Mega Code Archive

 

Categories / Php / Authentication

 

Complete, simple, working example of a login screen system using php

functions, cookies, and a mysql database for begginers. <? // This first if statement checks to see if we have a username/pass submited by the form, if it does then it attempts to validate it. if($username && $password) { mysql_connect() or die ("Whoops"); // Connect to the database, or if connection fails print error message. $password = md5($password); // encode submited password with MD5 encryption and store it back in the same variable. If not on a windows box, I suggest you use crypt() $sql = "select * from login where username='$username'"; // query statment that gets the username/password from 'login' where the username is the same as the one you submited $r = mysql_db_query("register",$sql); // Execute Query // if no rows for that database come up, redirect. if(!mysql_num_rows($r)) header("Location: $SCRIPT_NAME"); // This is the redirection, notice it uses $SCRIPT_NAME which is a predefined variable with the name of the script in it. $user = mysql_fetch_array($r); // if we got passed the last if statment means we have a registered username, get the rest of the info and put it in an array named $user if($user["password"] == $password) { // If the password stored in the database is the same as the password the user entered (which is now encryped with MD5) $password = serialize($password); // if we get this far we know we have a registered username, and the password matches. // serialize() the already incrypted password just for fun and mabey some extra security for when we store it in a cookie setcookie("candle_login","$username $password"); // Set the cookie named 'candle_login' with the value of the username (in plain text) and the password (which has been encrypted and serialized.) // set variable $msg with an HTML statement that basically says redirect to the next page. The reason we didn't use header() is that using setcookie() and header() at the same time isn't 100% compatible with all browsers, this is more compatible. $msg = "<meta http-equiv=\"Refresh\" content=\"0;url=./nextpage.php\">"; }else{ header("Location: $SCRIPT_NAME"); //If the password didn't match, redirect to this page in which $username and $password are reset therefore the first if () never gets executed } } if($msg) echo $msg; //if $msg is set echo it, resulting in a redirect to the next page. ?> // This is the login screen <html> <title>Login</title> <body bgcolor="yellow" text="black"> <form method="post" action="<?echo $SCRIPT_NAME;?>"> // submit form data to this page <center><font size=+5><b>Welcome!</b></font></center> <br> <br> <br> <table cellspacing=0 cellpadding=0 width=320 align="center"> <tr><td> Username: </td><td> <input name="username" type="text" width=10> </td></tr> <tr><td> Password: </td><td> <input name="password" type="password" width=10> </td></tr> <tr><td colspan=2 align="center"> <input name="login" type="submit"> </td></tr> </table> </form> </html> /* That was the login page Next is some code you can put into a different file (named 'login_check.inc' or something) that you include() on each page you want protected on your site. It uses the cookie from the first script to verify user has already been there. */ <? // if the cookie doesn't exsist means the user hasn't been verified by the login page so send them back to the login page. if(!$candle_login) header("Location: ./login.php"); if($phpcoders) { // if the cookie does exsist mysql_connect() or die ("Whoops"); //connect to db $user = explode(" ","$phpcoders"); //explode cookie value (which is the '$username $password (note seperated by space)) and store values in $user. Check manual for more info on explode() $sql = "select * from login where username='$user[0]'"; //sql statment that uses the username from the cookie. $r = mysql_db_query("register",$sql); //execute sql if(!mysql_num_rows($r)) { // if there are no rows, means no matches for that username header("Location: ./login.php"); // so go back to the login page } $chkusr = mysql_fetch_array($r); //if we got passed the last part, then get the username/password set that match that username if(unserialize($user[1]) != $chkusr[1]) //if the password from cookie (notice we have to unserialize it) doesn't match the one from the database header("Location: ./login.php"); // go back to the login page } // if it did match then continue on to page and this ends up doing nothing :) ?>