How to Write a PHP Script Login

Create Tables

• 1

  Log in to PHPMyAdmin (or another MySQL database control panel) via your website control center to create a database table for the user information. Click the name of the database you wish to use and select the "SQL" tab.

• 2

  Copy and paste the following into the textarea by highlighting the text, pressing "Ctrl" + "C" to copy and typing "Ctrl" + "V" to paste into the box.

  CREATE TABLE `members` (
  `id` int(4) NOT NULL auto_increment,
  `username` varchar(65) NOT NULL default '',
  `password` varchar(65) NOT NULL default '',
  PRIMARY KEY (`id`)
  ) TYPE=MyISAM AUTO_INCREMENT=2 ;

  --
  -- Dumping data for table `members`
  --

  INSERT INTO `members` VALUES (1, 'john', '1234');

• 3

  Press "Go" to run the SQL query. This creates a table that will house user IDs, user names and passwords. The query instructs the table to create a test user with ID of "1," user name "john" and password "1234."

• 4

  Add additional users to your database using the same query syntax as before:

  INSERT INTO `members` VALUES (1, 'john', '1234');

  Change the values for user name and password to your desired credentials. Change the value for ID so it increases one digit over the previous ID.

• 5

  Press "Go" to run the query and add users to your database.

Create Pages

• 6

  Open a text or HTML editor such as Notepad to create the log in web page. You can edit an existing page from your site. Select "File" and "Open" to locate an existing file or select "File" and "New" to start with a brand new page. If you are starting with a new page, you must include the opening and closing html, title, head and body tags for it to function properly.

• 7

  Paste the following mark up into the area where you want the log in box to display:

  <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
  <tr>
  <form name="form1" method="post" action="checklogin.php">
  <td>
  <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
  <tr>
  <td colspan="3"><strong>Member Login </strong></td>
  </tr>
  <tr>
  <td width="78">Username</td>
  <td width="6">:</td>
  <td width="294"><input name="myusername" type="text" id="myusername"></td>
  </tr>
  <tr>
  <td>Password</td>
  <td>:</td>
  <td><input name="mypassword" type="text" id="mypassword"></td>
  </tr>
  <tr>
  <td> </td>
  <td> </td>
  <td><input type="submit" name="Submit" value="Login"></td>
  </tr>
  </table>
  </td>
  </form>
  </tr>
  </table>

• 8

  Select "File" and "Save" to save your web page. Type "main_login.php" into the dialogue. Make sure "All File" or "All File Types" is active in the drop down menu. You can close this file.

• 9

  Create another new file by selecting "File" and "New." Paste the following into your text editor.

  <?php
  $host="localhost"; // Host name
  $username=""; // Mysql username
  $password=""; // Mysql password
  $db_name="test"; // Database name
  $tbl_name="members"; // Table name

  // Connect to server and select databse.
  mysql_connect("$host", "$username", "$password")or die("cannot connect");
  mysql_select_db("$db_name")or die("cannot select DB");

  // username and password sent from form
  $myusername=$_POST['myusername'];
  $mypassword=$_POST['mypassword'];

  // To protect MySQL injection (more detail about MySQL injection)
  $myusername = stripslashes($myusername);
  $mypassword = stripslashes($mypassword);
  $myusername = mysql_real_escape_string($myusername);
  $mypassword = mysql_real_escape_string($mypassword);

  $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
  $result=mysql_query($sql);

  // Mysql_num_row is counting table row
  $count=mysql_num_rows($result);
  // If result matched $myusername and $mypassword, table row must be 1 row

  if($count==1){
  // Register $myusername, $mypassword and redirect to file "login_success.php"
  session_register("myusername");
  session_register("mypassword");
  header("location:login_success.php");
  }
  else {
  echo "Wrong Username or Password";
  }
  ?>

• 10

  Change the values for $host, $,username, $password, $db_name and $tbl_name to your database credentials to allow the script to function. Many MySQL databases use the locaton "localhost," that is provided in this script. Type your database user name, password, database name and table name between the quotation marks, respectively.

  Save the file as "checklogin.php" and close it.

Upload Pages

• 11

  Navigate to your hosting control panel in your web browser or open an FTP (file transfer protocol) client such as Filezilla on your computer. Type in your user name, password and FTP server (if applicable) into the appropriate fields. Click "Login" or "Connect."

• 12

  Select the upload utility in the file manager of your control panel to locate the three PHP files. Select the files (press "CTRL" while clicking to select multiple files if you can; otherwise repeat this step for all files) and press "Okay" to upload the files. Navigate to the folder containing the files in the "Local" pane your FTP client and click and drag the files into the "Remote" (site) pane to upload them.

• 13

  Enter the URL to "main_login.php" to test the script. The address will look similar to "http://yourdomain.com/main_login.php." Enter username "john" and password "1234" if you entered them into the database table. Otherwise, enter another user name and password you added.

  If the script works, you will be redirected to "login_success.php."

• 14

  Double check your database credentials if the script cannot connect. If the script does not work, it will display an explanation (access denied because of password, etc).

Modifications

• 15

  Type the following into "checklogin.php" if you are running the newest version of PHP (PHP5).

  <?php
  ob_start();
  $host="localhost"; // Host name
  $username=""; // Mysql username
  $password=""; // Mysql password
  $db_name="test"; // Database name
  $tbl_name="members"; // Table name

  // Connect to server and select databse.
  mysql_connect("$host", "$username", "$password")or die("cannot connect");
  mysql_select_db("$db_name")or die("cannot select DB");

  // Define $myusername and $mypassword
  $myusername=$_POST['myusername'];
  $mypassword=$_POST['mypassword'];

  // To protect MySQL injection (more detail about MySQL injection)
  $myusername = stripslashes($myusername);
  $mypassword = stripslashes($mypassword);
  $myusername = mysql_real_escape_string($myusername);
  $mypassword = mysql_real_escape_string($mypassword);

  $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
  $result=mysql_query($sql);

  // Mysql_num_row is counting table row
  $count=mysql_num_rows($result);
  // If result matched $myusername and $mypassword, table row must be 1 row

  if($count==1){
  // Register $myusername, $mypassword and redirect to file "login_success.php"
  session_register("myusername");
  session_register("mypassword");
  header("location:login_success.php");
  }
  else {
  echo "Wrong Username or Password";
  }

  ob_end_flush();
  ?>

• 16

  Change the values for $host, $username, $password, $db_name and $tbl_name.

• 17

  Save the file as "checklogin.php" and close it. Upload it to your server via file manager or FTP.

• 18

  Open "main_login.php" and locate this line:

  <td><input name="mypassword" type="text" id="mypassword"></td>

  Change "text" to "password" and browsers will display asterisks (*) instead of characters in the password.

• 19

  Save "main_login.php"and upload it to your site.