Tuesday, April 30, 2013

make php login script

In this post I will build a login form using php with mysql database, first I will build my simple database of one table user info, I will use md5 encrypted to save passwords.

mysql

1
2
3
4
5
6
7
CREATE TABLE `user_tb` (
`user_id` BIGINT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`login` VARCHAR( 20 ) NOT NULL ,
`password` VARCHAR( 32 ) NOT NULL ,
`name` VARCHAR( 30 ) NOT NULL ,
`email` VARCHAR( 50 ) NOT NULL
) ENGINE = MYISAM ;


db.php

for database connection configration.
1
2
3
4
5
6
7
8
9
10
11
<?php
    $DB_hostname = "hostname";
    $DB_user = "username";
    $DB_password = "password";
    $DB_name = "dbname";
 
    $DB_link =mysqli_connect($DB_hostname,$DB_user,$DB_password,$DB_name)
    or die ("error : can't connect database !!");
 
    mysqli_set_charset($DB_link, 'utf8');
?>


login.php

html code at the end of file is the form login which submit the user login and password to the same file and the php part search for it using database query, if found it uses session to save login data.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
<?php
include("db.php");
session_start();
header('Content-type: text/html; charset=utf-8');
 
if($_SERVER["REQUEST_METHOD"] == "POST")
{
    $myusername=mysqli_real_escape_string($DB_link, $_POST['username']);
    $mypassword=mysqli_real_escape_string($DB_link, $_POST['password']);
 
    // to validate username (length between 5 and 20) (contaning characters A-Z or a-z or _)
    if (!preg_match('/^\w{5,20}$/', $myusername)){
        echo '<B><FONT SIZE="4" COLOR="#FF0000">error: bad username</FONT></B>';    
    }
    else{
    // to encrypt login password, also password stored in database is encrypted.
    $md5_password = md5($mypassword);
 
    $sql="SELECT * FROM user_tb WHERE login='$myusername' and password='$md5_password'";
    $result=mysqli_query($DB_link, $sql);
    $row=mysqli_fetch_array($result);
    $count=mysqli_num_rows($result);
 
    if($count==1)
        {
        $_SESSION['login_user']= $myusername;
        $_SESSION['login_name']= $row['name'];
        header("location: index.php");
        }
    else
        {
        echo '<B><FONT SIZE="4" COLOR="#FF0000">incorrect login or password </FONT></B>';
        }
    }
}
 
?>
<form action="" method="post">
<label>user login :</label><input type="text" name="username"/><br>
<label>Password :</label><input type="password" name="password"/><br>
<input type="submit" value=" Submit "/><br>
</form>


logout.php

simple file only destroy all sesstions which mean no login info.
1
2
3
4
5
6
<?php
session_start();
if(session_destroy())
    header("Location: login.php");
 
?>


index.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
<?php
session_start();
header('Content-type: text/html; charset=utf-8');
 
$S_login_user    =    $_SESSION['login_user'];
$S_login_name    =    $_SESSION['login_name'];
 
if(!isset($S_login_user))
    header("Location: login.php");
 
?>
<body>
    <h1>Welcome :<?php echo $S_login_name; ?></h1>
    <A HREF="logout.php">logout</A>
</body>


No comments:

Post a Comment

Share it

Online Marketing