How To: Create PHP and MySQL Login Script
In this tutorial I will explain on how to create PHP Login page with $_SESSION
array, do you know PHP $_SESSION
?, well, $_SESSION
is one of the best way to store information temporally (because it will remove when you leave your website or close your browser. If you need a permanent storage you may want to store the data in a database.), I will try to explain also on how to create Database with MySQL and how things work, this is very useful for PHP beginner specially those who want to learn more on PHP basic and advance stuff and of course this is very helpful for school project and for custom site functionality.
Demo
View the demo here.
Database
Table structure for table ‘users’.
CREATE TABLE IF NOT EXISTS 'users' (
'id' int(11) NOT NULL AUTO_INCREMENT,
'user' varchar(225) NOT NULL,
'pass' varchar(225) NOT NULL,
PRIMARY KEY ('id')
UNIQUE KEY 'user' ('user')
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;
config.php
Database configuration file
<?php
$host='localhost';
$user = 'mysqluser';
$pass = 'mysqlpass';
$db='database';
$con = mysql_connect($host, $user, $pass) or die('Error Connecting'.mysql_error());
mysql_select_db($db, $con) or die('Database not selected ::'. mysql_error());
?>
PHP
This contains HTML and PHP code in your index.php
file
<div class="container">
<?php
include_once('config.php');
session_start();
$errs = '';
if(isset($_POST['task'])) {
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
if( $username == "" || $password == "") {
$errs = '<p class="error">Fields are required.';
} else {
$sql = "SELECT * FROM users WHERE users='$username' AND pass='$password' ";
$qry = mysql_query( $sql );
$num_row = mysql_num_rows( $qry );
$r = mysql_fetch_object( $qry );
if( $num_row > 0 ) {
if( $username == $r->user && $password == $r->pass ) {
$_SESSION['username'] = $r->user;
$_SESSION['password'] = $r->pass;
$_SESSION['stats'] = 1;
header('Location:success.php');
}
} else {
$errs = '<p class="error">Invalid Username or Password.</p>';
}
}
}
?>
<form method="post" action="index.php">
<fieldset>
<input type="hidden" name="task" value="login" />
<table border="0" cellpadding="2" cellspacing="2">
<tr>
<td colspan="2" class="heading">PHP Login Page</td>
</tr>
<tr>
<td colspan="2">
<div><?php echo $errs; ?></div>
<div><?php echo (isset($_GET['log']) ? '<p class="success">You are now logged out.' : ''); ?></div>
</td>
</tr>
<tr>
<td><label for="username">Username:</label></td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td><label for="password">Password:</label></td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td><input type="submit" value="Log in" /></td>
</tr>
</table>
</fieldset>
</form>
</div>
success.php
This contain success message if you access the login page.
<?php
session_start();
if(isset($_SESSION['stat']) == 1) :
echo '<p>Welcome <strong>'. $_SESSION['username'] .'</strong>';
echo '<p><a href="logout.php">Logout</a></p>';
else:
echo '<p>This page is protected.</p>';
header('Refresh:2; URL=index.php');
endif;
?>
logout.php
Log out this will destroy SESSION value that store temporally
<?php
session_start();
session_destroy();
header('Location:index.php?log=true');
?>
style.css
To look our Log In page alive we need some touches
body{ font: normal 14px Tahoma;}
fieldset, img { border: 0;}
input[type="text"], input[type="password"]{ width: 200px;}
table {
background: #F9F9F9;
border: 1px solid #ccc;
padding: 8px;
}
table tr td label{
font: bold 12px Tahoma;
color: #666666;
}
.heading {
font-weight: bold;
background: #DADADA;
padding: 10px 2px;
}
p.error {
background: #FFEBE8;
border: 1px solid #DD3C10;
font: normal 12px Tahoma;
padding: 8px;
color: #DF2839;
}
p.success {
background: #FFFFE0;
border: 1px solid #E6DB55;
font: normal 12px Tahoma;
padding: 8px;
color: #000;
}
Before you can store user information in your PHP session, you must first start up the session.
The session_start() function must appear BEFORE the html tag
Happy coding ^_^