Cramerz
  • ASP.NET
  • C++
  • CSS
  • HTML
  • Java
  • JavaScript
  • PHP
  • Python
  • SQL
  • WordPress
  • Other Courses
    • Computer Basics
    • Database Concepts
    • Dreamweaver
    • English Agency Law
    • English Company Law
    • Flash
    • MCSE
    • Networking Basics
    • Photoshop
    • XML
Select Page

PHP Login System

Most of the Websites have a sort of private section where normal users are not allowed. You can think about an ADMIN section where the webmaster finds his CMS, a private area with sensitive personal information or even just the email manager you use to handle your emails.

All of these cases have something in common: they restrict access to allowed users only, with a login system.

To create an authentication system you will need:

  • A database, a table called users with at least three columns: id, username, password
  • A HTML form where users fill in their usernames and passwords
  • A PHP script that will check if usernames and passwords provided actually exist
  • A private area users can access only if successfully logged in

STEP 1. create a table called users:

a) Use PhpMyAdmin or any other GUI to quickly create a table

PHP
1
2
3
4
5
6
7
CREATE  TABLE  `examples`.`users` (
 
`id` INT( 5 ) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`username` VARCHAR( 50 ) NOT NULL ,
`password` VARCHAR( 50 ) NOT NULL
 
)

b) Insert a couple of users:

MySQL
1
2
3
4
5
6
7
8
9
10
11
INSERT  INTO  `examples`.`newUsers`
 
( `id` , `username` , `password` )
 
VALUES ( NULL , 'john', SHA1('johnPsw' ) ),
 
 
       ( NULL ,  'james', SHA1('jamesPsw') ),
 
( NULL , 'jim', SHA1('jimPsw' ) );

PLEASE NOTE: we are using the SHA1() function to encrypt passwords.

STEP 2. login form:

1
2
3
4
5
6
7
8
9
10
11
12
<!-- LOGIN FORM in: admin/index.php -->
<form method="post" action="#">
    <p><label for="u_name">username:</label></p>
    <p><input type="text" name="u_name" value=""></p>
 
<p><label for="u_pass">password:</label></p>
<p><input type="password" name="u_pass" value=""></p>
 
<p><button type="submit" name="go">log me in</button></p>
</form>
<!-- A paragraph to display eventual errors -->
<p><strong><?php if(isset($error)){echo $error;} ?></strong></p>

STEP 3. php script:

PHP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<?php #admin/index.php
           #####[make sure you put this code before any html output]#####
 
//connect to server
$dbc = mysqli_connect('localhost','root','') or
die('could not connect: '. mysqli_connect_error());
 
//select db
mysqli_select_db($dbc, 'examples') or die('no db connection');
 
//check if the login form has been submitted
if(isset($_POST['go'])){
#####form submitted, check data...#####
 
//step 1a: sanitise and store data into vars (storing encrypted password)
$usr = mysqli_real_escape_string($dbc, htmlentities($_POST['u_name']));
$psw = SHA1($_POST['u_pass']) ;
 
//using SHA1() to encrypt passwords  
    
        //step2: create query to check if username and password match
$q = "SELECT * FROM users WHERE name='$usr' AND pass='$psw'  ";
 
//step3: run the query and store result
$res = mysqli_query($dbc, $q);
 
//make sure we have a positive result
if(mysqli_num_rows($res) == 1){
######### LOGGING IN ##########
 
//starting a session  
                session_start();
 
 
//creating a log SESSION VARIABLE that will persist through pages  
$_SESSION['log'] = 'in';
 
//redirecting to restricted page
header('location:restricted.php');
} else {
 
//create an error message  
$error = 'Wrong details. Please try again';
}
}//end isset go
?>
<!-- HTML FORM GOES HERE -->

STEP 4. restricted page:

PHP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
<?php #admin/restricted.php
           #####[make sure you put this code before any html output]#####
 
//starting the session
 
session_start();
 
//checking if a log SESSION VARIABLE has been set
if( !isset($_SESSION['log']) || ($_SESSION['log'] != 'in') ){
//if the user is not allowed, display a message and a link to go back to login page
echo "You are not allowed. <a href="index.php">back to login page</a>";
 
//then abort the script
exit();
}
 
/**
* #### CODE FOR LOG OUT #### click here to see the logout tutorial
*/
 
?>
<!-- RESTRICTED PAGE HTML GOES HERE -->

 

PHP

  • Php Basics

  • What Is PHP
  • PHP Tags
  • PHP Comments
  • PHP Output Data
  • PHP Variables
  • PHP Data Types
  • PHP Data Types
  • PHP If Else
  • PHP Switch
  • PHP Arrays
  • PHP Operators
  • PHP Include
  • PHP Loops
  • PHP Functions
  • PHP Send Emails
  • PHP Constants
  • Php Global Variables

  • PHP Global Variables
  • PHP Get
  • PHP Post
  • PHP Session
  • PHP Cookie
  • PHP Files
  • PHP Request
  • PHP Env
  • PHP Server
  • Php Mysql Database

  • PHP Create And Drop A DB
  • PHP Create A DB Table
  • PHP Database Queries
  • PHP Connect To Db
  • PHP Insert To Db
  • PHP Select From Db
  • PHP Delete From DB
  • PHP Update Db
  • PHP Database Security
  • Php Login Project

  • PHP Login System
  • PHP Logout
  • PHP OOP

  • Object Oriented Programming
  • PHP Properties And Methods
  • PHP Objects And Classes
  • PHP The Constructor Method
  • PHP Inheritance

Copyright © 2023 by Cramerz.