One of the most basic and most common question that i encounter via Php newbies is how to make a login system in PHP , The login, registration and authentication are very basic and yet very important tools that a php programmer should posses !
For this tutorial there are few prerequisites:-
1) You should be able to right a simple hello world program in php
2) You should know the basics of mysql, Creating tables and sql queries.
In following tutorial we will create 3 files:-
1) login_home.php
2) login_check.php
3) login_success.php
First of all we need to create a table users in mysql database !, This User table will contain all user login information and details.
Step 1:-
Use following sql query to create users table
CREATE TABLE `users` ( `id` int(4) NOT NULL auto_increment, `username` varchar(65) NOT NULL default '', `password` varchar(65) NOT NULL default '', PRIMARY KEY (`id`) ) TYPE=MyISAM AUTO_INCREMENT=2 ; -- -- Dumping data for table `users` --
Here we are using two database fields , Namely username for storing user id’s for logins and password for storing the passwords.
Step 2:- Create login screen
After that we need to create a login screen which will ultimately autehnticate user via database !, Let’s create a small page and form named login_home.php
<form name="form1" method="post" action="login_check.php"> <strong>Member Login </strong> <br /> Username : <input name="myusername" type="text" id="myusername"/> <br /> Password : <input name="mypassword" type="text" id="mypassword"/> <br /> <input type="submit" name="Submit" value="Login"/> </form>
Step: 3 Authenticating users
Once a user has entered the username and password on the login_home.php , the form pass the values to login_check.php via POST variables , This method is defined at the form attribute element on login_home.php.
Note:- While the values are passed via $_POST variables, we will be querying passwords in database after encrypting them with md5 function .
< ?php
$db_host="localhost"; // Host name of your database server !, In 90% cases it's localhost
$db_uname=""; // Mysql username of your database
$db_passwd=""; // Mysql password of your database
$db_name="test"; // Database name
$db_table_name="users"; // Name of the table we created earlier
// Connect to server and select databse.
$conn = mysql_connect("$db_host", "$db_uname", "$db_passwd") or die ("cannot connect" . mysql_error());
$conn_db = mysql_select_db("$db_name" , $conn ) or die("cannot select DB" . mysql_error());
// username and password sent from form
$form_uname = $_POST['myusername'];
$form_passwd = $_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$form_uname = stripslashes($form_uname);
$form_passwd = stripslashes($form_passwd);
$form_uname = mysql_real_escape_string($form_uname);
$form_passwd = mysql_real_escape_string($form_passwd);
$form_passwd = md5($form_passwd); //md5 encryption for querying the password from database
$sql="SELECT * FROM $db_table_name WHERE username='$form_uname' and password='$form_passwd'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $form_uname and $form_passwd, table row must be 1 row
if($count==1){
// Register $form_uname, $form_passwd and redirect to file "login_success.php"
$logged_in = TRUE;
session_register("form_uname");
session_register("logged_in");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
Please note that this is not the best way to store passwords , A better way for ensuring security is defined in this Password Hashing tutorial. (Credits John Rockefeller)
This code will create sessions which can use to authenticate users on the particular pages , These pages just need to check the session value of logged_in , If logged_in is set for true then the user is authenticated and else it will be redirected to the login page
In next blog post we will understand how to check login authentication on pages and how to make a logout button !
Till then enjoy !, Please post your comments , thoughts below, We will be glad to help you…
For a detailed information on login system , I recommend this amazing book
{ 11 comments… read them below or Shout @ me! }
New blog post: Php Login System – Login Management and Login Control Tutorial http://bit.ly/1TjTQ
This comment was originally posted on Twitter
It’s a nice thing that you have covered SQL injection, however, password is still transmitted and stored in plain text. Check out the following article:
http://www.phpauthentication.net/2009/07/common-flaws-in-authentication-scripts.html
PLEASE take a look into using salted password hashes instead of storing the password in plain text. This is a HUGE security issue.
It would be nice if you have used the same login page to check the errors . I think there is no need of login_check.php . The code of login_check.php can be kept in top of login_home.php
.
Anyway good work to help the newbies
@PhpAutentication @John Rockefeller
Thanks for the head up , I agree that including md5 has functions in the tutorial was a mistake !, I wanted this to be simple for a new person to grasp !
However, the code is edited , Thanks for the head up
Cheers…
@Hari K
Completely Agree !, But i have seen some new people confusing on the same action !, So tried to be dead simple
Thanks for stopping by !
Hi PHP Ninza
It’s a bit better now that the passwords are stored as md5 hashes (could be using something stronger like sha1) but the ideal situation is to store them using salted passwords.
HI John !
True! However that would be a overkill for newbies !, I have included a link explaining further password hashing !, Hope this helps
Thanks again for the headup
The article is ver good. Write please more
thanks
Welcome Mohamed, hope you find it useful.