­
Cramerz
  • ASP.NET
  • C++
  • CSS
  • HTML
  • Java
  • JavaScript
  • PHP
  • Python
  • SQL
  • WordPress
  • Other Courses
    • Computer Basics
    • Database Concepts
    • Dreamweaver
    • English Agency Law
    • English Company Law
    • Flash
    • MCSE
    • Networking Basics
    • Photoshop
    • XML
Select Page
  • ASP.NET
  • C++
  • CSS
  • HTML
  • Java
  • JavaScript
  • PHP
  • Python
  • SQL
  • WordPress
  • Other Courses
    • Computer Basics
    • Database Concepts
    • Dreamweaver
    • English Agency Law
    • English Company Law
    • Flash
    • MCSE
    • Networking Basics
    • Photoshop
    • XML

PHP Login System

0 comments

Most of the Websites have a sort of private section where normal users are not allowed. You can think about an ADMIN section where the webmaster finds his CMS, a private area with sensitive personal information or even just the email manager you use to handle your emails.

All of these cases have something in common: they restrict access to allowed users only, with a login system.

To create an authentication system you will need:

  • A database, a table called users with at least three columns: id, username, password
  • A HTML form where users fill in their usernames and passwords
  • A PHP script that will check if usernames and passwords provided actually exist
  • A private area users can access only if successfully logged in

STEP 1. create a table called users:

a) Use PhpMyAdmin or any other GUI to quickly create a table

CREATE  TABLE  `examples`.`users` (
 `id` INT( 5  )  UNSIGNED NOT  NULL  AUTO_INCREMENT  PRIMARY  KEY ,
 `username` VARCHAR( 50  )  NOT  NULL ,
 `password` VARCHAR( 50  )  NOT  NULL 
)

b) Insert a couple of users:

INSERT  INTO  `examples`.`newUsers` 
       ( `id` , `username` , `password` )

VALUES ( NULL ,  'john',  SHA1('johnPsw' ) ), 
       ( NULL ,  'james', SHA1('jamesPsw') ),
       ( NULL ,  'jim',   SHA1('jimPsw'  ) );

PLEASE NOTE: we are using the SHA1() function to encrypt passwords.

STEP 2. login form:

<!-- LOGIN FORM in: admin/index.php -->
<form method="post" action="#">
    <p><label for="u_name">username:</label></p>
    <p><input type="text" name="u_name" value=""></p>
    
    <p><label for="u_pass">password:</label></p>
    <p><input type="password" name="u_pass" value=""></p>
    
    <p><button type="submit" name="go">log me in</button></p>
</form>
<!-- A paragraph to display eventual errors -->
<p><strong><?php if(isset($error)){echo $error;}  ?></strong></p>

STEP 3. php script:

<?php #admin/index.php 
           #####[make sure you put this code before any html output]#####

//connect to server
$dbc = mysqli_connect('localhost','root','') or 
           die('could not connect: '. mysqli_connect_error());

//select db
mysqli_select_db($dbc, 'examples') or die('no db connection');

//check if the login form has been submitted
if(isset($_POST['go'])){
	#####form submitted, check data...#####
	
        //step 1a: sanitise and store data into vars (storing encrypted password)
	$usr = mysqli_real_escape_string($dbc, htmlentities($_POST['u_name']));
	$psw = SHA1($_POST['u_pass']) ; //using SHA1() to encrypt passwords  
     
        //step2: create query to check if username and password match
	$q = "SELECT * FROM users WHERE name='$usr' AND pass='$psw'  ";
	
	//step3: run the query and store result
	$res = mysqli_query($dbc, $q);

	//make sure we have a positive result
	if(mysqli_num_rows($res) == 1){
		#########  LOGGING IN  ##########
		//starting a session  
                session_start();

                //creating a log SESSION VARIABLE that will persist through pages   
		$_SESSION['log'] = 'in';

		//redirecting to restricted page
		header('location:restricted.php');
	} else {
                //create an error message   
		$error = 'Wrong details. Please try again';	
	}
}//end isset go
?> 
<!-- HTML FORM GOES HERE -->

STEP 4. restricted page:

<?php #admin/restricted.php 
           #####[make sure you put this code before any html output]#####

//starting the session
session_start();

//checking if a log SESSION VARIABLE has been set
if( !isset($_SESSION['log']) || ($_SESSION['log'] != 'in') ){
        //if the user is not allowed, display a message and a link to go back to login page
	echo "You are not allowed. <a href="index.php">back to login page</a>";
        
        //then abort the script
	exit();
}

/**
*      ####  CODE FOR LOG OUT #### click here to see the logout tutorial 
*/

?> 
<!-- RESTRICTED PAGE HTML GOES HERE -->

PHP Login System

Most of the Websites have a sort of private section where normal users are not allowed. You can think about an ADMIN section where the webmaster finds his CMS, a private area with sensitive personal information or even just the email manager you use to handle your emails.

All of these cases have something in common: they restrict access to allowed users only, with a login system.

To create an authentication system you will need:

  • A database, a table called users with at least three columns: id, username, password
  • A HTML form where users fill in their usernames and passwords
  • A PHP script that will check if usernames and passwords provided actually exist
  • A private area users can access only if successfully logged in

STEP 1. create a table called users:

a) Use PhpMyAdmin or any other GUI to quickly create a table

PHP
1
2
3
4
5
6
7
CREATE  TABLE  `examples`.`users` (
 
`id` INT( 5 ) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`username` VARCHAR( 50 ) NOT NULL ,
`password` VARCHAR( 50 ) NOT NULL
 
)

b) Insert a couple of users:

MySQL
1
2
3
4
5
6
7
8
9
10
11
INSERT  INTO  `examples`.`newUsers`
 
( `id` , `username` , `password` )
 
VALUES ( NULL , 'john', SHA1('johnPsw' ) ),
 
 
       ( NULL ,  'james', SHA1('jamesPsw') ),
 
( NULL , 'jim', SHA1('jimPsw' ) );

PLEASE NOTE: we are using the SHA1() function to encrypt passwords.

STEP 2. login form:

1
2
3
4
5
6
7
8
9
10
11
12
<!-- LOGIN FORM in: admin/index.php -->
<form method="post" action="#">
    <p><label for="u_name">username:</label></p>
    <p><input type="text" name="u_name" value=""></p>
 
<p><label for="u_pass">password:</label></p>
<p><input type="password" name="u_pass" value=""></p>
 
<p><button type="submit" name="go">log me in</button></p>
</form>
<!-- A paragraph to display eventual errors -->
<p><strong><?php if(isset($error)){echo $error;} ?></strong></p>

STEP 3. php script:

PHP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<?php #admin/index.php
           #####[make sure you put this code before any html output]#####
 
//connect to server
$dbc = mysqli_connect('localhost','root','') or
die('could not connect: '. mysqli_connect_error());
 
//select db
mysqli_select_db($dbc, 'examples') or die('no db connection');
 
//check if the login form has been submitted
if(isset($_POST['go'])){
#####form submitted, check data...#####
 
//step 1a: sanitise and store data into vars (storing encrypted password)
$usr = mysqli_real_escape_string($dbc, htmlentities($_POST['u_name']));
$psw = SHA1($_POST['u_pass']) ;
 
//using SHA1() to encrypt passwords  
    
        //step2: create query to check if username and password match
$q = "SELECT * FROM users WHERE name='$usr' AND pass='$psw'  ";
 
//step3: run the query and store result
$res = mysqli_query($dbc, $q);
 
//make sure we have a positive result
if(mysqli_num_rows($res) == 1){
######### LOGGING IN ##########
 
//starting a session  
                session_start();
 
 
//creating a log SESSION VARIABLE that will persist through pages  
$_SESSION['log'] = 'in';
 
//redirecting to restricted page
header('location:restricted.php');
} else {
 
//create an error message  
$error = 'Wrong details. Please try again';
}
}//end isset go
?>
<!-- HTML FORM GOES HERE -->

STEP 4. restricted page:

PHP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
<?php #admin/restricted.php
           #####[make sure you put this code before any html output]#####
 
//starting the session
 
session_start();
 
//checking if a log SESSION VARIABLE has been set
if( !isset($_SESSION['log']) || ($_SESSION['log'] != 'in') ){
//if the user is not allowed, display a message and a link to go back to login page
echo "You are not allowed. <a href="index.php">back to login page</a>";
 
//then abort the script
exit();
}
 
/**
* #### CODE FOR LOG OUT #### click here to see the logout tutorial
*/
 
?>
<!-- RESTRICTED PAGE HTML GOES HERE -->

 

PHP

Copyright © 2025 by Cramerz.