Search This Blog

Feb 26, 2011

Creating a MySQL/PHP Login Form

Login form in PHP is pretty much easy to do. We only need to know first how functionality works in a site. The first thing to know is why where going to have log-in functionality in your site? The common answer for this question is to have a customer / user management, create a community, a part of marketing strategy, or you only want to incorporate this thing in your site for no reason ;).


Pre-requisite before we proceed.


1. You must know how to query in MySQL.
2. Basic knowledge in HTML Form.
3. Of course PHP Language.

Step 1


Create a php file that includes your login form code. Ex. Index.php

<form action="login.php" method="POST">
<input name="username" type="text" />
<input name="password" type="password" />
<input type="submit" value="Login" /></form>

Step 2

Please take note the code above. Create a php file and name it login.php this is where you’re pointing your form action by using method POST. In this file insert your database connection code. Ex. If you created a database connection file separate file you might use this code.

Your connection.php file codes look like this.

<?php
        $conn=mysql_connect(‘your_host’, ‘your_username’,’your_password’);
         if (!$conn)
 {
   die('could not connect: '. mysql_error());
              }
   
 mysql_select_db("mydbase", $conn);

?>

You’re login.php code summary.

<?php 
 //start session
 session_start();

 //include mysql_connection.php to connect to the database
 require_once("connection.php"); 
 
 // Define $myusername and $mypassword
 $myusername=$_POST['username'];
 $mypassword=$_POST['password'];
 
 // To protect MySQL injection
 $myusername = mysql_real_escape_string($myusername);
 $mypassword = mysql_real_escape_string($mypassword);
 
 // encrypt password
 $encrypt = "janzell is awe";
 $mySha1 = sha1($encrypt);
 $encrypted_mypassword=md5($mypassword.$mySha1);

 // mySql query 
 $sql="SELECT *  FROM tbl_user WHERE user_name='$myusername' and user_password='$ encrypted_mypassword ";
 $result=mysql_query($sql);
   
    
 $count=mysql_num_rows($result);
  if ($count==1) {
   
   $data = mysql_fetch_assoc($result);
 $_SESSION['user'] = array('user_id' => $data['user_id'], 'real'=> $data['Firstname']. ' ' .$data['LastName']);
   
      header("location: menu.php");
  } 
  else {
    $error = "ERROR: Invalid Username / Password";
  }
  
  mysql_close();
?>



IMPORTANT:

Please put this code in every protected php file which is not visible in user unless they login.
<?php
 //start session
 session_start();
 session_regenerate_id();
 $_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
 
 //is session set? if not, redirect the page to index.php
 if(!isset($_SESSION['user'])){
  header("location:index.php");
 }
 
 //checks if the user agent is not equal to current user agent. If not, destroy the session.
 if ($_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT']){  
  session_destroy();
  exit();
 }
  
?>


You can also try this video tutorial.



5 comments:

PHP programming said...

Article was really helpful for good future about the MySQL/ PHP. I wish you this blog create some more extra and useful article that are related to every sectors.

Unknown said...

There is yet another funny way of setting up connection with PHP and MySQL using strings I found. You can code the same yet another way and set up your connection:

Unknown said...

There is yet another funny way of setting up connection with PHP and MySQL using strings I found.You can code the same yet another way and set up your connection:

Anonymous said...

There is yet another funny way of setting up connection with PHP and MySQL using strings I found.You can code the same yet another way and set up your connection in yet another style of codding:

$dbhost = 'localhost:3036';
$dbuser = 'username';
$dbpass = 'password';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);

mysql services said...

very nice article i really like this article.