Home arrow PHP arrow Page 3 - PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling

PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling

In this article, James presents a very simple way to add login/logout security in PHP using session handling.

Author Info:
By: James Ruttan
Rating: 4 stars4 stars4 stars4 stars4 stars / 478
February 09, 2003
  1. · PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling
  2. · Building It Up
  3. · Breaking It Down
  4. · Moving It Around
  5. · Conclusion

print this article

PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling - Breaking It Down
(Page 3 of 5 )

All right, I’m kidding. We’re going to take a closer look at the code and see what it’s doing. We’ll start with login.php.

//check that the user is calling the page from the login form and not accessing it directly
//and redirect back to the login form if necessary
if (!isset($username) || !isset($password)) {
header( "Location: http://www.yourdomain/login.htm" );
//check that the form fields are not empty, and redirect back to the login page if they are
elseif (empty($username) || empty($password)) {
header( "Location: http://www.yourdomain.com/login.htm" );

This part of the code will check to make sure that the user is actually coming from login.htm, and not accessing the code directly. If they haven’t gotten here by using the login form, it will redirect them back to the page. If they have tried to login, the second part will verify that they didn’t submit any blank fields. If they have, it will send them back to try again.


//convert the field values to simple variables

//add slashes to the username and md5() the password
$user = addslashes($_POST['username']);
$pass = md5($_POST['password']);

//set the database connection variables

$dbHost = "localhost";
$dbUser = "yourUsername";
$dbPass = "YourPassword";
$dbDatabase = "yourDB";

//connet to the database

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");

mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database.");

The $_POST variable is a global PHP variable. The syntax is $_POST[‘input_variable’], where input_variable is the name of the input field on the form, in this case, username and password. This holds the data that was posted from the input fields on the form. The addslashes() function will add slashes to the username string, automatically escaping any quotes in the string. The md5 function, again, will convert the string that the user has entered for the password field into a 32 character string. We convert the input from the form fields to simple variables to make the information easier to work with.

Once we have handled the input from the form, we must now connect to the database using the mysql_connect() function, then select the individual database we will be working with by using the mysql_select_db() function.

$result=mysql_query("select * from users where username='$user' AND password='$pass'", $db);

//check that at least one row was returned

$rowCheck = mysql_num_rows($result);
if($rowCheck > 0){
while($row = mysql_fetch_array($result)){

  //start the session and register a variable


  //successful login code will go here...
  echo 'Success!';

  //we will redirect the user to another page where we will make sure they're logged in
  header( "Location: checkLogin.php" );


  else {

  //if nothing is returned by the query, unsuccessful login code goes here...

  echo 'Incorrect login name or password. Please try again.';

Now that we’re connected to the database, let’s verify the user. We start by querying the database table users to make sure the username and password information submitted by the user exists. If the information is found and a row returned, from here we will login the user and set the session variable needed for protecting the rest of our area.

To begin, we use session_start(). This is used to start the user’s session based on the current session id being passed by the POST method from login.htm. Once we have the session started, we register a variable that will be passed along as long as the current user’s session is active. In this case we’re using the variable $user, which we assigned the data from $_POST[‘username’]. After we have the session variable registered, we will then redirect the user to our next page, which can only be accessed by a user who is logged in.

The end of the code is in case the user’s name and password cannot be found in the database. In which case they can be redirected to another page, an error message can be displayed, or they can be redirected back to the login page.
blog comments powered by Disqus

- Removing Singletons in PHP
- Singletons in PHP
- Implement Facebook Javascript SDK with PHP
- Making Usage Statistics in PHP
- Installing PHP under Windows: Further Config...
- File Version Management in PHP
- Statistical View of Data in a Clustered Bar ...
- Creating a Multi-File Upload Script in PHP
- Executing Microsoft SQL Server Stored Proced...
- Code 10x More Efficiently Using Data Access ...
- A Few Tips for Speeding Up PHP Code
- The Modular Web Page
- Quick E-Commerce with PHP and PayPal
- Regression Testing With JMeter
- Building an Iterator with PHP

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 

Developer Shed Affiliates


© 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials