PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling - Building It Up

(Page 2 of 5 )

The first thing you will need for this is the MySQL table that will hold the login information. For the scope of this article each record will only hold three pieces of information:

Table: users

Column Name	Type	Null	Primary Key	Extra
user_id	int(8)	No	PK	AUTO
username	varchar(11)	No
password	varchar(32)	No

Once we have the table created, now we need to populate it with some user information.

INSERT INTO users (username, password) VALUES (‘someUser’, md5(‘somePass’));

The username and password values can be whatever you want tlhem to be. The md5() function is built into PHP, and will convert your password into a 32 character string. This is one good method for encrypting password information. Whenever you use this, though, you should be careful. The conversion is one-way, and you cannot decrypt your password to read it.

Are you asking yourself “Then how am I going to be able to make sure the user is entering the right password?” Don’t worry, all will be revealed.

Now let’s create the login.htm form:

<html>
<head>
<title>Login</title>
</head>
<body>
<form method="POST" action="login.php">
Username: <input type="text" name="username" size="20">
Password: <input type="password" name="password" size="20">
<input type="submit" value="Submit" name="login>
</form>
</body>
</html>

Let’s look at the code for login.php:

<?PHP
//check that the user is calling the page from the login form and not accessing it directly
//and redirect back to the login form if necessary
if (!isset($username) || !isset($password)) {
header( "Location: http://www.yourdomain/login.htm" );
}
//check that the form fields are not empty, and redirect back to the login page if they are
elseif (empty($username) || empty($password)) {
header( "Location: http://www.yourdomain.com/login.htm" );
}
else{

//convert the field values to simple variables

//add slashes to the username and md5() the password
$user = addslashes($_POST['username']);
$pass = md5($_POST['password']);


//set the database connection variables

$dbHost = "localhost";
$dbUser = "yourUsername";
$dbPass = "YourPassword";
$dbDatabase = "yourDB";

//connet to the database

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");

mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database.");

$result=mysql_query("select * from users where username='$user' AND password='$pass'", $db);

//check that at least one row was returned

$rowCheck = mysql_num_rows($result);
if($rowCheck > 0){
while($row = mysql_fetch_array($result)){

  //start the session and register a variable

  session_start();
  session_register('username');

  //successful login code will go here...
  echo 'Success!';

  //we will redirect the user to another page where we will make sure they're logged in
  header( "Location: checkLogin.php" );

  }

  }
  else {

  //if nothing is returned by the query, unsuccessful login code goes here...

  echo 'Incorrect login name or password. Please try again.';
  }
  }
  ?>

And that’s it. Good luck.

Next: Breaking It Down >>
 

More PHP Articles
More By James Ruttan

Comments On: PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling

· Hi James,a very clear and well-described article, thankyou. I have looked at...    · It can be so hard to find a true "beginners" tutorial, but this explains it all very...    · Hello there,I've been trying to use your tutorial and first it seemed excellent....    · ok, I've checked these through and after reading it over and over again I found out...    · You have to use $_REQUEST['username'] and $_REQUEST['password'] at the top of the...    · very good and usefull article, but you could have included some reasons if your...    · I've seen too many retarded login tutorials today, and I have to say, yours is the...    · I am one of those coders who prefers to be able to doublecheck things for myself....    · Well spotted chaps... a little oversight by James, but nonetheless a very good...   >>> Post your comment now!