Making a login form using PHP

This is in continuation of the tutorial on making a membership based web site. Please see the previous page PHP registration form for more details.

In order to identify a user as authorized, we are going to check the database for his combination of username/password, and if a correct combination was entered, we set a session variable. Then, on top of pages we want to protect, we check for the variable. If user is authorized, we show him the protected content, otherwise we direct him to the login form.

Include this sample piece of code on top of your protected pages:


	if ($_SESSION['authorized'] != true) {


	
	header("Location: login_form.php");	

	exit;


	
	}

Now create a simple login form (in a file called login_form.php), and let's make it post to login.php file.


	<form method="POST" action="login.php">

	<input type="text" name="username">

	<input type="password" name="password">

	<input type="submit" value="Login">

	</form>

In the login.php file, include the database connection string again. Now that we connected to the database, let's check if the user entered correct data. Again, we have our data available in the $_POST array.


	$select_user = mysql_query('select * from users where username = "' . $_POST['username'] . '" and password = "' . md5($_POST['password'] . '"'));


	
	if (mysql_num_rows($select_user) != 0) {


	
	session_start();

	session_register('authorized');

	$_SESSION['authorized'] = true;


	
	header("Location: protected_content.php");

	exit;


	
	} else {


	
	header("Location: login_form.php");

	exit;	


	
	}

What we do is run a query on the database and select a row with the correct username and password, if it exists. Please notice that we must compare the value for the password from the database with the MD5 encrypted value of the password entered by the user. If the query returns a result, we set the "authorized" session variable, and then redirect to the protected content {in our example protected_content.php). If there are no rows with the entered data, we just redirect the user to the login form again.

These are the basics of creating a membership site. Now that you have the basic knowledge, you can experiment with it and add new features, such as a "Forgot password" page to allow the user to retrieve or change his password if he forgets it, or code to protect against SQL injection.

How to submit a form using PHP

Creating a multi-page order form using PHP

Creating a registration form using PHP



Email forms
	How to get email from html form submission Email form using 'mailto' Form to email using PHP Email form with file attachment in PHP
Form mail scripts
	Form mail script selection guide Perl based form mail
Contact Forms
	PHP based email contact form Secure your HTML contact form using captcha
PHP Form
	PHP form validation script PHP form tutorial: first steps PHP form processing PHP form 'GET' PHP form 'POST' Handling checkbox in PHP form processor Handling select box in a PHP form Using PHP_SELF in the action field of a form How to submit a form using PHP Creating a registration form using PHP Making a login form using PHP Creating a multi-page order form using PHP Passing PHP form variables from one page to other


Copyright © 2008 html-form-guide.com . All rights reserved.

Making a login form using PHP

Related pages