You are here: Home » All Posts » PHP Form » Making a login form using PHP

Making a login form using PHP

This is in continuation of the tutorial on making a membership based web site. Please see the previous page PHP registration form for more details.

Download the code

You can download the whole source code for the registration/login system from the link below:
RegistrationForm.zip
The ReadMe.txt file in the download contains detailed instructions.

The login form

PHP login form

Here is the HTML code for the login form.

<form id='login' action='login.php' method='post' accept-charset='UTF-8'>
<fieldset >
<legend>Login</legend>
<input type='hidden' name='submitted' id='submitted' value='1'/>

<label for='username' >UserName*:</label>
<input type='text' name='username' id='username'  maxlength="50" />

<label for='password' >Password*:</label>
<input type='password' name='password' id='password' maxlength="50" />

<input type='submit' name='Submit' value='Submit' />

</fieldset>
</form>

Logging in

We verify the username and the password we received and then look up those in the database. Here is the code:

function Login()
{
    if(empty($_POST['username']))
    {
        $this->HandleError("UserName is empty!");
        return false;
    }
    
    if(empty($_POST['password']))
    {
        $this->HandleError("Password is empty!");
        return false;
    }
    
    $username = trim($_POST['username']);
    $password = trim($_POST['password']);
    
    if(!$this->CheckLoginInDB($username,$password))
    {
        return false;
    }
    
    session_start();
    
    $_SESSION[$this->GetLoginSessionVar()] = $username;
    
    return true;
}

In order to identify a user as authorized, we are going to check the database for his combination of username/password, and if a correct combination was entered, we set a session variable.

Here is the code to look up the username and password.

function CheckLoginInDB($username,$password)
{
    if(!$this->DBLogin())
    {
        $this->HandleError("Database login failed!");
        return false;
    }          
    $username = $this->SanitizeForSQL($username);
    $pwdmd5 = md5($password);
    $qry = "Select name, email from $this->tablename ".
        " where username='$username' and password='$pwdmd5' ".
        " and confirmcode='y'";
    
    $result = mysql_query($qry,$this->connection);
    
    if(!$result || mysql_num_rows($result) <= 0)
    {
        $this->HandleError("Error logging in. ".
            "The username or password does not match");
        return false;
    }
    return true;
}

Please notice that we must compare the value for the password from the database with the MD5 encrypted value of the password entered by the user. If the query returns a result, we set an “authorized” session variable, and then redirect to the protected content. If there are no rows with the entered data, we just redirect the user to the login form again.

Access controlled pages

For those pages that can only be accessed by registered members, we need to put a check on the top of the page.
Notice that we are setting an “authorized” session variable in the login code above. On top of pages we want to protect, we check for that session variable. If user is authorized, we show him the protected content, otherwise we direct him to the login form.

Include this sample piece of code on top of your protected pages:

<?PHP
require_once("./include/membersite_config.php");

if(!$fgmembersite->CheckLogin())
{
    $fgmembersite->RedirectToURL("login.php");
    exit;
}
?>

See the file: access-controlled.php in the downloaded code for an example.

Here is the CheckLogin() function code.

function CheckLogin()
{
     session_start();

     $sessionvar = $this->GetLoginSessionVar();
     
     if(empty($_SESSION[$sessionvar]))
     {
        return false;
     }
     return true;
}

These are the basics of creating a membership site. Now that you have the basic knowledge, you can experiment with it and add new features, such as a “Forgot password” page to allow the user to retrieve or change his password if he forgets it.

Updates

9th Jan 2012
Reset Password/Change Password features are added.
The code is now shared at GitHub.

License

The code is shared under LGPL license. You can freely use it on commercial or non-commercial websites.

Be Sociable, Share!

Tagged as: download, PHP, php login form

← Previous Comments

dwayde February 3, 2012 at 8:32 pm

i’m having problems getting the access control code to work on the page

lem February 9, 2012 at 12:32 pm

hello, there’s an error in line 733 of fg_membersite.php . it says that database login failed. what am i going to do. please response to this message. thanks

Ogbonda February 12, 2012 at 10:23 am

Good Day, i so much appreciate this script…but I am writing my project on student information system…in the sense that each student can register, login to their own page where they can upload their image, update there class, and any other information and it will appear on the student page probably myaccount.php can anyone kindly assist me on the scipt on myaccount.php that enable each student have access to there own unique account where they can upload all there information….thanks i really appreciate as you help..thanks

Connor Gurney March 24, 2012 at 3:33 am: Hi Ogbonda,

All you need to do is have an ID in the address to each students page and select their information via the ID

Connor

Danny February 18, 2012 at 9:42 am

it says that database login failed. ..
Some1 ??

RT February 20, 2012 at 5:43 am

I can register fine (no errors), but when I login it redirects me back to login everytime. I see no problem with mysql on my server, all info is there.

An Nguyen February 21, 2012 at 7:34 pm

Error logging in. The username or password does not match

I have this problem when using log in , any one can help ??

princy francis February 24, 2012 at 9:50 am

thank u buddy ! header redirect was useful

Manoj February 25, 2012 at 6:26 am

Hi
I m facing this problem
* required fields
Database Login failed! Please make sure that the DB login credentials provided are correct
mysqlerror:Access denied for user ‘prasanth’@'localhost’ (using password: YES)
Database login failed!

Luca February 27, 2012 at 5:24 pm

hello,
it’s should be to insert function “remember me”, in login form…..i need to implement this function with ajax. bye!

Lucien Brancaccio February 27, 2012 at 11:37 pm

Posted Problem with UserFullName(); ?> SOLVED.

Incorrect Code that came with ZIP Download
for login-home.php and access-controlled.php

UserFullName(); ?>!

**************************************************************************************

Corrected Code:
UserFullName(); ?>!

******************************************************************************

By reviewing the other php pages, I discovered that “=” should be replaced by “echo” in the login-home.php (line 21) and in access-controlled.php (line 23)

Furthermore, it is not a good idea to utilize “<?"; if one does use "<?", then one has to go into the php ini fiile and make the change: short_open_tag = on.

Sincerely,

Lucien Francesco Brancaccio

zemgo March 1, 2012 at 6:33 am

how to create user page with user url id?

like this (http://www.example.com/login-home.php?uid=1)
(http://www.example.com/login-home.php?uid=2)
(http://www.example.com/login-home.php?uid=3)
(http://www.example.com/login-home.php?uid=4)

osayawe March 5, 2012 at 10:32 am

I try the code from the download but i am gettting this error

Fatal error: Call to undefined function mysql_connect() in C:\Server\www\myserver.dev\public_html\include\fg_membersite.php on line 733

please help

osayawe March 5, 2012 at 1:24 pm

Thanks for this beautiful script I have manage to solve that problem, my issue now is that it doesn’t sent confirmation email and date function error

Error messages:Failed sending registration confirmation email.
Warning: date() [function.date]: It is not safe to rely on the system’s timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected ‘UTC’ for ’8.0/no DST’ instead in C:\Server\www\myserver.dev\public_html\include\class.phpmailer.php on line 1612

Warning: date() [function.date]: It is not safe to rely on the system’s timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected ‘UTC’ for ’8.0/no DST’ instead in C:\Server\www\myserver.dev\public_html\include\class.phpmailer.php on line 1616

Please how do I correct this error

Thanks a million.

Bob Miers March 12, 2012 at 8:16 pm

A question: has anyone implemented this code on 1and1.com? I thought that it should be an easy task, but after creating the database and putting the info into the fg_membersite.php file, I get the failed to login error message.

This looks like just what I need for use on a site.

Thanks

Shelley March 18, 2012 at 5:03 pm

someone please help
testing the form on a local server and coming up with this warning

Warning: mysql_connect() [function.mysql-connect]: Access denied for user ‘prasanth’@'localhost’ (using password: YES) in C:\xampp\htdocs\simfatic\include\fg_membersite.php on line 733

here is line 733: $this->connection = mysql_connect($this->db_host,$this->username,$this->pwd);

Tax prep guy March 22, 2012 at 8:26 pm

Has anyone every gotten a message like this:
Warning: require_once(./include/membersite_config.php) [function.require-once]: failed to open stream: No such file or directory in /home/thebes83/public_html/register.php on line 2

Fatal error: require_once() [function.require]: Failed opening required ‘./include/membersite_config.php’ (include_path=’.:/usr/lib/php:/usr/local/lib/php’) in /home/thebes83/public_html/register.php on line 2

what does that mean?

Thanks
Tax guy