Create a Simple User Login System with PHP and MySQL

Main Contents

Create a Simple User Login System with PHP and MySQL

code, mysql, php

First – The Demo

Here is all the code for the page – phplogin.php

<?php
session_start();
if ($_SESSION[‘loggedin’] == 1)
header("Location: loginsuccess.php");
if(isset( $Submit ))
{
$username="username";
$password="password";
$database="database";
mysql_connect("localhost",$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$username = $_POST[‘username’];
$password = $_POST[‘password’];
$query = "SELECT * FROM admin where username=\"$username\" and password = \"$password\" ";
$result = mysql_query($query);
$num = mysql_numrows($result);
if ($num > 0)
{
$_SESSION[‘loggedin’] = 1;
header("Location: loginsuccess.php");
} else {
$badlogin = 1;
}
}
if ($_GET[‘logout’] == "yes")
session_destroy();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<head><title></title></head>
<body>
<form name="form1" method="post" action="">
UserName: <input type="text" name="username" id="username" value="admin" />
Password: <input type="password" name="password" id="password" value="admin" /><Br />
<input type="submit" name="Submit" value="Submit" />
</form>
<?php
if ($badlogin == 1)
echo "<br/ ><span style=\"color: red;\">Invalid Login</span>";
?>
</body>
</html>

My user database table contains at least the following fields:
id, username, password

Add more fields as you see fit (last login time, address information, etc).

Here is a quick breakdown of the php code with comments:

//Required to use session variables
//This must be called at the beginning of each page in which you want to use the session variables
session_start();
//Check to see if we have already logged in successfully
//If login was successfully then redirect to appropriate page
if ($_SESSION[‘loggedin’] == 1)
header("Location: loginsuccess.php"); //php redirect
//This page posts to itself, so here to check to see if the page was submitted
if(isset( $Submit ))
{
//MySQL username and password
$username="username";
$password="password";
//Specify MySQL database to connect to
$database="database";
//Create connection and select the appropriate database
mysql_connect("localhost",$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
//Get the username and password from posted form
$username = $_POST[‘username’];
$password = $_POST[‘password’];
//Build the query to look for users that exist with that username/password combination
//Here I’m using the admin table within my database
$query = "SELECT * FROM admin where username=\"$username\" and password = \"$password\" ";
//Retrieve the results of the query, and also aquire the number of records returned
$result = mysql_query($query);
$num = mysql_numrows($result);
//Check to see how many records are returned
if ($num > 0)
{
//User login was successful, set session variable then redirect to the loginsuccess.php page
$_SESSION[‘loggedin’] = 1;
header("Location: loginsuccess.php");
} else {
//Login was unsuccessful, set a local variable for later use
$badlogin = 1;
}
}
//Here we look for querystring variable called ‘logout’
//If logout exists, and is equal to ‘yes’ then call the php session_destroy() function
//This will essentially log out the user
if ($_GET[‘logout’] == "yes")
session_destroy();

Here is the actual html for the form (with comments for inline php)

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<head><title></title></head>
<body>
<form name="form1" method="post" action="">
UserName: <input type="text" name="username" id="username" value="admin" />
Password: <input type="password" name="password" id="password" value="admin" />
<input type="submit" name="Submit" value="Submit" />
</form>
<?php
//If login was unsuccessful then we want to show an error to the user.
if ($badlogin == 1)
echo "<br/ ><span style=\"color: red;\">Invalid Login</span>";
?>
</body>
</html>

That is all for this simple PHP/MySQL user login. If you need to ‘password protect’ any page within your site all you have to do at this point is add the following code to the top of the protected page:

session_start();
if ($_SESSION[‘loggedin’] != 1)
header("Location: phplogin.php");

This will check the session variable, and redirect to the login page if the variable hasn’t been set successfully.

Finally, to allow the user to logout simply create a link like this:

<a href="phplogin.php?logout=yes">Logout</a>

If you have any questions or suggestions feel free to leave a comment.
Thanks for visiting.

Submit to other sites

Sam @ July 14, 2007

17 Comments

frik July 27, 2007 @ 9:33 am

hi im following the codes line by line but altho the php seems to connect to the database alright, *all* username/password combinations seem to return “Invalid Login”? thanks in advanced

Sam July 27, 2007 @ 9:54 am

Hey frik,
What debugging have you tried so far? Typically with a database query i will try something like printing the query to the screen to make sure that is correct (later you can run this directly on the database if you have access to do this).

In phplogin.php (after line 19 where we set $query) do

echo $query; die();

This will print the query and stop execution . I’ll try to come up with more suggestions if the query is correct.

frik July 27, 2007 @ 12:50 pm

hi! thanks for the reply. i got

————-
SELECT * FROM users where username=”" and password = “”
————–

Sam July 27, 2007 @ 1:07 pm

Make sure your syntax is correct here…
$username = $_POST[‘username’];
$password = $_POST[‘password’];
$query = “SELECT * FROM admin where username=\”$username\” and password = \”$password\” “;

Specifically, be sure you have all your $ in front of variables, your post variable names are the same as the names and id of your form fields in html
… name=”username” id=”username” …

and be sure your $query string has the correct post variables.

Another debugging technique would be to print out your variables after they should have assigned data. So this should work…

echo “-”.$username.”-<br/>-”.$password.”-”;

frik July 27, 2007 @ 9:29 pm

ahhhhh! i got it! ok its not any error i thought it would be. just that i ‘cut & pasted’ your codes directly from here, and it tuns out all your has been actually copied to clipboard as ! so all i had to do was change em back to the correct apostrophe sign. thanks sam!

while im here, im trying to make your code redirect to a specific user page, would changing (“Location: $username.shtml”) work?

thanks again! your script is brilliantly easy!

Sam July 27, 2007 @ 9:51 pm

Ah, glad you fixed it. I wish the code portions here copy/pasted better. Maybe i need to provide the files in txt format.

That redirect looks like it should work, if not try to either build the string before hand or do header(“Location:”.$username.”.shtml”) to concatenate the string.

Thanks for visiting! I am trying to post things I have done that I would hope could help people so if you have any ideas for future posts let me know.

frik July 27, 2007 @ 10:20 pm

yes ive tried and the redirect link does work! thanks.

one more small (eeek! sorry!) problem. everything works perfect in firefox but nothing works opera or ie6 (pc)

Sam July 27, 2007 @ 10:32 pm

not sure I have seen that problem… Where does it fail?

frik July 27, 2007 @ 10:59 pm

im trying to find out now. at “submit”, the original php just reloads.

none of the
———–
echo $query; die();
———–
or
———–
echo “-”.$username.”–”.$password.”-”;
———–
works either.

its like ie doesnt even process the php.

frik July 27, 2007 @ 11:10 pm

ok, i found the culprit!

————

clientlogin1.0

————

now if i used input type=”submit” it works just fine. ive been using input type=”image” for a picture button, which ie6 and opera is not responsive to, for this script.

frik July 27, 2007 @ 11:12 pm

ok, sorry. that didnt paste well. how dyou post codes on here?

Sam July 27, 2007 @ 11:23 pm

if you are posting html tags you can use decoded representations of greater than (>) and less than (<) signs.

> = & g t ;
< = & l t ;

Just leave out the spaces.

frik July 28, 2007 @ 5:25 am

<font size="4px" style="letter-spacing:-1px;">client<font
color="#c0c0c0">login</font></font><font size="1px">1.0</font>

the straight input type=”image” doesnt work in php apparently. ive tried several javascript workarounds for image submit buttons, they dont go well either. i will do some more research on ‘image button in php’.

thanks for the great script sam!

frik

siridyal August 26, 2007 @ 12:27 am

Hey Sam/Frik,

thanks for the tut Sam. I am implementing it right now.

I wanted to respond to Frik and his button problem. If you haven’t figured it out yet you should try using CSS to style your button.

That’s all…Thanks again for the great tutorial.

Siri

Sam August 26, 2007 @ 8:53 am

Hey Siridyal,
Thanks for visiting. Let me know if there was anything that would make the tutorial more simple or easier to understand.

Sam

frik September 24, 2007 @ 6:46 am

siridyal, i have used css to style my submit button and now it works extremely fine with sam’s script! thanks!

frik

Bubbila March 29, 2008 @ 4:25 pm

Sweet resource, just what I have been looking for.

Home Page

qsopht

Sidebar

Categories:

Pages:

Meta:

Search

Main Contents

Create a Simple User Login System with PHP and MySQL

17 Comments

Footer

Widget ready

Widget? No thanks

Archives: