using just php mysql login tutorial

looking for a php mysql tutorial on a login form

if login errors display in a variable and echo variable at top of form

if successful direct to another page

no ajax, jquery, javascript
using just php mysql
LVL 1
rgb192Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ZShaverCommented:
Well, you will need to set up a users table in mysql to have:
user id, username, password

I would create the table like this...

CREATE TABLE users (id int not null AUTO_INCREMENT, username varchar(32) not null, password varchar(40) not null, PRIMARY KEY(id));

for the password, we want to store it using non-reversable encryption, a popular way to do this is md5 or sha1 hashing of the password, sha1 being preferred by some for increased security. md5 will result in a 32 character string, sha1 a 40 character string.

so when creating users from a registration form, your php script would need code like this:

$enc_pwd = sha1($_POST['password']);
$username = mysql_escape_string($_POST['username']);
mysql_query("INSERT INTO users (username,password) VALUES ('$username','$password')");

this will create the user and store the password in sha1 form

then when a user logs in and types their password, you again pass that password to sha1 to get an identical hash, and check that against the database, if there is a result row the username and password are valid. you can then set a session variable to show the user is logged in and another session variable for the username

$enc_pwd = sha1($_POST['password']);
$username = mysql_escape_string($_POST['username']);
$result = mysql_query("SELECT FROM users WHERE username='$username' AND password='$password'");
if(mysql_num_rows($result) == 1) {
   //user is logged in successfully
   //redirect to site
}
else {
   //present error/login page
}

so you can put this entire login script into one file, and when the user logs in they will be redirected to index.php:

login.php:

<?php
session_start();
if(isset($_SESSION['logged_in'])) {
   die("You are already logged in! Why are you at this form?");
}
if(isset($_POST['submit']) && isset($_POST['username']) && isset($_POST['password'])) {
   if(($_POST['username'] != '') && ($_POST['password'] != '')) {
      mysql_connect('host','username','password');
      mysql_select_db('database');
      $username = mysql_escape_string($_POST['username']);
      $password = sha1($_POST['password']);
      $result = mysql_query("SELECT FROM users WHERE username='$username' AND password='$password'");
      if(mysql_num_rows($result) == 1) {
          $_SESSION['logged_in'] = true;
          $_SESSION['username'] = $username;
          header("Location: index.php");
      }
      else {
         display_login_form("Invalid username and/or password.");
      }
   }
   else {
      display_login_form("You must enter a username and password.");
   }
}
else {
   display_login_form();
}
function display_login_form($error = '') {
   ?>
      <html><header><title>Log In</title></header><body>
      <?php if($error != '') echo($error); ?><br><br>
      <form action="login.php" method="POST">
      Username: <input type="text" name="username"><br>
      Password: <input type="password" name="password"><br>
      <input type="submit" name="submit" value="Log In">
      </form>
      </body></html>
   <?php
}
?>


The next part is in index.php or any other script which is called from the browser, add this to the top of the script, to check if user is logged in and if not redirect to the login page:

<?php
session_start();
if(isset($_SESSION['logged_in'])) {
   $username = $_SESSION['username'];
}
else {
   header("Location: login.php");
   die();
}
?>
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ZShaverCommented:
i would be happy to answer any questions about this
0
ZShaverCommented:
remember if you make a registration form to check for duplicate usernames too...

e.g.

$username = mysql_escape_string($_POST['username']);
$result = mysql_query("SELECT * FROM users WHERE username='$username'");
if(mysql_num_rows($result) == 1) {
   die("Username already taken. Please choose another.");
}
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

rgb192Author Commented:
code keeps on looping
<?php
session_start();
if(isset($_SESSION['logged_in'])) {
   die("You are already logged in! Why are you at this form?");
}
if(isset($_POST['submit']) && isset($_POST['username']) && isset($_POST['password'])) {
   if(($_POST['username'] != '') && ($_POST['password'] != '')) {
      mysql_connect('host','username','password');
      mysql_select_db('database');
      $username = mysql_escape_string($_POST['username']);
      $password = sha1($_POST['password']);
      $result = mysql_query("SELECT FROM users WHERE username='$username' AND password='$password'");
      if(mysql_num_rows($result) == 1) {
          $_SESSION['logged_in'] = true;
          $_SESSION['username'] = $username;
          header("Location: index.php");
      }
      else {
         display_login_form("Invalid username and/or password.");
      }
   }
   else {
      display_login_form("You must enter a username and password.");
   }
}
else {
   display_login_form();
}
function display_login_form($error = '') {
   ?>
      <html><header><title>Log In</title></header><body>
      <?php if($error != '') echo($error); ?><br><br>
      <form action="login.php" method="POST">
      Username: <input type="text" name="username"><br>
      Password: <input type="password" name="password"><br>
      <input type="submit" name="submit" value="Log In">
      </form>
      </body></html>
   <?php
}
?>

Open in new window

<?php
session_start();
if(isset($_SESSION['logged_in'])) {
   $username = $_SESSION['username'];
}
else {
   header("Location: login.php");
   die();
}
?>

Open in new window

0
rgb192Author Commented:
maybe because login.php is posting to itself
0
ZShaverCommented:
did you put in the mysql login and database info?
0
ZShaverCommented:
login.php posts to itself on purpose
0
rgb192Author Commented:
ZShaver:
i put in the mysql and database info
0
rgb192Author Commented:
works now thanks
0
ZShaverCommented:
you're welcome
it's a simple yet robust example but if you have any questions about it let me know or post a new question
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.