To log in we will use sessions (here you can read more about sessions). As you already know, a session can transfer data from a page to another pages. When the user logs in we will create a session with the username and later we will check this session: while the session exists the user is logged in.
But first we need the log in form:
index.php
<html>
</head>
<body>
<form action="login.php" method="post">
<b style="font-size:150%;">Log in</b><br/>
Username: <input type="text" name="username"/><br/>
Password: <input type="password" name="password"/><br/>
<input type="submit" value="Log in"/>
</form>
Don`t have an account?
<form action="register.php" method="post"><br/>
<b style="font-size:150%;">Register</b><br/>
Username: <input type="text" name="username"/><br/>
Password: <input type="password" name="password"/><br/>
Retype password: <input type="password" name="retype-password"/><br />
<input type="submit" value="Register" />
</form>
</body>
</html>
</head>
<body>
<form action="login.php" method="post">
<b style="font-size:150%;">Log in</b><br/>
Username: <input type="text" name="username"/><br/>
Password: <input type="password" name="password"/><br/>
<input type="submit" value="Log in"/>
</form>
Don`t have an account?
<form action="register.php" method="post"><br/>
<b style="font-size:150%;">Register</b><br/>
Username: <input type="text" name="username"/><br/>
Password: <input type="password" name="password"/><br/>
Retype password: <input type="password" name="retype-password"/><br />
<input type="submit" value="Register" />
</form>
</body>
</html>
And now we need to create the login.php file. This file will create the session if the given username and password are matching. It will check the username and password by searching in the MySQL table for a row where the username field matches the given username and password field with the given password.
login.php:
<?php
session_start(); //Start sessions
mysql_connect('host', 'database', 'password')
or die ("Could not connect to mysql because ".mysql_error());
mysql_select_db('database')
or die ("Could not select database because ".mysql_error());
if(mysql_num_rows(mysql_query("SELECT * FROM users WHERE username='".$_POST["username"]."' and password='".$_POST["password"]."'"))==1){
session_register("username"); //Create the session
}
else {
echo 'Wrong username or password!';
}
?>
session_start(); //Start sessions
mysql_connect('host', 'database', 'password')
or die ("Could not connect to mysql because ".mysql_error());
mysql_select_db('database')
or die ("Could not select database because ".mysql_error());
if(mysql_num_rows(mysql_query("SELECT * FROM users WHERE username='".$_POST["username"]."' and password='".$_POST["password"]."'"))==1){
session_register("username"); //Create the session
}
else {
echo 'Wrong username or password!';
}
?>
Now the session is created but we are not seeing the results. To see some results we will need to modify the index.php to show a welcome message if the user is logged in, else to show the login and registration forms:
index.php:
<?php
session_start();
?>
<html>
<head>
</head>
<body>
<?php
if(!session_is_registered("username")){?>
<form action="login.php" method="post">
<b style="font-size:150%;">Log in</b><br/>
Username: <input type="text" name="username"/><br/>
Password: <input type="password" name="password"/><br/>
<input type="submit" value="Log in"/>
</form>
Don`t have an account?
<form action="register.php" method="post"><br/>
<b style="font-size:150%;">Register</b><br/>
Username: <input type="text" name="username"/><br/>
Password: <input type="password" name="password"/><br/>
Retype password: <input type="password" name="retype-password"/><br />
<input type="submit" value="Register" />
</form>
<?php }
else{
echo 'Welcome ' . $_SESSION["username"];
}?>
</body>
</html>
session_start();
?>
<html>
<head>
</head>
<body>
<?php
if(!session_is_registered("username")){?>
<form action="login.php" method="post">
<b style="font-size:150%;">Log in</b><br/>
Username: <input type="text" name="username"/><br/>
Password: <input type="password" name="password"/><br/>
<input type="submit" value="Log in"/>
</form>
Don`t have an account?
<form action="register.php" method="post"><br/>
<b style="font-size:150%;">Register</b><br/>
Username: <input type="text" name="username"/><br/>
Password: <input type="password" name="password"/><br/>
Retype password: <input type="password" name="retype-password"/><br />
<input type="submit" value="Register" />
</form>
<?php }
else{
echo 'Welcome ' . $_SESSION["username"];
}?>
</body>
</html>
In this moment if you log in ,you need to go back to the index.php file to see the welcome message. To solve this problem we will need to edit the login.php file in a way to redirect the user back to index.php. We will make this by using the header("location:index.php") function:
login.php:
<?php
session_start();
mysql_connect('host', 'database', 'password')
or die ("Could not connect to mysql because ".mysql_error());
mysql_select_db('database')
or die ("Could not select database because ".mysql_error());
if(mysql_num_rows(mysql_query("SELECT * FROM users WHERE username='".$_POST["username"]."' and password='".$_POST["password"]."'"))==1){
session_register("username");
header("location:index.php");
}
else {
echo 'Wrong username or password!';
}
?>
session_start();
mysql_connect('host', 'database', 'password')
or die ("Could not connect to mysql because ".mysql_error());
mysql_select_db('database')
or die ("Could not select database because ".mysql_error());
if(mysql_num_rows(mysql_query("SELECT * FROM users WHERE username='".$_POST["username"]."' and password='".$_POST["password"]."'"))==1){
session_register("username");
header("location:index.php");
}
else {
echo 'Wrong username or password!';
}
?>
Now there is only one thing that needs to be done: the log out option. We will make logging out possible by creating a file: logout.php. This file will simply delete the username session and redirect the users back to index.php, but first we need to include the log out button in the index.php file:
index.php:
<?php
session_start();
?>
<html>
<head>
</head>
<body>
<?php
if(!session_is_registered("username")){?>
<form action="login.php" method="post">
<b style="font-size:150%;">Log in</b><br/>
Username: <input type="text" name="username"/><br/>
Password: <input type="password" name="password"/><br/>
<input type="submit" value="Log in"/>
</form>
Don`t have an account?
<form action="register.php" method="post"><br/>
<b style="font-size:150%;">Register</b><br/>
Username: <input type="text" name="username"/><br/>
Password: <input type="password" name="password"/><br/>
Retype password: <input type="password" name="retype-password"/><br />
<input type="submit" value="Register" />
</form>
<?php }
else{
echo 'Welcome ' . $_SESSION["username"] . '<br/><a href="logout.php">Log out</a>';
}?>
</body>
</html>
And here is the log out part:session_start();
?>
<html>
<head>
</head>
<body>
<?php
if(!session_is_registered("username")){?>
<form action="login.php" method="post">
<b style="font-size:150%;">Log in</b><br/>
Username: <input type="text" name="username"/><br/>
Password: <input type="password" name="password"/><br/>
<input type="submit" value="Log in"/>
</form>
Don`t have an account?
<form action="register.php" method="post"><br/>
<b style="font-size:150%;">Register</b><br/>
Username: <input type="text" name="username"/><br/>
Password: <input type="password" name="password"/><br/>
Retype password: <input type="password" name="retype-password"/><br />
<input type="submit" value="Register" />
</form>
<?php }
else{
echo 'Welcome ' . $_SESSION["username"] . '<br/><a href="logout.php">Log out</a>';
}?>
</body>
</html>
logout.php:
<?php
session_start();
session_destroy(); //Delete session
header("location:index.php");
?>
And now the script should work fine, if it doesn`t or you have a question please comment. This script can be easily adapted to any website, by checking the existence of the session on each page.session_start();
session_destroy(); //Delete session
header("location:index.php");
?>
Post a Comment Blogger Facebook