Friday, July 30, 2010

PHP Login Script Tutorial

Learn to create a simple login system with php + mysql script, this tutorial easy to follow, teach you step by step.


Overview


In this tutorial create 3 files
1. main_login.php
2. checklogin.php
3. login_success.php

Step
1. Create table "members" in database "test".
2. Create file main_login.php.
3. Create file checklogin.php.
4. Create file login_success.php.
5. Create file logout.php


Step1:


Create table "members"


{code type=codetype}

CREATE TABLE `members` (
`id` int(4) NOT NULL auto_increment,
`username` varchar(65) NOT NULL default '',
`password` varchar(65) NOT NULL default '',
PRIMARY KEY (`id`)
) TYPE=MyISAM AUTO_INCREMENT=2 ;


--
-- Dumping data for table `members`
--


{/code}

{code type=codetype}

INSERT INTO `members` VALUES (1, 'john', '1234');


{/code}


Step2:


Create file main_login.php



View In Browser


|---|--------------------- code --------------------|---|


{code type=codetype}

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>


{/code}

Step3:


Create file checklogin.php


|---|--------------------- code --------------------|---|
{code type=codetype}

<?php
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name


// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");


// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];


// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);


$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);


// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row


if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>


{/code}

Step4:


Create file login_success.php


|---|--------------------- code --------------------|---|


{code type=codetype}

// Check if session is not registered , redirect back to main page.
// Put this code in first line of web page.
<?
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>

<html>
<body>
Login Successful
</body>
</html>


{/code}

Step5:


Logout.php


If you want to logout, create this file

{code type=codetype}
// Put this code in first line of web page.
<?
session_start();
session_destroy();
?>
{/code}

Step6:


For PHP5 User - checklogin.php


|---|--------------------- code --------------------|---|


{code type=codetype}
<?php
ob_start();
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");


// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];


// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);


$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);


// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row


if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}


ob_end_flush();
?>


{/code}

Step7:


Encrypting Password - Make your Login More Secure



Read more about encrypting password here

Posted by at
Labels:

6 comments:

  1. Jhon MaryJuly 31, 2010 at 12:42 AM

    Great Blog here my friend! Very informative, I appreciate all the information that you just shared with me very much and I'll be back to read more in the future.

    ReplyDelete
  2. Tutorial LoungeAugust 2, 2010 at 4:20 AM

    short and useful tutorial with informative tips. thanks

    ReplyDelete
  3. tinnitisAugust 9, 2010 at 4:50 PM

    Well I found this on Digg, and I like it so I dugg it!

    ReplyDelete
  4. Reinaldo RodriguelAugust 21, 2010 at 1:48 AM

    Great Blog.Check Out Miniurlz To Make Your Urls Shorter

    ReplyDelete
  5. mode20100August 25, 2010 at 11:57 AM

    A+ would read again

    ReplyDelete
  6. deranjerOctober 17, 2010 at 11:20 AM

    Session_register is depreciated and should not be used anymore. You should update your script to use $_SESSION instead.

    ReplyDelete

Subscribe to: Post Comments (Atom)