Basic Login Script with PHP

A rudimentary login script tutorial aimed at those looking to learn ho

Page 1 of 1

8 Replies - 2603 Views - Last Post: 29 May 2008 - 11:12 AM Rate Topic: -----

#1 akozlik  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 90
  • View blog
  • Posts: 797
  • Joined: 25-February 08

Basic Login Script with PHP

Post icon  Posted 22 May 2008 - 09:51 AM

This tutorial will attempt to teach you how to build a rudimentary login system for your site. It's assumed that you understand MySQL concepts, as well as session variables and form handling.

To begin, you will need to create a new table in your database named 'users'. In this database create three new fields 'id' (primary key), 'username', 'password'. You can add more fields as you need them later. For now we're just going to worry about checking for an existing username and password combination.

Next, create your html page with the login form. Below is a quick sample of a form you can build.

<form action="checkLogin.php" method="post">
	 <table>
		  <tr>
			   <td>Username: </td>
			   </td><input type="text" name="user"></td>
		  </tr>
		  <tr>
			   <td>Password: </td>
			   <td><input type="password" name="pass"></td>
		  </tr>
				  <tr>
						   <td></td>
						   <td><input type="submit" value="Submit"></td>
				  </tr>
	 </table>
</form>



Please notice that we are using the POST method for the form. This is to ensure that the username and password aren't passed as URL parameters, which is a security flaw for obvious reasons.

Next we'll code our checkLogin.php page. This page is going to select all the rows with matching username and password combinations. There should only be one row that does so, which is our valid row. I'm not going to cover data integrity here, but you'll definitely want to sanitze your data from SQL injection. Keeping in the theme of my tutorials though, I only want to focus on the task at hand.

<?php
// checkLogin.php

session_start(); // Start a new session
require('conn.php'); // Holds all of our database connection information

// Get the data passed from the form
$username = $_POST['user'];
$password = $_POST['password'];

// Do some basic sanitizing
$username = stripslashes($username);
$password = stripslashes($password);

$sql = "select * from users where username = '$username' and password = '$password'";
$result = mysql_query($sql) or die ( mysql_error() );

$count = 0;

while ($line = mysql_fetch_assoc($result)) {
	 $count++;
}

if ($count == 1) {
	 $_SESSION['loggedIn'] = "true";
	 header("Location: loginSuccess.php"); // This is wherever you want to redirect the user to
} else {
	 $_SESSION['loggedIn'] = "false";
	 header("Location: loginFailed.php"); // Wherever you want the user to go when they fail the login
}

?>



You may want to consider posting the form to PHP_SELF for basic error handling, or you can pass error messages through the url parameter, it's up to you. As I said, this is just a rudimentary example of how to set up a basic user login script. From here, if you want to check and see if a user is logged in, just put the following at the top of a page.

<?php
session_start();
if ($_SESSION['loggedIn'] != "true") {
	 header("Location: http://www.whatever.com/login.php");
}

?>



Naturally there are many different ways to achieve the same thing in PHP. This script is great for basic logins, but may not be what you need for something more complex. Adapt it to your needs or just use it as a place to begin learning. Hope everything is clear with the instructions. As usual, questions and comments are more than welcome. Take care.

This post has been edited by akozlik: 22 May 2008 - 03:11 PM


Is This A Good Question/Topic? 0
  • +

Replies To: Basic Login Script with PHP

#2 akozlik  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 90
  • View blog
  • Posts: 797
  • Joined: 25-February 08

Re: Basic Login Script with PHP

Posted 22 May 2008 - 12:03 PM

Damn, this was actually supposed to be submitted under Tutorials. I resubmitted it under that category, but I can't seem to close it out here. If the Admin or Moderators can help let me know.
Was This Post Helpful? 0
  • +
  • -

#3 girasquid  Icon User is offline

  • Barbarbar
  • member icon

Reputation: 108
  • View blog
  • Posts: 1,825
  • Joined: 03-October 06

Re: Basic Login Script with PHP

Posted 22 May 2008 - 01:50 PM

Just a tip - you don't have a submit button on your form.
Was This Post Helpful? 0
  • +
  • -

#4 akozlik  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 90
  • View blog
  • Posts: 797
  • Joined: 25-February 08

Re: Basic Login Script with PHP

Posted 22 May 2008 - 03:12 PM

View Postgirasquid, on 22 May, 2008 - 01:50 PM, said:

Just a tip - you don't have a submit button on your form.


Indeed I didn't. It's edited. Thanks for catching that.
Was This Post Helpful? 0
  • +
  • -

#5 rjolitz  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 3
  • View blog
  • Posts: 110
  • Joined: 17-May 08

Re: Basic Login Script with PHP

Posted 23 May 2008 - 05:03 AM

Thank you for this. Very easy to follow!

Rich



View Postakozlik, on 22 May, 2008 - 09:51 AM, said:

This tutorial will attempt to teach you how to build a rudimentary login system for your site. It's assumed that you understand MySQL concepts, as well as session variables and form handling.

Was This Post Helpful? 0
  • +
  • -

#6 JBrace1990  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 110
  • View blog
  • Posts: 760
  • Joined: 09-March 08

Re: Basic Login Script with PHP

Posted 23 May 2008 - 05:57 AM

for a basic script, it's actually pretty good... however I would suggest adding in some type of password hashing, such as MD5 or SHA-1....

you also might want to include setting up the database....

now, since it's a tutorial, and a basic one, I won't go into the more detailed, such as COUNT(*) ;)
Was This Post Helpful? 0
  • +
  • -

#7 akozlik  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 90
  • View blog
  • Posts: 797
  • Joined: 25-February 08

Re: Basic Login Script with PHP

Posted 23 May 2008 - 09:35 AM

View PostJBrace1990, on 23 May, 2008 - 05:57 AM, said:

for a basic script, it's actually pretty good... however I would suggest adding in some type of password hashing, such as MD5 or SHA-1....


I definitely agree with the hashing. I meant to mention something about it, but I forgot. You should definitely be hashing your passwords before you store them in the database, and then hash the login password and check that against the one stored.

Also, using COUNT is a good idea. That just shows that there are many different ways to achieve the same affect. Using COUNT would actually be more efficient, but I figured this would be a good way to get people started on user authentication.

Thanks for the comments and suggestions.
Was This Post Helpful? 0
  • +
  • -

#8 Chubber  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 0
  • View blog
  • Posts: 131
  • Joined: 16-October 06

Re: Basic Login Script with PHP

Posted 29 May 2008 - 10:30 AM

And how about some protection from SQL Injection?
Was This Post Helpful? 0
  • +
  • -

#9 akozlik  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 90
  • View blog
  • Posts: 797
  • Joined: 25-February 08

Re: Basic Login Script with PHP

Posted 29 May 2008 - 11:12 AM

Quote

I'm not going to cover data integrity here, but you'll definitely want to sanitze your data from SQL injection.


Yeah I mentioned that in the tutorial to look into SQL injection as well. I just wanted to keep this tutorial simple so people could understand the concepts behind user authentication systems. SQL Injection is something that could be covered in its own tutorial, as it's a beast all of its own.

Also, in response to the hash comment, I recently wrote a tutorial on hash techniques. It can be found here. That could be integrated with this tutorial for the truly adventurous. Check them out if you get a chance.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1