        unset(
$_SESSION[$sessionvar]);
    }
    
   
    
    
//-------Public Helper functions -------------
    
function GetSelfScript()
    {
        return 
htmlentities($_SERVER['PHP_SELF']);
    }    
    
    function 
SafeDisplay($value_name)
    {
        if(empty(
$_POST[$value_name]))
        {
            return
'';
        }
        return 
htmlentities($_POST[$value_name]);
    }
    
    function 
RedirectToURL($url)
    {
        
header("Location: $url");
        exit;
    }
    
    function 
GetSpamTrapInputName()
    {
        return 
'sp'.md5('KHGdnbvsgst'.$this->rand_key);
    }
    
    function 
GetErrorMessage()
    {
        if(empty(
$this->error_message))
        {
            return 
'';
        }
        
$errormsg nl2br(htmlentities($this->error_message));
        return 
$errormsg;
    }    
    
//-------Private Helper functions-----------
    
    
function HandleError($err)
    {
        
$this->error_message .= $err."\r\n";
    }
    
    function 
HandleDBError($err)
    {
        
$this->HandleError($err."\r\n mysqlerror:".mysql_error());
    }
    
    function 
GetFromAddress()
    {
        if(!empty(
$this->from_address))
        {
            return 
$this->from_address;
        }

        
$host $_SERVER['SERVER_NAME'];

        
$from ="noreply@$host";
        return 
$from;
    } 
    
    function 
GetLoginSessionVar()
    {
        
$retvar md5($this->rand_key);
        
$retvar 'usr_'.substr($retvar,0,10);
        return 
$retvar;
    }
    
    function 
CheckLoginInDB($username,$password)
    {
        if(!
$this->DBLogin())
        {
            
$this->HandleError("Database login failed!");
            return 
false;
        }          
        
$username $this->SanitizeForSQL($username);
        
$pwdmd5 md5($password);
        
$qry "Select name, ip, email from $this->tablename where username='$username' and password='$pwdmd5' ";
        
        
$result mysql_query($qry,$this->connection);
        
        if(!
$result || mysql_num_rows($result) <= 0)
        {
            
$this->HandleError("Error logging in. The username or password does not match");
            return 
false;
        }
        
        
$row mysql_fetch_assoc($result);
        
        
        
$_SESSION['name_of_user']  = $row['name'];
        
$_SESSION['email_of_user'] = $row['email'];
        
        return 
true;
    }
    

    
    function 
ResetUserPasswordInDB($user_rec)
    {
        
$new_password substr(md5(uniqid()),0,10);
        
        if(
false == $this->ChangePasswordInDB($user_rec,$new_password))
        {
            return 
false;
        }
        return 
$new_password;
    }
    
    function 
ChangePasswordInDB($user_rec$newpwd)
    {
        
$newpwd $this->SanitizeForSQL($newpwd);
        
        
$qry "Update $this->tablename Set password='".md5($newpwd)."' Where  id_user=".$user_rec['id_user']."";
        
        if(!
mysql_query$qry ,$this->connection))
        {
            
$this->HandleDBError("Error updating the password \nquery:$qry");
            return 
false;
        }     
        return 
true;
    }
    
    function 
GetUserFromEmail($email,&$user_rec)
    {
        if(!
$this->DBLogin())
        {
            
$this->HandleError("Database login failed!");
            return 
false;
        }   
        
$email $this->SanitizeForSQL($email);
        
        
$result mysql_query("Select * from $this->tablename where email='$email'",$this->connection);  

        if(!
$result || mysql_num_rows($result) <= 0)
        {
            
$this->HandleError("There is no user with email: $email");
            return 
false;
        }
        
$user_rec mysql_fetch_assoc($result);

        
        return 
true;
    }
    
    function 
SendUserWelcomeEmail(&$user_rec)
    {
        
$mailer = new PHPMailer();
        
        
$mailer->CharSet 'utf-8';
        
        
$mailer->AddAddress($user_rec['email'],$user_rec['name']);
        
        
$mailer->Subject "Welcome to ".$this->sitename;

        
$mailer->From $this->GetFromAddress();        
        
        
$mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n".
        
"Welcome! Your registration  with ".$this->sitename." is completed.\r\n".
        
"\r\n".
        
"Regards,\r\n".
        
"Webmaster\r\n".
        
$this->sitename;

        if(!
$mailer->Send())
        {
            
$this->HandleError("Failed sending user welcome email.");
            return 
false;
        }
        return 
true;
    }
    
    function 
SendAdminIntimationOnRegComplete(&$user_rec)
    {
        if(empty(
$this->admin_email))
        {
            return 
false;
        }
        
$mailer = new PHPMailer();
        
        
$mailer->CharSet 'utf-8';
        
        
$mailer->AddAddress($this->admin_email);
        
        
$mailer->Subject "Registration Completed: ".$user_rec['name'];

        
$mailer->From $this->GetFromAddress();         
        
        
$mailer->Body ="A new user registered at ".$this->sitename."\r\n".
        
"Name: ".$user_rec['name']."\r\n".
        
"Email address: ".$user_rec['email']."\r\n";
        
        if(!
$mailer->Send())
        {
            return 
false;
        }
        return 
true;
    }
    
    function 
GetResetPasswordCode($email)
    {
       return 
substr(md5($email.$this->sitename.$this->rand_key),0,10);
    }
    
    function 
SendResetPasswordLink($user_rec)
    {
        
$email $user_rec['email'];
        
        
$mailer = new PHPMailer();
        
        
$mailer->CharSet 'utf-8';
        
        
$mailer->AddAddress($email,$user_rec['name']);
        
        
$mailer->Subject "Your reset password request at ".$this->sitename;

        
$mailer->From $this->GetFromAddress();
        
        
$link $this->GetAbsoluteURLFolder().
                
'/resetpwd.php?email='.
                
urlencode($email).'&code='.
                
urlencode($this->GetResetPasswordCode($email));

        
$mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n".
        
"There was a request to reset your password at ".$this->sitename."\r\n".
        
"Please click the link below to complete the request: \r\n".$link."\r\n".
        
"Regards,\r\n".
        
"Webmaster\r\n".
        
$this->sitename;
        
        if(!
$mailer->Send())
        {
            return 
false;
        }
        return 
true;
    }
    
  
    
    function 
ValidateRegistrationSubmission()
    {
        
//This is a hidden input field. Humans won't fill this field.
        
if(!empty($_POST[$this->GetSpamTrapInputName()]) )
        {
            
//The proper error is not given intentionally
            
$this->HandleError("Automated submission prevention: case 2 failed");
            return 
false;
        }
        
        
$validator = new FormValidator();
        
$validator->addValidation("name","req","Please fill in Name");
        
$validator->addValidation("company","req","Please fill in Company Name");
        
$validator->addValidation("address","req","Please fill in Company address");
        
$validator->addValidation("country","req","Please fill in Country");
        
$validator->addValidation("state","req","Please fill in state");
        
$validator->addValidation("postal","req","Please fill in postal");
        
$validator->addValidation("phone","req","Please fill in phone");
        
$validator->addValidation("fax","req","Please fill in fax");
        
$validator->addValidation("email","email","The input for Email should be a valid email value");
        
$validator->addValidation("website","req","Please fill in website");
        
        
        

        
        if(!
$validator->ValidateForm())
        {
            
$error='';
            
$error_hash $validator->GetErrors();
            foreach(
$error_hash as $inpname => $inp_err)
            {
                
$error .= $inpname.':'.$inp_err."\n";
            }
            
$this->HandleError($error);
            return 
false;
        }        
        return 
true;
    }
    
    function 
CollectRegistrationSubmission(&$formvars)
    {
        
$formvars['name'] = $this->Sanitize($_POST['name']);
        
$formvars['company'] = $this->Sanitize($_POST['company']);
        
$formvars['address'] = $this->Sanitize($_POST['address']);
        
$formvars['country'] = $this->Sanitize($_POST['country']);
        
$formvars['state'] = $this->Sanitize($_POST['state']);
        
$formvars['postal'] = $this->Sanitize($_POST['postal']);
        
$formvars['phone'] = $this->Sanitize($_POST['phone']);
        
$formvars['fax'] = $this->Sanitize($_POST['fax']);
        
$formvars['email'] = $this->Sanitize($_POST['email']);
        
$formvars['website'] = $this->Sanitize($_POST['website']);
        
$formvars['situ'] = $this->Sanitize($_POST['situ']);
        
$formvars['ip'] = $this->Sanitize($_SERVER['REMOTE_ADDR']);
        
    }
    
 
 
    function 
SaveToDatabase(&$formvars)
    {
        if(!
$this->DBLogin())
        {
            
$this->HandleError("Database login failed!");
            return 
false;
        }
        if(!
$this->Ensuretable())
        {
            return 
false;
        }
        if(!
$this->IsFieldUnique($formvars,'email'))
        {
            
$this->HandleError("This email is already registered");
            return 
false;
        }
        
          
        if(!
$this->InsertIntoDB($formvars))
        {
            
$this->HandleError("Inserting to Database failed!");
            return 
false;
        }
        return 
true;
    }
    
    function 
IsFieldUnique($formvars,$fieldname)
    {
        
$field_val $this->SanitizeForSQL($formvars[$fieldname]);
        
$qry "select username from $this->tablename where $fieldname='".$field_val."'";
        
$result mysql_query($qry,$this->connection);   
        if(
$result && mysql_num_rows($result) > 0)
        {
            return 
false;
        }
        return 
true;
    }
    
    function 
DBLogin()
    {

        
$this->connection mysql_connect($this->db_host,$this->username,$this->pwd);

        if(!
$this->connection)
        {   
            
$this->HandleDBError("Database Login failed! Please make sure that the DB login credentials provided are correct");
            return 
false;
        }
        if(!
mysql_select_db($this->database$this->connection))
        {
            
$this->HandleDBError('Failed to select database: '.$this->database.' Please make sure that the database name provided is correct');
            return 
false;
        }
        if(!
mysql_query("SET NAMES 'UTF8'",$this->connection))
        {
            
$this->HandleDBError('Error setting utf8 encoding');
            return 
false;
        }
        return 
true;
    }    
    
    function 
Ensuretable()
    {
        
$result mysql_query("SHOW COLUMNS FROM $this->tablename");   
        if(!
$result || mysql_num_rows($result) <= 0)
        {
            return 
$this->CreateTable();
        }
        return 
true;
    }
    
    function 
CreateTable()
    {
        
$qry "Create Table $this->tablename (".
                
"id_user INT NOT NULL AUTO_INCREMENT ,".
                
"name VARCHAR( 128 ) NOT NULL ,".
                
"company VARCHAR( 64 ) NOT NULL ,".
                
"address VARCHAR( 16 ) NOT NULL ,".
                
"country VARCHAR( 16 ) NOT NULL ,".
                
"state VARCHAR( 32 ) NOT NULL ,".
                
"postal VARCHAR(32) NOT NULL ,".
                
"phone VARCHAR(32) NOT NULL ,".
                
"fax VARCHAR(32) NOT NULL ,".
                
"email VARCHAR(32) NOT NULL ,".
                
"website VARCHAR(32) NOT NULL ,".
                
"situ VARCHAR(32) NOT NULL ,".
                
"ip VARCHAR(50) NOT NULL ,".
                
"PRIMARY KEY ( id_user )".
                
")";
                
        if(!
mysql_query($qry,$this->connection))
        {
            
$this->HandleDBError("Error creating the table \nquery was\n $qry");
            return 
false;
        }
        return 
true;
    }
    
    function 
InsertIntoDB(&$formvars)
    {
    
     
        
        
$insert_query 'insert into '.$this->tablename.'(
                name,
                company,
                address,
                country,
                state,
                postal,
                phone,
                fax,
                email,
                website,
                situ,
                ip
             
                )
                values
                (
                "' 
$this->SanitizeForSQL($formvars['name']) . '",
                "' 
$this->SanitizeForSQL($formvars['company']) . '",
                "' 
$this->SanitizeForSQL($formvars['address']) . '",
                "' 
$this->SanitizeForSQL($formvars['country']) . '",
                "' 
$this->SanitizeForSQL($formvars['state']) . '",
                "' 
$this->SanitizeForSQL($formvars['postal']) . '",
                "' 
$this->SanitizeForSQL($formvars['phone']) . '",
                "' 
$this->SanitizeForSQL($formvars['fax']) . '",
                "' 
$this->SanitizeForSQL($formvars['email']) . '",
                "' 
$this->SanitizeForSQL($formvars['website']) . '",
                "' 
$this->SanitizeForSQL($formvars['situ']) . '",
                "' 
$this->SanitizeForSQL($formvars['ip']) . '"
                )'
;      
        if(!
mysql_query$insert_query ,$this->connection))
        {
            
$this->HandleDBError("Error inserting data to the table\nquery:$insert_query");
            return 
false;
        }        
        return 
true;
    }

    function 
SanitizeForSQL($str)
    {
        if( 
function_exists"mysql_real_escape_string" ) )
        {
              
$ret_str mysql_real_escape_string$str );
        }
        else
        {
              
$ret_str addslashes$str );
        }
        return 
$ret_str;
    }
    
 
/*
    Sanitize() function removes any potential threat from the
    data submitted. Prevents email injections or any other hacker attempts.
    if $remove_nl is true, newline chracters are removed from the input.
    */
    
function Sanitize($str,$remove_nl=true)
    {
        
$str $this->StripSlashes($str);

        if(
$remove_nl)
        {
            
$injections = array('/(\n+)/i',
                
'/(\r+)/i',
                
'/(\t+)/i',
                
'/(%0A+)/i',
                
'/(%0D+)/i',
                
'/(%08+)/i',
                
'/(%09+)/i'
                
);
            
$str preg_replace($injections,'',$str);
        }

        return 
$str;
    }    
    function 
StripSlashes($str)
    {
        if(
get_magic_quotes_gpc())
        {
            
$str stripslashes($str);
        }
        return 
$str;
    }    
}
?>
Thanks so much and apologize for my bad english..