PHP login example using MySQL and Cookies
28 April 2009
Here I'm going to display a PHP login example.
If your website has any community based activities such as a forum, networking website, some blogging websites, websites that need to hold data on users and websites that need to stop certain users from accessing certain areas of the website then you will need a login script.
In this login example I am going to show you very basically using PHP, MySQL and Cookies. If you're using ASP then this login example will not work on your web server.
Firstly you will need to setup a table on an online database. The table should be called something like "users" or "logins".
For a very basic login example the online database table will only need 3 fields - id, username and password.
Seperate from this login example you will need to create a register page which will populate your online database table with the relevant values, and also be sure to encrypt the passwords when they're being saved using the md5() function.
On our login example page we're going to display 2 text boxes, username and password, and then a submit button.
<form action="login.php" method="post" name="login">
<p><label for="username">Username:</label><br />
<input name="username" id="username" value="" type="text" /></p>
<p><label for="password">Password:</label><br />
<input name="password" id="password" value="" type="password" /></p>
<input type="submit" name="submit" value="Login" />
</form>
Once the form is submitted it will go to the page login.php which is the page we're currently on.
Above the login form on the same login example page we're going to add some PHP which will check the login.
<?php
if (isset($_POST['submit'])) //If the form has been submitted
{
//Connect to database
$query = "SELECT password FROM logins WHERE username = '" . $_POST['username'] . "'";
$result = mysql_query($query);
$row = mysql_fetch_array($result);
mysql_close();
if ($row['password'] == md5($_POST['password'])) //Remember to encrypt our value
{
//Login success
header ("Location: login_success.php"); //Redirect the user to a logged in page
exit; //Do not display any more script for this page
}
else
{
//Login area, display the login form as before
}
This login example is very simple and will need to carry out some error checking and also you'll want to addslashes in order to stop anyone from carrying out a MySQL injection. A MySQL injection is a way of hacking the login script to log anyone in. They even have the power to delete everything on your database table!
Also you will notice in the login example above that I have a PHP comment saying "//Connect to database" - here you will need to either include a file that connects to your database, or add in the database connection string.
Like I say this is a very basic PHP login example, please make sure you play with this code to make the script more secure.
Share this on 
http://www.peternichol.com/entry/trackback/96/
Please leave a comment using the form provided.
Ant Hodges says:
Great post Pete.Another good tip is to MD5 the user ID and the IP when using cookies:
<?php
//... connect to database, load list of users, etc...
$username = $_POST['username'];
$password = $_POST['password'];
/*
$cookie may look like this:
variables
$username = "username"
$password = "password"
_SERVER['REMOTE_ADDR'] = 42.52.56.24
before md5:
"usernamepassword42.52.56.24"
after md5:
"a3470ce826283eca7ce3360d0f26b230"
*/
$cookie = md5 (
$username .
$password .
$_SERVER['REMOTE_ADDR']
);
setcookie ("login", $cookie);
//when the log in cookie is SET...
if (isset($_COOKIE['login']) )
{
foreach ($user_list as $user => $pass)
{
//match the user list with the cookie
if (
md5 (
$user .
$password .
$_SERVER['REMOTE_ADDR']
)
== $_COOKIE['login']
)
{
header("Location: index.php");
die("logged in");
}
}
//when login is wrong
header("Location: login.php");
die("wrong username/password");
}
?>
29 April 2009 11:10pm