How to Create Login Page in PHP and MySQL with Session

November 24, 2007

##########################
NEW UPDATE!!!
PHPMySimpleLogin 0.3

Download full source code:
http://rapidshare.com/files/404808631/phpmysimplelogin-0.3-frozenade.co.nr.zip.html
##########################

The production of login page using PHP and MySQL is actually very simple.

I assume that you use local web server connection (Apache and PHP) and your MySQL database configuration use ‘localhost’ as hostname and ‘root’ as username with blank password.
For this case, I recommend you to using XAMPP (http://www.apachefriends.org/en/xampp-windows.html).
Please download and install it to your path choice. e.g: C:\xampp

Run XAMPP Control Panel on desktop.

Start Apache and PHP modules.

Let’s create a database with PHPMyAdmin. Open your favorite browser, then type ‘http://localhost/phpmyadmin’ at your browser address bar.

Create database ‘phpmysimplelogin’.

Click ‘Create’.

Now, let’s create a table, name it ‘user’ with ’2′ (two) number of fields.

Click ‘Go’.

First field, name it ‘username’, type ‘varchar’, lenght/values ’25′.
Second field, name it ‘password’, type ‘varchar’, lenght/values ’255′.

Click ‘Save’.

After that, we will fill the table. Click ‘SQL’ menu, then type this query on textbox:
INSERT INTO user (username, password) VALUES (‘admin’, md5(‘admin’))

Click ‘Go’.

It means, you fill ‘username’ field with string ‘admin’ and ‘username’ field with an encryption string of ‘admin’.
MD5 ia a function to create one-way encryption (hashing) from our password, so it can be more secure.
For detail, please check: http://www.php.net/manual/en/function.md5.php

Okay, now let’s prepare the web pages.
Create folder ‘phpmysimplelogin’ in your XAMPP’s htdocs. So, it will be ‘C:\xampp\htdocs\phpmysimplelogin’.
Remember to save all of your files you will create, inside this folder.

Run your favorite PHP code editor, e.g: PHP Expert Editor, RapidPHP, etc; or just Microsoft Notepad is fine.

Save document below with name ‘config.inc’.

<?php

$hostname = 'localhost';        // Your MySQL hostname. Usualy named as 'localhost', so you're NOT necessary to change this even this script has already online on the internet.
$dbname   = 'phpmysimplelogin'; // Your database name.
$username = 'root';             // Your database username.
$password = '';                 // Your database password. If your database has no password, leave it empty.

// Let's connect to host
mysql_connect($hostname, $username, $password) or DIE('Connection to host is failed, perhaps the service is down!');
// Select the database
mysql_select_db($dbname) or DIE('Database name is not available!');

?>

Next step, save document below and name it as ‘index.php’:

<?php

// Inialize session
session_start();

// Check, if user is already login, then jump to secured page
if (isset($_SESSION['username'])) {
header('Location: securedpage.php');
}

?>
<html>

<head>
<title>PHPMySimpleLogin 0.3</title>
</head>

<body>

<h3>User Login</h3>

<table border="0">
<form method="POST" action="loginproc.php">
<tr><td>Username</td><td>:</td><td><input type="text" name="username" size="20"></td></tr>
<tr><td>Password</td><td>:</td><td><input type="password" name="password" size="20"></td></tr>
<tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" value="Login"></td></tr>
</form>
</table>

</body>

</html>

As you see, there is ‘session_start();’.
This function is used to initializes a data session. It will creates a new session or continues previous session from data session changed by GET, POST or cookie.
See the detail information about session here: http://id.php.net/function.session-start

Now, prepare a file and give it name ‘loginproc.php’ to check the validity of username and password.

<?php

// Inialize session
session_start();

// Include database connection settings
include('config.inc');

// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM user WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')");

// Check username and password match
if (mysql_num_rows($login) == 1) {
// Set username session variable
$_SESSION['username'] = $_POST['username'];
// Jump to secured page
header('Location: securedpage.php');
}
else {
// Jump to login page
header('Location: index.php');
}

?>

If username and password are correct, then we’ll be directed to ‘securedpage.php’.
This is the page that we want to show if login is successful. This page cannot be accessed if the correct data session is not found when login check is passed.
This page also contains ‘logout’ menu, so we can destroy our login data session then return to login page.

This is content of ‘securedpage.php’:

<?php

// Inialize session
session_start();

// Check, if username session is NOT set then this page will jump to login page
if (!isset($_SESSION['username'])) {
header('Location: index.php');
}

?>
<html>

<head>
<title>Secured Page</title>
</head>

<body>

<p>This is secured page with session: <b><?php echo $_SESSION['username']; ?></b>
<br>You can put your restricted information here.</p>
<p><a href="logout.php">Logout</a></p>

</body>

</html>

This is content of ‘logout.php’:

<?php

// Inialize session
session_start();

// Delete certain session
unset($_SESSION['username']);
// Delete all session variables
// session_destroy();

// Jump to login page
header('Location: index.php');

?>

Try on your favorite browser, ‘http://localhost/phpmysimplelogin/&#8217;.

So easy cake, isn’t it? ;)

##########################
NEW UPDATE!!!
PHPMySimpleLogin 0.3

Download full source code:
http://rapidshare.com/files/404808631/phpmysimplelogin-0.3-frozenade.co.nr.zip.html
##########################


Follow

Get every new post delivered to your Inbox.

Join 56 other followers