Support Forums

Support Forums > Categories > Coding Support Forums > PHP The Hypertext Preprocessor > PHP mysql Login Tutorial By MAcar V1.0
Full Version: PHP mysql Login Tutorial By MAcar V1.0
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

MAcar

10-07-2009, 04:41 PM
Welcome to my login tutorial in this tut you will learn the basics of a php login then if your good at css you can make it look nice and fancy. Thumbsup

At the bottem of this post will be a complete text example for the pages and a download
Requirements:
a site with php and mysql
in your database make table and use the following script to set it up
change it where its says table name to whatever you want

PHP Code:
CREATE TABLE `TABLE NAME` (
`idint(65NOT NULL auto_increment,
`usernamevarchar(65NOT NULL default '',
`passwordvarchar(65NOT NULL default '',
PRIMARY KEY (`id`)
TYPE=MyISAM AUTO_INCREMENT=

Step One: The login prompt.

Obviously this is what your users will use to login. You will need to know html for this or just copy and paste at the end of this sectionSmile.

We start off with the form tag with the method id type and action

PHP Code:
<form id="login prompt" method="post" action="login.func.php"

the "id" can be anything you want 'method' must be post or it wont work and 'action' is what every you will name the login script file in this case its 'login.func.php'

Now we create the text feilds and submit button

PHP Code:
<?php
session_start();.//forgot to add this...
?>
<form id="login prompt" method="post" action="login.func.php">
Username<br /><input name="loginusername" type="text" id="loginusername">
Password<br /><input name="loginpassword" type="password" id="loginpassword">
<input type="submit" value="Login" id="submit" /> 

the 'loginusername' and 'loginpassword' cant be change because they will have to match up to the login script later but if you do change them replace all the 'loginusername' and 'loginpassword' with what every you change it to.

Closed the form tag and we get this code

PHP Code:
<form id="login prompt" method="post" action="login.func.php">
Username<br /><input name="loginusername" type="text" id="loginusername">
Password<br /><input name="loginpassword" type="password" id="loginpassword">
<input type="submit" value="Login" id="submit" />
</form


Just insert that code into your login page and you have your self a login prompt. Now to make the "login.func.php" page. Note make sure your login page is .php not .htm or .html .

Also you need to add this code to the first line of your login page and all your pages

PHP Code:
<?php
session_start();
?>


Step Two: The Script

This is the part where we start to code in php and a bit of mysql.

First lets start out with the session_start(); code this code keeps the information of the login going if you forget to add this you page will not work.

PHP Code:
<?php
session_start();
?>


Now we will connect to our mysql database you need to have one for this login script most hosting sites include this

PHP Code:
<?php
session_start();
?>
<?php
//change everything below here
$host="mysql.example.com";//your mysql host
$username="user123";..your mysql username
$password="password123";//your mysql password
$db_name="my_database";//your mysql database name
$tbl_name="member_login"// Table name
//stop changing things!

// Connect to server and select databse.
mysql_connect("$host""$username""$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");//this code connects to the database nothing is changed here

//now we get the username and passowrd from the form if you change the login username and loginpassword part of the form then change it here to the same thing

$loginusername=$_POST['loginusername'];
$loginpassword=$_POST['loginpassword'];

// to protect from sql injection we use these
$loginusername stripslashes($loginusername);
$loginpassword stripslashes($loginpassword);
$loginusername mysql_real_escape_string($loginusername);
$loginpassword mysql_real_escape_string($loginpassword);

// and now we check the database for the username and password entered
// nothing needs to be changes
$sql="SELECT * FROM $tbl_name WHERE username='$loginusername' and password='$loginpassword'";
$result=mysql_query($sql);
//now we check for matches
$count=mysql_num_rows($result);
//if the login info is correct then the script should only find one row that has the username and password the same as what was entered

//and the following checks exactly that
if($count==1){
session_register("loginusername");
session_register("loginpassword");
header("location:index.php");//this is the page you want your login to goto so change the index.php part
}
else {
header("location:loginerror.php");//this iswhere you put the page you want to goto if their login is wrong
}
?>

Thats the end of the login script!Blackhat

Now to make sure the user logged in to view a page you musit use the following code

this code goes on the line after the

PHP Code:
<?php
session_start();
?>



PHP Code:
<?php
if(session_is_registered(loginusername)){//once agian if you changed the loginusername on yours chage it to what you made it
?>


after that is your page codes
then all the way at the end you put


<?php
}else{
header("location:login.php");//the login.php is your login page not the script
}
?>

to logout make a <a href="link">link text</a> link and link it to a page with the code


PHP Code:
<?php
session_start();
session_destroy();
header("location:index.php");//the index.php is where you want them to go after they logout
?>


And thats it Blackhat below are the complete codes for the login prompt and login script

login.php

PHP Code:
<?php
session_start();
?>
<form id="login prompt" method="post" action="login.func.php">
Username<br /><input name="loginusername" type="text" id="loginusername">
Password<br /><input name="loginpassword" type="password" id="loginpassword">
<input type="submit" value="Login" id="submit" />
</form> 


login.func.php


PHP Code:
<?php
session_start();
?>
<?php
//change everything below here
$host="mysql.example.com";//your mysql host
$username="user123";..your mysql username
$password="password123";//your mysql password
$db_name="my_database";//your mysql database name
$tbl_name="member_login"// Table name
//stop changing things!

// Connect to server and select databse.
mysql_connect("$host""$username""$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");//this code connects to the database nothing is changed here

//now we get the username and passowrd from the form if you change the login username and loginpassword part of the form then change it here to the same thing

$loginusername=$_POST['loginusername'];
$loginpassword=$_POST['loginpassword'];

// to protect from sql injection we use these
$loginusername stripslashes($loginusername);
$loginpassword stripslashes($loginpassword);
$loginusername mysql_real_escape_string($loginusername);
$loginpassword mysql_real_escape_string($loginpassword);

// and now we check the database for the username and password entered
// nothing needs to be changes
$sql="SELECT * FROM $tbl_name WHERE username='$loginusername' and password='$loginpassword'";
$result=mysql_query($sql);
//now we check for matches
$count=mysql_num_rows($result);
//if the login info is correct then the script should only find one row that has the username and password the same as what was entered

//and the following checks exactly that
if($count==1){
session_register("loginusername");
session_register("loginpassword");
header("location:index.php");//this is the page you want your login to goto so change the index.php part
}
else {
header("location:loginerror.php");//this iswhere you put the page you want to goto if their login is wrong
}
?>


if you need any help just post dont pm me,

MAcar

Blackhat

Gaijin

10-07-2009, 08:24 PM
Very good one man.
But in the login.php I would make a change to
PHP Code:
<?php
session_start();

print <<<FORM
<form id="login prompt" method="post" action="login.func.php">
Username<br /><input name="loginusername" type="text" id="loginusername">
Password<br /><input name="loginpassword" type="password" id="loginpassword">
<input type="submit" value="Login" id="submit" />
</form> 
FORM;

?>

Not saying you did it wrong, it's just how I would do it.

andrewjs18

10-08-2009, 12:03 AM
I'm new to php, so bear with me...when I try to access the files in your tutorial on my web host, I get this error message above the username/password fields and I'm not sure why:

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/uglycars/public_html/test/php/page_login.php:3) in /home/uglycars/public_html/test/php/page_login.php on line 4

then...when I hit 'login', it takes me to a 404 page with this error:
The requested URL /php/loginerror.php was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

the 1st php file with the actual form is named page_login.php and the php page with all the login stuff is named login.php..not sure where it's getting loginerror.php

Gaijin

10-08-2009, 12:26 AM
session_start(); must be called before any other output in your script (print, echo, header)
According to the error you are calling session_start() on line 4 but you also have an somthing on line 3 you should swich those two, that should help you with session_start() Warning

in login.func.php at the bottom is the header functions wich redirects you to loginerror.php
you can change that to what ever you want to be redirected to on login error
Wich occurs when you input wrong values and the specified user can not be found in the database
PHP Code:
header("location:loginerror.php");//this iswhere you put the page you want to goto if their login is wrong 

andrewjs18

10-08-2009, 08:12 AM
(10-08-2009, 12:26 AM)NinjaGeek Wrote: [ -> ]session_start(); must be called before any other output in your script (print, echo, header)
According to the error you are calling session_start() on line 4 but you also have an somthing on line 3 you should swich those two, that should help you with session_start() Warning

in login.func.php at the bottom is the header functions wich redirects you to loginerror.php
you can change that to what ever you want to be redirected to on login error
Wich occurs when you input wrong values and the specified user can not be found in the database
PHP Code:
header("location:loginerror.php");//this iswhere you put the page you want to goto if their login is wrong 

hmn...
this is my code from the page getting the session_start
Code:
<html>
<body>
<?php
session_start();
?>
<form id="login prompt" method="post" action="login.php">
Username<input name="loginusername" type="text" id="loginusername"><br />
Password<input name="loginpassword" type="password" id="loginpassword"><br />
<input type="submit" value="Login" id="submit" />
</form>
</body>
</html>

Gaijin

10-08-2009, 09:41 AM
put
Code:
<html>
<body>

under the php code "?>"

andrewjs18

10-08-2009, 01:41 PM
(10-08-2009, 09:41 AM)NinjaGeek Wrote: [ -> ]put
Code:
<html>
<body>

under the php code "?>"

thank you

El Zorro

10-08-2009, 03:31 PM
your sql database can easily get hack because you have your user, pass, and database on a file and can be seen by viewing source

MAcar

10-08-2009, 04:57 PM
acutually you cant get hacked because you cant view php page source because when your browse a php script it runs the scipt on the server and show you the output on revealing the html soruce not the php of and also the java source
Oh And im going to ad how to make a regester script by saturday cant type it now i got calculus to do
Support Forums > Categories > Coding Support Forums > PHP The Hypertext Preprocessor > PHP mysql Login Tutorial By MAcar V1.0