4 Red PixelsPHP login example using MySQL and Session Cookies
Here I'm going to display a PHP login example.
If your website has any community based activities such as a forum, networking website, some blogging websites, websites that need to hold data on users and websites that need to stop certain users from accessing certain areas of the website then you will need a login script.
In this login example I am going to show you very basically using PHP, MySQL and Session Cookies. If you're using ASP then this login example will not work on your web server.
Firstly you will need to setup a table on an online database. The table should be called something like "users" or "logins".
For a very basic login example the online database table will only need 3 fields - id, username and password.
Seperate from this login example you will need to create a register page which will populate your online database table with the relevant values, and also be sure to encrypt the passwords when they're being saved using the md5() function.
On our login example page we're going to display 2 text boxes, username and password, and then a submit button.
<form action="login.php" method="post" name="login">
<p><label for="username">Username:</label><br />
<input name="username" id="username" value="" type="text" /></p>
<p><label for="password">Password:</label><br />
<input name="password" id="password" value="" type="password" /></p>
<input type="submit" name="submit" value="Login" />
</form>
Once the form is submitted it will go to the page login.php which is the page we're currently on.
Above the login form on the same login example page we're going to add some PHP which will check the login.
<?php
session_start();
if (isset($_POST['submit'])) //If the form has been submitted
{
//Connect to database
$query = "SELECT password FROM logins WHERE username = '" . $_POST['username'] . "'";
$result = mysql_query($query);
$row = mysql_fetch_array($result);
mysql_close();
if ($row['password'] == md5($_POST['password'])) //Remember to encrypt our value
{
//Login success - set session cookie
$_SESSION['u']=$_POST['username'];
$_SESSION['p']=md5($_POST['password']);
header ("Location: login_success.php"); //Redirect the user to a logged in page
exit; //Do not display any more script for this page
}
else
{
//Login area, display the login form as before
}
This login example is very simple and will need to carry out some error checking and also you'll want to addslashes in order to stop anyone from carrying out a MySQL injection. A MySQL injection is a way of hacking the login script to log anyone in. They even have the power to delete everything on your database table!
Also you will notice in the login example above that I have a PHP comment saying "//Connect to database" - here you will need to either include a file that connects to your database, or add in the database connection string.
Another common thing when using the php md5() function, we also add salt. Salt being a few random characters, so even if the user uses "test" as their password, when the password is put through the md5() function, it's not a common md5() hash, but instead because of the salt (random characters, numbers and symbols), the md5 hash will not be recognisable.
Now that you've logged in successfully the session cookies for your username and encrypted password have been set. In a commonly included php file you will need to check the user is logged in - by doing this you can use the session cookie variables, that way if the user is logged in you can display one page, otehrwise you can re-show the login screen.
Like I say this is a very basic PHP login example, please make sure you play with this code to make the script more secure.