Creating a Simple PHP and MySQL- Based Login System Contents: Ctrl+clink on a item to read 1. Files 2. Step 1 - Creating the Users Table & Adding a User 3. Step 2 - Create the Database Configuration File (includes/config.inc.php) 4. Step 3 - Create the Functions (includes/functions.inc.php) 5. Step 4 - Create the Login Script (includes/login.inc.php) 6. Step 5 - Create the Log Out Script (includes/logout.inc.php) 7. Step 6 - Create the Login Page (login.php) 8. Step 7 - Creating the Login Screen CSS File (css/login.css) 9. Step 8 - Creating the Admin Page (index.php) Files 1. /login.php - Front-facing login screen 2. /index.php - Password-protected page 3. /css/login.css - CSS file for login screen


Embed Size (px)



Citation preview

Page 1: Documentfs

Creating a Simple PHP and MySQL-Based Login System



Ctrl+clink on a item to read



1. Files 2. Step 1 - Creating the Users Table & Adding a User 3. Step 2 - Create the Database Configuration File (includes/config.inc.php) 4. Step 3 - Create the Functions (includes/functions.inc.php) 5. Step 4 - Create the Login Script (includes/login.inc.php) 6. Step 5 - Create the Log Out Script (includes/logout.inc.php) 7. Step 6 - Create the Login Page (login.php) 8. Step 7 - Creating the Login Screen CSS File (css/login.css) 9. Step 8 - Creating the Admin Page (index.php)





1. /login.php - Front-facing login screen 2. /index.php - Password-protected page 3. /css/login.css - CSS file for login screen 4. /includes/config.inc.php - Database configuration file 5. /includes/function.inc.php - Core functions 6. /includes/login.inc.php - Login script 7. /includes/logout.inc.php - Logout script

Page 2: Documentfs

Step 1 - Creating the Users Table & Adding a User

The following MySQL query will create the users table we will need to create the login system:



CREATE TABLE `tpc_tutorials`.`users` (


`username` VARCHAR( 20 ) NOT NULL ,

`password` VARCHAR( 32 ) NOT NULL ,





id - Each user is assigned a unique ID, AUTO_INCREMENT ensures that this automatically increases with each user that is added.

username - Each username must be unique and no greater than 20 characters. password - Because we will be using MD5 encryption, which produces unique strings with a

length of 32 characters, we have allowed this field a maximum of 32 characters.

Next, we will add a user to the users table:

INSERT INTO `tpc_tutorials`.`users` (

`id` ,

`username` ,




NULL , 'admin', MD5( 'password' )


The MySQL statement above creates a user with admin as the username, and password as the password. The MD5 command will encrypt the password in a 32-character string. If all is working properly, you should end up with 5f4dcc3b5aa765d61d8327deb882cf99 in the password field.

Page 3: Documentfs


Step 2 - Create the Database Configuration File


In this step, we will create a configuration file that stores our MySQL database connection settings. Creating a separate file for database settings helps if you have to change your MySQL username, password, server, or database. Otherwise, you may end up having to make the same change over and over again, which can be quite time-consuming. (I learned this the hard way!)




* MySQL Database Configuration


* @file /includes/config.inc.php

* @note Replace the settings below with those for your MySQL database.


define('DB_HOSTNAME', 'database_hostname');

define('DB_USERNAME', 'database_username');

define('DB_PASSWORD', 'database_password');

define('DB_DATABASE', 'database_name');




Page 4: Documentfs





Step 3 - Create the Functions (includes/functions.inc.php)

The functions file includes those functions frequently used, and consolidating these help save time and reduce code clutter. The key concepts illustrated in this part of the tutorial are:

Functions & function commenting Use of header() for redirection





* Crucial Functions for Application


* @package tpc_tutorials

* @file    /includes/functions.inc.php




* Redirects to specified page


* @param string $page Page to redirect user to

* @return void


Page 5: Documentfs

function redirect($page) {

              header('Location: ' . $page);





* Check login status


* @return boolean Login status


function check_login_status() {

              // If $_SESSION['logged_in'] is set, return the status

              if (isset($_SESSION['logged_in'])) {

                            return $_SESSION['logged_in'];


              return false;





Step 4 - Create the Login Script (includes/login.inc.php)

The script we create during this step will be executed after we submit a username and password via the login screen. Several key concepts will be illustrated in this step:

Sanitizing data (making sure data is safe for database) Simple MySQL queries using the object-oriented MySQLi extension Including an external PHP file Use of $_SESSION variables


Page 6: Documentfs



// Include required MySQL configuration file and functions




// Start session



// Check if user is already logged in

if ($_SESSION['logged_in'] == true) {

              // If user is already logged in, redirect to main page


} else {

              // Make sure that user submitted a username/password and username

only consists of alphanumeric chars

              if ( (!isset($_POST['username'])) || (!isset($_POST['password']))


                   (!ctype_alnum($_POST['username'])) ) {




              // Connect to database

              $mysqli = @new mysqli(DB_HOSTNAME, DB_USERNAME, DB_PASSWORD,



              // Check connection

              if (mysqli_connect_errno()) {

                            printf("Unable to connect to database: %s",



Page 7: Documentfs



              // Escape any unsafe characters before querying database

              $username = $mysqli->real_escape_string($_POST['username']);

              $password = $mysqli->real_escape_string($_POST['password']);


              // Construct SQL statement for query & execute

              $sql              = "SELECT * FROM users WHERE username = '" .

$username . "' AND password = '" . md5($password) . "'";

              $result = $mysqli->query($sql);


              // If one row is returned, username and password are valid

              if (is_object($result) && $result->num_rows == 1) {

                            // Set session variable for login status to true

                            $_SESSION['logged_in'] = true;


              } else {

                            // If number of rows returned is not one, redirect

back to login screen






Step 5 - Create the Log Out Script (includes/logout.inc.php)

There are two new PHP features introduced in this script: unset() and session_destroy().

unset() - Unsets specified variable session_destroy() - Destroys all data registered to a session

Page 8: Documentfs


// Start session



// Include required functions file



// If not logged in, redirect to login screen

// If logged in, unset session variable and display logged-out message

if (check_login_status() == false) {

              // Redirect to


} else {

              // Kill session variables




              // Destroy session




<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">


              <meta http-equiv="Content-type" content="text/html;charset=utf-

8" />

              <title>Creating a Simple PHP and MySQL-Based Login System -



Page 9: Documentfs


<h1>Logged Out</h1>

<p>You have successfully logged out. Back to <a href="../login.php">login</a>





Step 6 - Create the Login Page (login.php)

The following HTML page is one example of how you can style and layout your login screen. The CSS will be created in the next step, which can be edited to suit your needs.


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">


  <meta http-equiv="Content-type" content="text/html;charset=utf-8" />

  <title>Creating a Simple PHP and MySQL-Based Login System -


  <link rel="stylesheet" type="text/css" href="css/login.css" />



  <form id="login-form" method="post" action="includes/login.inc.php">


      <legend>Login to Web Site</legend>

      <p>Please enter your username and password to access the administrator's


      <label for="username">

        <input type="text" name="username" id="username" />Username:

Page 10: Documentfs


      <label for="password">

        <input type="password" name="password" id="password" />Password:


      <label for="submit">

        <input type="submit" name="submit" id="submit" value="Login" />






Step 7 - Creating the Login Screen CSS File (css/login.css)

Create a new directory called css, and save the following in a file called login.css.


body {

              font-family: 'Trebuchet MS', Verdana, Arial, sans-serif;

              font-size: 10pt;



#login-form {

              width: 300px;

              margin: 0 auto;



#login-form fieldset {

              padding: 10px;


Page 11: Documentfs


#login-form legend {

              font-weight: bold;

              font-size: 9pt;



#login-form label {

              display: block;

              height: 2em;

              background-color: #e7e7e7;

              padding: 10px 10px 0;



#login-form input {

              margin-right: 20px;

              border: 1px solid #999;

              float: right;

              clear: right;

              background: #ccc;



#login-form input:focus, #login-form input-hover {

              border: 1px solid #333;


Page 12: Documentfs



Step 8 - Creating the Admin Page (index.php)

The first instruction we pass is session_start(), which allows us to use the $_SESSION variable to access information. After that, we bring our library of functions so we can use the check_login_status() and redirect() functions. The if statement in the code block redirects the user back to the login screen if he/she is not logged in.



// Start session



// Include required functions file



// Check login status... if not logged in, redirect to login screen

if (check_login_status() == false) {




<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">


              <meta http-equiv="Content-type" content="text/html;charset=utf-

8" />

              <title>Creating a Simple PHP and MySQL-Based Login System -



Page 13: Documentfs


              <h1>Administration Panel</h1>

              <p>You are currently logged in. You may log out using the button


              <p><a href="includes/logout.inc.php">Log Out</a></p>

