PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling - Breaking It Down

(Page 3 of 5 )

All right, I’m kidding. We’re going to take a closer look at the code and see what it’s doing. We’ll start with login.php.

<?PHP
//check that the user is calling the page from the login form and not accessing it directly
//and redirect back to the login form if necessary
if (!isset($username) || !isset($password)) {
header( "Location: http://www.yourdomain/login.htm" );
}
//check that the form fields are not empty, and redirect back to the login page if they are
elseif (empty($username) || empty($password)) {
header( "Location: http://www.yourdomain.com/login.htm" );
}

This part of the code will check to make sure that the user is actually coming from login.htm, and not accessing the code directly. If they haven’t gotten here by using the login form, it will redirect them back to the page. If they have tried to login, the second part will verify that they didn’t submit any blank fields. If they have, it will send them back to try again.

else{

//convert the field values to simple variables

//add slashes to the username and md5() the password
$user = addslashes($_POST['username']);
$pass = md5($_POST['password']);


//set the database connection variables

$dbHost = "localhost";
$dbUser = "yourUsername";
$dbPass = "YourPassword";
$dbDatabase = "yourDB";

//connet to the database

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");

mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database.");

The $_POST variable is a global PHP variable. The syntax is $_POST[‘input_variable’], where input_variable is the name of the input field on the form, in this case, username and password. This holds the data that was posted from the input fields on the form. The addslashes() function will add slashes to the username string, automatically escaping any quotes in the string. The md5 function, again, will convert the string that the user has entered for the password field into a 32 character string. We convert the input from the form fields to simple variables to make the information easier to work with.

Once we have handled the input from the form, we must now connect to the database using the mysql_connect() function, then select the individual database we will be working with by using the mysql_select_db() function.

$result=mysql_query("select * from users where username='$user' AND password='$pass'", $db);

//check that at least one row was returned

$rowCheck = mysql_num_rows($result);
if($rowCheck > 0){
while($row = mysql_fetch_array($result)){

  //start the session and register a variable

  session_start();
  session_register('user');

  //successful login code will go here...
  echo 'Success!';

  //we will redirect the user to another page where we will make sure they're logged in
  header( "Location: checkLogin.php" );

  }

  }
  else {

  //if nothing is returned by the query, unsuccessful login code goes here...

  echo 'Incorrect login name or password. Please try again.';
  }
  }
  ?>

Now that we’re connected to the database, let’s verify the user. We start by querying the database table users to make sure the username and password information submitted by the user exists. If the information is found and a row returned, from here we will login the user and set the session variable needed for protecting the rest of our area.

To begin, we use session_start(). This is used to start the user’s session based on the current session id being passed by the POST method from login.htm. Once we have the session started, we register a variable that will be passed along as long as the current user’s session is active. In this case we’re using the variable $user, which we assigned the data from $_POST[‘username’]. After we have the session variable registered, we will then redirect the user to our next page, which can only be accessed by a user who is logged in.

The end of the code is in case the user’s name and password cannot be found in the database. In which case they can be redirected to another page, an error message can be displayed, or they can be redirected back to the login page.

Next: Moving It Around >>
 

More PHP Articles
More By James Ruttan

Comments On: PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling

· Hi James,a very clear and well-described article, thankyou. I have looked at...    · It can be so hard to find a true "beginners" tutorial, but this explains it all very...    · Hello there,I've been trying to use your tutorial and first it seemed excellent....    · ok, I've checked these through and after reading it over and over again I found out...    · You have to use $_REQUEST['username'] and $_REQUEST['password'] at the top of the...    · very good and usefull article, but you could have included some reasons if your...    · I've seen too many retarded login tutorials today, and I have to say, yours is the...    · I am one of those coders who prefers to be able to doublecheck things for myself....    · Well spotted chaps... a little oversight by James, but nonetheless a very good...   >>> Post your comment now!