his tutorial will help you as a beginner to create a simple login page for your php projects, in this tutorial you will learn about sessions in php, inserting and retrieving records from mysql server.
The database table:
- Code:
-
CREATE TABLE `test`.`users` (
`id` INT NOT NULL auto_increment ,
`name` VARCHAR( 20 ) NOT NULL ,
`password` VARCHAR( 20 ) NOT NULL ,
`email` VARCHAR( 20 ) NOT NULL ,
PRIMARY KEY ( `id` )
)
A.The login page(main page):
In this simple php page there are three session variables we are using; “logging”, “logged”, and “user” they are all bool variables. We will use them to execute the right code for each scenario
- Code:
-
<html>
<head>
<title>login page</title>
</head>
<body bgcolor="black" style="color:gray">
<form action="index.php" method=get>
<h1 align="center" style="color:gray" >Welcome to this simple application</h1>
<?php
session_start();
if($_SESSION["logged"])
{
print_secure_content();
}
else {
if(!$_SESSION["logging"])
{
$_SESSION["logging"]=true;
loginform();
}
else if($_SESSION["logging"])
{
$number_of_rows=checkpass();
if($number_of_rows==1)
{
$_SESSION[user]=$_GET[userlogin];
$_SESSION[logged]=true;
print"<h1>you have loged in successfully</h1>";
print_secure_content();
}
else{
print "wrong pawssword or username, please try again";
loginform();
}
}
}
1-the first thing to do when you are using session variables on a php page is to start the session service on the page by this line “session_start();”, if you ignored this line the page will work fine but the session variables wont be saved when you refresh the page or go to another page.
2-after starting the service, we check if the user is already logged in “if($_SESSION['logged'])“, if he is we print him a nice welcome message by calling the function for the secure content (we will look at it later)
3-if he isn’t logged in, we show the login fields (username and password) by the function “loginform()”, and set the session variable” $_SESSION["logging"]” to true in order to check the entered username and password when he/or she hits the login button
4-when he/or she enters the username and password then hits the login in button the code that will be only executed will be the code after “else if($_SESSION["logging"])“ because we have set the logging session variable to true, in this code block the variable “$number_of_rows” gets its value from the function “checkpass()” which is basically takes the username and password and checks the server if it already exists, if it exists it returns one else it will return 0…..thats why we check “$number_of_rows”:
- if it equals one if it really does we will set the variable “user” in the session to the entered username, and sets the logged bool variable to true.
--If the “$number_of_rows” isn’t 1, we will print him the input fields again.
Now let’s look at the functions:
1.loginform()
- Code:
-
function loginform()
{
print "please enter your login information to proceed with our site";
print ("<table border='2'><tr><td>username</td><td><input type='text' name='userlogin' size'20'></td></tr><tr><td>password</td><td><input type='password' name='password' size'20'></td></tr></table>");
print "<input type='submit' >";
print "<h3><a href='registerform.php'>register now!</a></h3>";
}
all it does is printing out the fields to the user
- Code:
-
function checkpass()
{
$servername="localhost";
$username="root";
$conn= mysql_connect($servername,$username)or die(mysql_error());
mysql_select_db("test",$conn);
$sql="select * from users where name='$_GET[userlogin]' and password='$_GET[password]'";
$result=mysql_query($sql,$conn) or die(mysql_error());
return mysql_num_rows($result);
}
This function establishes a connection with the mysql server through the “mysql_connect()” function which takes in two parametes;1.servername (or address) 2.the username used to login to the database, if theres a password you should add it
After connection to the server we choose the database that we will use using the “mysql_select_db();” function which takes in 2 variables;1. The name of the database and 2.The connection variable.
The sql statement:
- Code:
-
$sql="select * from users where name='$_GET[userlogin]' and password='$_GET[password]'";
It simple gets the field that match the user login and password that the user have entered along with the ones in in the table called “users”, after that we run the statement using the function “mysql_query($sql,$conn)” and returning the results to a variable called $result
Finally we return the number of retrieved rows.
3.print_secure_content()
- Code:
-
function print_secure_content()
{
print("<b><h1>hi mr.$_SESSION[user]</h1>");
print "<br><h2>only a logged in user can see this</h2><br><a>href='logout.php'>Logout</a><br>";
}
No explanation needed
B. The logout page:
If the user wishes to logout, we clear the session variables this can be easily done by making him open this php page “logout.php”
- Code:
-
<?php
session_start();
if(session_destroy())
{
print"<h2>you have logged out successfully</h2>";
print "<h3><a href='index.php'>back to main page</a></h3>";
}
?>
What we did here is starting the session and destroying it, if it was cleared successfully we display that to the user
c. Registration form:
A simple html page that lets the use enters the name and passwords and submit it to the serve on the page “register.php”
- Code:
-
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>register</title>
</head>
<body bgcolor="black" style="color:white;">
<FORM ACTION="register.php" METHOD=get>
<h1>welcome to the registration page</h1>
please input the registration details to create an account here<br>
<table border="2">
<tr>
<td>User Name :</td><td><input name="regname" type="text" size"20"></input></td>
</tr>
<tr>
<td>email :</td><td><input name="regemail" type="text" size"20"></input></td>
</tr>
<tr>
<td>password :</td><td><input name="regpass1" type="password" size"20"></input></td>
</tr>
<tr>
<td>retype password :</td><td><input name="regpass2" type="password" size"20"></input></td>
</tr>
</table>
<input type="submit" value="register me!"></input>
</FORM>
</body>
</html>
Note: you can add some JavaScript to validate the code before submitting, but I didn’t want to make this tutorial long and boring
d. register php page:
This php script checks the data that the user have entered in the “registrationfor.php” and inserts it into the database (simple, huh?).
- Code:
-
<?php
if($_GET["regname"] && $_GET["regemail"] && $_GET["regpass1"] && $_GET["regpass2"] )
{
if($_GET["regpass1"]==$_GET["regpass2"])
{
$servername="localhost";
$username="root";
$conn= mysql_connect($servername,$username)or die(mysql_error());
mysql_select_db("test",$conn);
$sql="insert into users (name,email,password)values('$_GET[regname]','$_GET[regemail]','$_GET[regpass1]')";
$result=mysql_query($sql,$conn) or die(mysql_error());
print "<h1>you have registered sucessfully</h1>";
print "<a href='index.php'>go to login page</a>";
}
else print "passwords doesnt match";
}
else print"invaild data";
?>
The first line checks if all the variables in the get isn’t null then it checks if the two password fields match, if yes it connects to the server, selects the database and runs the sql insert statement, which is:
- Code:
-
$sql="insert into users (name,email,password)values('$_GET[regname]','$_GET[regemail]','$_GET[regpass1]')";
No explanation needed
Important Notes:
1.you can use this code to check the available variables and its values in your session or any other global variables
- Code:
-
foreach ($_SESSION as $key=>$value) {
print "\$_ SESSION [\"$key\"] == $value<br>";}
2.its wise to check if a session variable exists before using it this can be done using this :
- Code:
-
if(isset($_SESSION['variable_name'])) print “it exists”;
else print “it doesn’t”;
3.you can hide the values of your form submits by using the POST method of your forms
That’s all, I hope that you find this tutorial helpful and don’t hesitate to ask or comment here.
Fri Aug 03, 2012 10:18 pm