PHP user login
To create a login script we will create a page that allows users to add a username and password to the system.
<form action="#" method="post">
Username:<input name="name" type="text" id="name" size="15" />
Password:<input type="password" name="password" size="15" />
<input type="submit" name="submit" value="Sign Up" />
</form>
This form has two fields, one for the username and one for the password.
function clear($message)
{
if(!get_magic_quotes_gpc())
{
$message = addslashes($message);
}
$message = strip_tags($message);
$message = htmlentities($message);
return trim($message);
}
As we are going to query a database using input from a user we will check the input first using this function.
if ($_POST['submit'])
{
mysql_connect('localhost','root','root');
mysql_select_db('test2');
$name = clear($_POST['name']);
$password = clear($_POST['password']);
$sql = mysql_query("SELECT * FROM user WHERE name = '$name'");
If the user has submitted the form we want to check that no other user has the same name.
if(!mysql_fetch_array($sql))
{
$password = sha1($_POST['password']);
$sql2 = "INSERT INTO user (name, password) VALUES ('$name', '$password')";
mysql_query($sql2);
mysql_close();
echo 'You have been entered into our database.';
}
If the user name is unique then we insert the name and password into the database and print a message to the user.
else
echo 'Name already in use.';
Otherwise we print a message telling user that the name is already in use.
Now we need a script that will allow a user to log in.
ob_start();
session_start();
$log = $_GET['log'];
We start output buffering as we will be changing the value of cookies when we modify the session id when the user either logs in or out. A variable $log is made and will be used to log the user out.
if($log == 'off')
{
unset($_SESSION['login']);
setcookie('login', '', time() - 86400);
session_destroy();
session_regenerate_id(true);
ob_end_clean();
echo 'Logged out';
}
If the user wants to log out we delete the session and give them a new session id (for added security).
else if ($_POST['submit'])
{
mysql_connect('localhost','root','root');
mysql_select_db('test2');
$username = clear($_POST['username']);
$password = clear($_POST['password']);
$password = sha1($_POST['password']);
$result = mysql_query("SELECT name FROM user WHERE name = '$username' AND password = '$password'");
if($output = mysql_fetch_array($result))
{
session_regenerate_id(true);
ob_end_clean();
echo 'Successfully Logged In!';
echo 'Welcome ' . $output['name'];
echo '<a href="?log=off">log off</a>';
$_SESSION['login'] = array($username, $password);
}
else
echo 'Login failed';
}
If the user has entered a username and password we check the database and if there is a match we display a message to the user and create a session holding their username and (encrypted) password.
<form method=post action="#">
<input id="username" name="username" type="text" value="User Name" size="15" />
<input id="password"name="password" type="password" value="Password" size="15" />
<input type="submit" id="submit" name="submit" value="Log In" />
</form>
Otherwise we display a form to allow the user to enter their username and password.
Now that a user can login we need pages that check the session against the database and if their is a match then we display the page.
if(!$_SESSION['login'])
{
header('Location: login.php');
exit;
}
If the user does not have a session then we redirect them to the login page.
else
{
$name = clear($_SESSION['login'][0]);
$password = clear($_SESSION['login'][1]);
mysql_connect('localhost','root','root');
mysql_select_db('test2');
$sql = mysql_query("SELECT name FROM user WHERE name = '$name' AND password = '$password'");
if($row = mysql_fetch_array($sql))
echo 'Welcome '.$row['name'];
else
{
header('Location: signup.php');
exit;
}
}
If the user has a session then we check the value of it against the database. If it is successful then we display a message welcoming the user otherwise we redirect the user to the login page.