PHP

PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling

In this article, James presents a very simple way to add login/logout security in PHP using session handling.

Author Info:

By: James Ruttan

Poor Best

Rating:

/ 427

February 09, 2003

TABLE OF CONTENTS:

PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling - Building It Up
(Page 2 of 5 )

The first thing you will need for this is the MySQL table that will hold the login information. For the scope of this article each record will only hold three pieces of information:

Table: users

Column Name	Type	Null	Primary Key	Extra
user_id	int(8)	No	PK	AUTO
username	varchar(11)	No
password	varchar(32)	No

Once we have the table created, now we need to populate it with some user information.

INSERT INTO users (username, password) VALUES (‘someUser’, md5(‘somePass’));

The username and password values can be whatever you want tlhem to be. The md5() function is built into PHP, and will convert your password into a 32 character string. This is one good method for encrypting password information. Whenever you use this, though, you should be careful. The conversion is one-way, and you cannot decrypt your password to read it.

Are you asking yourself “Then how am I going to be able to make sure the user is entering the right password?” Don’t worry, all will be revealed.

Now let’s create the login.htm form:

<html>
<head>
<title>Login</title>
</head>
<body>
<form method="POST" action="login.php">
Username: <input type="text" name="username" size="20">
Password: <input type="password" name="password" size="20">
<input type="submit" value="Submit" name="login>
</form>
</body>
</html>

Let’s look at the code for login.php:

<?PHP
//check that the user is calling the page from the login form and not accessing it directly
//and redirect back to the login form if necessary
if (!isset($username) || !isset($password)) {
header( "Location: http://www.yourdomain/login.htm" );
}
//check that the form fields are not empty, and redirect back to the login page if they are
elseif (empty($username) || empty($password)) {
header( "Location: http://www.yourdomain.com/login.htm" );
}
else{

//convert the field values to simple variables

//add slashes to the username and md5() the password
$user = addslashes($_POST['username']);
$pass = md5($_POST['password']);

//set the database connection variables

$dbHost = "localhost";
$dbUser = "yourUsername";
$dbPass = "YourPassword";
$dbDatabase = "yourDB";

//connet to the database

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");

mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database.");

$result=mysql_query("select * from users where username='$user' AND password='$pass'", $db);

//check that at least one row was returned

$rowCheck = mysql_num_rows($result);
if($rowCheck > 0){
while($row = mysql_fetch_array($result)){

  //start the session and register a variable

  session_start();
  session_register('username');

  //successful login code will go here...
  echo 'Success!';

  //we will redirect the user to another page where we will make sure they're logged in
  header( "Location: checkLogin.php" );

  }

  }
  else {

  //if nothing is returned by the query, unsuccessful login code goes here...

  echo 'Incorrect login name or password. Please try again.';
  }
  }
  ?>

And that’s it. Good luck.

Next: Breaking It Down >>