PHP - Working Example of a login screen

SUBMITTED BY: efbee

DATE: Oct. 3, 2016, 6:42 p.m.

FORMAT: PHP

SIZE: 4.9 kB

Raw Download

HITS: 603

Report
  1. Complete, simple, working example of a login screen-system using php
  2. functions cookies and a mysql database for begginers.
  4. <?
  5. // This first if statement checks to see if we have a username/pass submited by the form, if it does then it attempts to validate it.
  6. if($username && $password) {
  7. mysql_connect() or die ("Whoops"); // Connect to the database, or if connection fails print error message.
  8. $password = md5($password); // encode submited password with MD5 encryption and store it back in the same variable. If not on a windows box, I
  9. suggest you use crypt()
  10. $sql = "select * from login where username='$username'"; // query statment that gets the username/password from 'login' where the username is the same as
  11. the one you
  12. submited
  13. $r = mysql_db_query("register",$sql); // Execute Query
  15. // if no rows for that database come up, redirect.
  16. if(!mysql_num_rows($r))
  17. header("Location: $SCRIPT_NAME"); // This is the redirection, notice it uses $SCRIPT_NAME which is a predefined variable with the name of the script in it.
  19. $user = mysql_fetch_array($r); // if we got passed the last if statment means we have a registered username, get the rest of the info and put it in an array
  20. named $user
  21. if($user["password"] == $password) { // If the password stored in the database is the same as the password the user entered (which is now encryped with MD5)
  22. $password = serialize($password); // if we get this far we know we have a registered username, and the password matches.
  23. // serialize() the already incrypted password just for fun and mabey some extra security for when we
  24. store it in a cookie
  25. setcookie("candle_login","$username $password"); // Set the cookie named 'candle_login' with the value of the username (in plain text) and the password
  26. (which has been
  27. encrypted and serialized.)
  29. // set variable $msg with an HTML statement that basically says redirect to the next page. The reason we didn't use header() is that using setcookie() and
  30. header() at the same
  31. time isn't 100% compatible with all browsers, this is more compatible.
  33. $msg = "<meta http-equiv=\"Refresh\" content=\"0;url=./nextpage.php\">";
  34. }else{
  35. header("Location: $SCRIPT_NAME"); //If the password didn't match, redirect to this page in which $username and $password are reset therefore the first if
  36. () never gets executed
  37. }
  38. }
  39. if($msg) echo $msg; //if $msg is set echo it, resulting in a redirect to the next page.
  40. ?>
  42. // This is the login screen
  43. <html>
  44. <title>Login</title>
  45. <body bgcolor="yellow" text="black">
  46. <form method="post" action="<?echo $SCRIPT_NAME;?>"> // submit form data to this page
  48. <center><font size=+5><b>Welcome!</b></font></center>
  49. <br>
  50. <br>
  51. <br>
  52. <table cellspacing=0 cellpadding=0 width=320 align="center">
  53. <tr><td>
  54. Username:
  55. </td><td>
  56. <input name="username" type="text" width=10>
  57. </td></tr>
  58. <tr><td>
  59. Password:
  60. </td><td>
  61. <input name="password" type="password" width=10>
  62. </td></tr>
  63. <tr><td colspan=2 align="center">
  64. <input name="login" type="submit">
  65. </td></tr>
  66. </table>
  67. </form>
  68. </html>
  71. /* That was the login page
  72. Next is some code you can put into a different file (named 'login_check.inc' or something)
  73. that you include() on each page you want protected on your site.
  74. It uses the cookie from the first script to verify user has already been there.
  75. */
  77. <?
  78. // if the cookie doesn't exsist means the user hasn't been verified by the login page so send them back to the login page.
  79. if(!$candle_login)
  80. header("Location: ./login.php");
  82. if($phpcoders) { // if the cookie does exsist
  83. mysql_connect() or die ("Whoops"); //connect to db
  84. $user = explode(" ","$phpcoders"); //explode cookie value (which is the '$username $password (note seperated by space)) and store values in $user. Check
  85. manual for more info
  86. on explode()
  88. $sql = "select * from login where username='$user[0]'"; //sql statment that uses the username from the cookie.
  89. $r = mysql_db_query("register",$sql); //execute sql
  91. if(!mysql_num_rows($r)) { // if there are no rows, means no matches for that username
  92. header("Location: ./login.php"); // so go back to the login page
  93. }
  95. $chkusr = mysql_fetch_array($r); //if we got passed the last part, then get the username/password set that match that username
  96. if(unserialize($user[1]) != $chkusr[1]) //if the password from cookie (notice we have to unserialize it) doesn't match the one from the database
  97. header("Location: ./login.php"); // go back to the login page
  98. } // if it did match then continue on to page and this ends up doing nothing :)
  99. ?>
comments powered by Disqus