PHP and MySQL login-system
Here I will teach you how to create a really basic login-system for use in php and mysql. The system can easily be built on to work with flash and other applications.
I'll just start:
First you need a "data.php" file that looks like this:
<?php
$dbc = mysql_connect("localhost","***username***","***password***"); mysql_select_db("***db_name***");
session_start();
?>You also need a database with a table (registered) with fields that look like the SQL code below. (If you want, you can copy it into phpMyAdmin and it will create the table.)
CREATE TABLE `registered` (
`id` int(11) NOT NULL auto_increment,
`username` varchar(64) NOT NULL,
`password` varchar(32) NOT NULL,
PRIMARY KEY (`id`)
) DEFAULT CHARSET=utf8;Then (in the main file) we need to include the "data.php"-file:
<?php
include "data.php";
?><?php
function loginForm(){
?><form method="post">
<strong>Username:</strong> <input type="text" name="login[username]" /><br />
<strong>Password:</strong> <input type="password" name="login[password]" /><br />
<input type="submit" />
</form><?php
}
?>Now what this does, is that if we ever run the function loginForm() it will output all that HTML there (which of course just is a basic form).
Then we need to make a is_logged_in() function. The code for that should be:
<?php
function is_logged_in(){
//isset will return TRUE or FALSE
return isset($_SESSION['loggedIn']);
}
?>All this function does is to return whether or not the variable $_SESSION['loggedIn'] is set or not. If it is set - return true. If the session is NOT set - return false.
Now we need to make a function that tells us whether or not the user is trying to login.
<?php
function is_logging_in(){
return isset($_POST['login']);
}
?>This will return true if the post-variable login is set (remember, we put the input field inside an array named login... name="login[username]").
Now we need a function to do the login...
<?php
function login($username, $md5password){
$query = 'SELECT * FROM `registered` WHERE `username` = \''.mysql_real_escape_string($username). '\' AND password = \''. mysql_real_escape_string($md5password). '\'';
$rs = mysql_query($query);
if(!mysql_num_rows($rs)){
echo "<strong>Bad login!</strong><br />";
loginForm(); //here we ask the user to login again...
die();
}
while($row = mysql_fetch_assoc($rs)){
if($username == $row['username'] && $md5password == $row['password']){
$_SESSION['loggedIn'] = true;
die("<script language=\"javascript\">window.location.reload();</script>");
}
}
echo "<strong>Bad login!</strong><br />";
loginForm();
die();
}
?>Than we need a function to deal with what to do is to create a function to manage what to happen if the user is logged in:
<?php
function loggedIn(){
die("<h1>You are logged in!</h1>");
}
?>Ok... Now we just need to structure everything out...
<?php
if(is_logged_in()){
loggedIn();
} elseif(is_logging_in()){
login($_POST['login']['username'], md5($_POST['login']['password']));
} else {
loginForm();
}
?>All the code now looks like this:
<?php
include "data.php";
function loginForm(){
?><form method="post">
<strong>Username:</strong> <input type="text" name="login[username]" /><br />
<strong>Password:</strong> <input type="password" name="login[password]" /><br />
<input type="submit" />
</form><?php
}
function is_logged_in(){
return isset($_SESSION['loggedIn']);
}
function is_logging_in(){
return isset($_POST['login']);
}
function login($username, $md5password){
$query = 'SELECT * FROM `registered` WHERE `username` = \''.mysql_real_escape_string($username). '\' AND password = \''. mysql_real_escape_string($md5password). '\'';
$rs = mysql_query($query);
if(!mysql_num_rows($rs)){
echo "<strong>Bad login!</strong><br />";
loginForm(); //here we ask the user to login again...
die();
}
while($row = mysql_fetch_assoc($rs)){
if($username == $row['username'] && $md5password == $row['password']){
$_SESSION['loggedIn'] = true;
die("<script language=\"javascript\">window.location.reload();</script>");
}
}
echo "<strong>Bad login!</strong><br />";
loginForm();
die();
}
function loggedIn(){
die("<h1>You are loged in!</h1>");
}
//here komes the logic...
if(is_logged_in()){
loggedIn();
} elseif(is_logging_in()){
login($_POST['login']['username'], md5($_POST['login']['password']));
} else {
loginForm();
}
?>