Php Login System – Login Management and Login Control Tutorial

One of the most basic and most common question that i encounter via Php newbies is how to make a login system in PHP , The login, registration and authentication are very basic and yet very important tools that a php programmer should posses !

For this tutorial there are few prerequisites:-

1) You should be able to right a simple hello world program in php
2) You should know the basics of mysql, Creating tables and sql queries.

In following tutorial we will create 3 files:-

1) login_home.php
2) login_check.php
3) login_success.php

First of all we need to create a table users in mysql database !, This User table will contain all user login information and details.

Step 1:-

Use following sql query to create users table

CREATE TABLE `users` (
`id` int(4) NOT NULL auto_increment,
`username` varchar(65) NOT NULL default '',
`password` varchar(65) NOT NULL default '',

-- Dumping data for table `users`

Here we are using two database fields , Namely username for storing user id’s for logins and password for storing the passwords.

Step 2:- Create login screen

After that we need to create a login screen which will ultimately autehnticate user via database !, Let’s create a small page and form named login_home.php

<form name="form1" method="post" action="login_check.php">
<strong>Member Login </strong>
<br />
Username : <input name="myusername" type="text" id="myusername"/>
<br />
Password : <input name="mypassword" type="text" id="mypassword"/>
<br />
<input type="submit" name="Submit" value="Login"/>

Step: 3 Authenticating users

Once a user has entered the username and password on the login_home.php , the form pass the values to login_check.php via POST variables , This method is defined at the form attribute element on login_home.php.

Note:- While the values are passed via $_POST variables, we will be querying passwords in database after encrypting them with md5 function .

< ?php
$db_host="localhost"; // Host name of your database server !, In 90% cases it's localhost
$db_uname=""; // Mysql username of your database
$db_passwd=""; // Mysql password of your database
$db_name="test"; // Database name
$db_table_name="users"; // Name of the table we created earlier

// Connect to server and select databse.
$conn = mysql_connect("$db_host", "$db_uname", "$db_passwd") or die ("cannot connect" . mysql_error());
$conn_db = mysql_select_db("$db_name" , $conn ) or die("cannot select DB" . mysql_error());

// username and password sent from form
$form_uname = $_POST['myusername'];
$form_passwd = $_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$form_uname = stripslashes($form_uname);
$form_passwd = stripslashes($form_passwd);
$form_uname = mysql_real_escape_string($form_uname);
$form_passwd = mysql_real_escape_string($form_passwd);
$form_passwd = md5($form_passwd); //md5 encryption for querying the password from database

$sql="SELECT * FROM $db_table_name WHERE username='$form_uname' and password='$form_passwd'";

// Mysql_num_row is counting table row
// If result matched $form_uname and $form_passwd, table row must be 1 row

// Register $form_uname, $form_passwd and redirect to file "login_success.php"
$logged_in = TRUE;
else {
echo "Wrong Username or Password";

Please note that this is not the best way to store passwords , A better way for ensuring security is defined in this Password Hashing tutorial. (Credits John Rockefeller)

This code will create sessions which can use to authenticate users on the particular pages , These pages just need to check the session value of logged_in , If logged_in is set for true then the user is authenticated and else it will be redirected to the login page

In next blog post we will understand how to check login authentication on pages and how to make a logout button !

Till then enjoy !, Please post your comments , thoughts below, We will be glad to help you…

For a detailed information on login system , I recommend this amazing book

13 thoughts on “Php Login System – Login Management and Login Control Tutorial”

  1. It would be nice if you have used the same login page to check the errors . I think there is no need of login_check.php . The code of login_check.php can be kept in top of login_home.php
    Anyway good work to help the newbies ๐Ÿ™‚ .

  2. @PhpAutentication @John Rockefeller

    Thanks for the head up , I agree that including md5 has functions in the tutorial was a mistake !, I wanted this to be simple for a new person to grasp !

    However, the code is edited , Thanks for the head up ๐Ÿ™‚


  3. @Hari K

    Completely Agree !, But i have seen some new people confusing on the same action !, So tried to be dead simple ๐Ÿ™‚

    Thanks for stopping by !

  4. Hi PHP Ninza
    It’s a bit better now that the passwords are stored as md5 hashes (could be using something stronger like sha1) but the ideal situation is to store them using salted passwords.

  5. HI John !

    True! However that would be a overkill for newbies !, I have included a link explaining further password hashing !, Hope this helps ๐Ÿ™‚

    Thanks again for the headup ๐Ÿ™‚

Leave a Reply