Making a login form using PHP

This is in continuation of the tutorial on making a membership based web site. Please see the previous page PHP registration form for more details.

Download the code

You can download the whole source code for the registration/login system from the link below:
RegistrationForm.zip
The ReadMe.txt file in the download contains detailed instructions.

The login form

PHP login form

Here is the HTML code for the login form.

<form id='login' action='login.php' method='post' accept-charset='UTF-8'>
<fieldset >
<legend>Login</legend>
<input type='hidden' name='submitted' id='submitted' value='1'/>

<label for='username' >UserName*:</label>
<input type='text' name='username' id='username'  maxlength="50" />

<label for='password' >Password*:</label>
<input type='password' name='password' id='password' maxlength="50" />

<input type='submit' name='Submit' value='Submit' />

</fieldset>
</form>

Logging in

We verify the username and the password we received and then look up those in the database. Here is the code:

function Login()
{
    if(empty($_POST['username']))
    {
        $this->HandleError("UserName is empty!");
        return false;
    }
    
    if(empty($_POST['password']))
    {
        $this->HandleError("Password is empty!");
        return false;
    }
    
    $username = trim($_POST['username']);
    $password = trim($_POST['password']);
    
    if(!$this->CheckLoginInDB($username,$password))
    {
        return false;
    }
    
    session_start();
    
    $_SESSION[$this->GetLoginSessionVar()] = $username;
    
    return true;
}

In order to identify a user as authorized, we are going to check the database for his combination of username/password, and if a correct combination was entered, we set a session variable.

Here is the code to look up the username and password.

function CheckLoginInDB($username,$password)
{
    if(!$this->DBLogin())
    {
        $this->HandleError("Database login failed!");
        return false;
    }          
    $username = $this->SanitizeForSQL($username);
    $pwdmd5 = md5($password);
    $qry = "Select name, email from $this->tablename ".
        " where username='$username' and password='$pwdmd5' ".
        " and confirmcode='y'";
    
    $result = mysql_query($qry,$this->connection);
    
    if(!$result || mysql_num_rows($result) <= 0)
    {
        $this->HandleError("Error logging in. ".
            "The username or password does not match");
        return false;
    }
    return true;
}

Please notice that we must compare the value for the password from the database with the MD5 encrypted value of the password entered by the user. If the query returns a result, we set an “authorized” session variable, and then redirect to the protected content. If there are no rows with the entered data, we just redirect the user to the login form again.

Access controlled pages

For those pages that can only be accessed by registered members, we need to put a check on the top of the page.
Notice that we are setting an “authorized” session variable in the login code above. On top of pages we want to protect, we check for that session variable. If user is authorized, we show him the protected content, otherwise we direct him to the login form.

Include this sample piece of code on top of your protected pages:

<?PHP
require_once("./include/membersite_config.php");

if(!$fgmembersite->CheckLogin())
{
    $fgmembersite->RedirectToURL("login.php");
    exit;
}
?>

See the file: access-controlled.php in the downloaded code for an example.

Here is the CheckLogin() function code.

function CheckLogin()
{
     session_start();

     $sessionvar = $this->GetLoginSessionVar();
     
     if(empty($_SESSION[$sessionvar]))
     {
        return false;
     }
     return true;
}

These are the basics of creating a membership site. Now that you have the basic knowledge, you can experiment with it and add new features, such as a “Forgot password” page to allow the user to retrieve or change his password if he forgets it.

Updates

9th Jan 2012
Reset Password/Change Password features are added.
The code is now shared at GitHub.

License


The code is shared under LGPL license. You can freely use it on commercial or non-commercial websites.

Be Sociable, Share!

Comments on this entry are closed.

  • dwayde

    i’m having problems getting the access control code to work on the page

  • lem

    hello, there’s an error in line 733 of fg_membersite.php . it says that database login failed. what am i going to do. please response to this message. thanks

  • http://www.difameg.com Ogbonda

    Good Day, i so much appreciate this script…but I am writing my project on student information system…in the sense that each student can register, login to their own page where they can upload their image, update there class, and any other information and it will appear on the student page probably myaccount.php can anyone kindly assist me on the scipt on myaccount.php that enable each student have access to there own unique account where they can upload all there information….thanks i really appreciate as you help..thanks

    • http://connorgurney.co.uk Connor Gurney

      Hi Ogbonda,

      All you need to do is have an ID in the address to each students page and select their information via the ID :D

      Connor

  • http://www.danieldesign.site40.com Danny

    it says that database login failed. :( ..
    Some1 ??

  • RT

    I can register fine (no errors), but when I login it redirects me back to login everytime. I see no problem with mysql on my server, all info is there.

  • An Nguyen

    Error logging in. The username or password does not match

    I have this problem when using log in , any one can help ??

  • princy francis

    thank u buddy ! header redirect was useful

  • http://crossby.in Manoj

    Hi
    I m facing this problem
    * required fields
    Database Login failed! Please make sure that the DB login credentials provided are correct
    mysqlerror:Access denied for user ‘prasanth’@’localhost’ (using password: YES)
    Database login failed!

  • http://volarealitalia.altervista.org/ Luca

    hello,
    it’s should be to insert function “remember me”, in login form…..i need to implement this function with ajax. bye!

  • http://localhosttestserver Lucien Brancaccio

    Posted Problem with UserFullName(); ?> SOLVED.

    Incorrect Code that came with ZIP Download
    for login-home.php and access-controlled.php

    UserFullName(); ?>!

    **************************************************************************************

    Corrected Code:
    UserFullName(); ?>!

    ******************************************************************************

    By reviewing the other php pages, I discovered that “=” should be replaced by “echo” in the login-home.php (line 21) and in access-controlled.php (line 23)

    Furthermore, it is not a good idea to utilize “<?"; if one does use "<?", then one has to go into the php ini fiile and make the change: short_open_tag = on.

    Sincerely,

    Lucien Francesco Brancaccio

  • http://zemgo.net23.net zemgo
  • osayawe

    I try the code from the download but i am gettting this error

    Fatal error: Call to undefined function mysql_connect() in C:\Server\www\myserver.dev\public_html\include\fg_membersite.php on line 733

    please help

  • osayawe

    Thanks for this beautiful script I have manage to solve that problem, my issue now is that it doesn’t sent confirmation email and date function error

    Error messages:Failed sending registration confirmation email.
    Warning: date() [function.date]: It is not safe to rely on the system’s timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected ‘UTC’ for ‘8.0/no DST’ instead in C:\Server\www\myserver.dev\public_html\include\class.phpmailer.php on line 1612

    Warning: date() [function.date]: It is not safe to rely on the system’s timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected ‘UTC’ for ‘8.0/no DST’ instead in C:\Server\www\myserver.dev\public_html\include\class.phpmailer.php on line 1616

    Please how do I correct this error

    Thanks a million.

  • Bob Miers

    A question: has anyone implemented this code on 1and1.com? I thought that it should be an easy task, but after creating the database and putting the info into the fg_membersite.php file, I get the failed to login error message.

    This looks like just what I need for use on a site.

    Thanks

  • Shelley

    someone please help
    testing the form on a local server and coming up with this warning

    Warning: mysql_connect() [function.mysql-connect]: Access denied for user ‘prasanth’@’localhost’ (using password: YES) in C:\xampp\htdocs\simfatic\include\fg_membersite.php on line 733

    here is line 733: $this->connection = mysql_connect($this->db_host,$this->username,$this->pwd);

  • Pingback: [Guide]Setting up Codeita | Oh My Days…

  • http://www.thebesttaxprep.com Tax prep guy

    Has anyone every gotten a message like this:
    Warning: require_once(./include/membersite_config.php) [function.require-once]: failed to open stream: No such file or directory in /home/thebes83/public_html/register.php on line 2

    Fatal error: require_once() [function.require]: Failed opening required ‘./include/membersite_config.php’ (include_path=’.:/usr/lib/php:/usr/local/lib/php’) in /home/thebes83/public_html/register.php on line 2

    what does that mean?

    Thanks
    Tax guy

    • Prasanth

      You have to upload the whole code.

  • conor

    it comes up with an error: incorrect username or password how do i fix this

  • omi

    Thanx a lot for the code…. it works awesome!!!! u rock!!! :)