Howto: Create a login form in PHP
Howto, php February 7th, 2008On most websites you can register and login as a user. Today, we’re going to create a form where you can register and a form to login. We will use the programming language PHP for it.
Requirements
- Basic knowledge of HTML
- Basic knowledge of PHP
- A webserver and PHP + MySQL
Contents
- Setting up the database
- Creating the database connection
- Creating the registerform
- Handle the registerform
- Creating the loginform
- Handle the loginform
Setting up the database
Create a database for this tutorial. It doesn’t matter what name you use for the database. If you do not know how to create a new database, use the following code.
CREATE DATABASE `login`
When you’re done creating a new database, you’ll need to create the tables. In the tables the data proccessed from the registerform is stored. And the data in the table is used to check if a user has registered.
CREATE TABLE `users` ( `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY , `username` VARCHAR( 255 ) NOT NULL , `password` VARCHAR( 255 ) NOT NULL , `email` VARCHAR( 255 ) NOT NULL )
In this code, the table users is created. The id is a mandotory value and is used as a primary key. Username, password and email are the fields you want to store data in. They’re given a allowance of 255 characters in a single field. Last, each time new data is stored, the id auto increments, which means the id will increment with ‘one’.
Creating the database connection
Creating the database connection is simple. Enter the following code, but with your own username and password.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | <?php // Your host, 99% of the time it's localhost. $db_host = 'localhost'; // Your username for MySQL. $db_user = 'user'; // Your password for MySQL. $db_pass = 'pass'; // And your given name for the database. $db_name = 'login'; // The database connection. $con = mysql_connect($db_host, $db_user, $db_pass); if(!$con) { die("Cannot connect. " . mysql_error()); } // The database name selection. $dbselect = mysql_select_db($db_name); if(!$dbselect) { die("Cannot select database " . mysql_error()); } ?> |
Just save this file as ‘connection.php’. We’ll include this file in the authenticate page.
Creating the registerform
Create an empty PHP page with the name ‘register.php’ and write the following code within the <body> tags.
<form method="post" action="authenticate.php"> <!-- you can use another action if you'd like --> <label for="username">Username: </label><br /> <input type="text" name="username" id="username"><br /> <label for="password">Password: </label><br /> <input type="password" name="password" id="password"><br /> <label for="password2">Confirm: </label><br /> <input type="password" name="password2" id="password2"><br> <label for="email">Email address:</label><br /> <input type="text" name="email" id="email"><br /> <input type="submit" name="submit" id="submit" value="Submit"> </form>
Handle the registerform
Now it gets interesting. Create another empty PHP page and name it after the action given in the <form action=”"> tag. If you’ve copied the previous code, the page would be named ‘authenticate.php’.
Type in the following code in your PHP page
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 | <?php // Include the database connection file. include("connection.php"); // Check if a person has clicked on submit. if(isset($_POST['submit'])) { // Check if a person has filled every form. if(empty($_POST['username']) || empty($_POST['password']) || empty($_POST['password2']) || empty($_POST['email'])) { // Display the error message. echo "You have to fill in everything in the form."; // Exit the code. exit; } // Create variables from each $_POST. $username = $_POST['username']; $password = $_POST['password']; $password2 = $_POST['password2']; $email = $_POST['email']; // Now, compare passwords and check if they're the same. if($password != $password2) { // If the passwords are NOT the same. Again display an error message and redirect. echo "Sorry, wrong password."; exit; } // Secure the password using an md5 hash. $password = md5($password); // Create a variable containing the SQL query. $query = "INSERT INTO `users` (username, password, email) VALUES ('$username', '$password', '$email')"; // Perform the SQL query on the database. $result = mysql_query($query); // If the query failed, display an error. if(!$result) { // The dot seperates PHP code and plain text. echo "Your query failed. " . mysql_error(); } else { // Display a success message! echo "Welcome " . $username . " You are now registered"; } } ?> |
By filling in the registerform. The data from the regsiterform is posted to the PHP file ‘authenticate.php’ and processed. The data is then stored into the database, in the table ‘users’. The user will now be able to log in
Creating the loginform
This is almost the same as creating the registerform.
<form method="post" action="login2.php"> <label for="username">Username: </label><br /> <input type="text" name="username" id="username"><br /> <label for="password">Password: </label><br /> <input type="password" name="password" id="password"><br /> <input type="submit" name="submit" id="submit" value="Submit"> </form>
The user types in his/her username and password and then clicks on submit. In the file ‘login2.php’ we’ll create the login process.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | <?php // login2.php include("connection.php"); // Start a session. Session is explained below. session_start(); // Same checking stuff all over again. if(isset($_POST['submit'])) { if(empty($_POST['username']) || empty($_POST['password'])) { echo "Sorry, you have to fill in all forms"; exit; } // Create the variables again. $username = $_POST['username']; $password = $_POST['password']; // Encrypt the password again with the md5 hash. // This way the password is now the same as the password inside the database. $password = md5($password); // Store the SQL query inside a variable. // ONLY the username you have filled in is retrieved from the database. $query = "SELECT username,password FROM `users` WHERE username='$username'"; $result = mysql_query($query); if(!$result) { // Gives an error if the username given does not exist. // or if something else is wrong. echo "The query failed " . mysql_error(); } else { // Now create an object from the data you've retrieved. $row = mysql_fetch_object($result); // You've now created an object containing the data. // You can call data by using -> after $row. // For example now the password is checked if they're equal. if($row->password != $password) { echo "I am sorry, but the passwords are not equal."; exit; } // By storing data inside the $_SESSION superglobal, // you stay logged in until you close your browser. $_SESSION['username'] = $username; $_SESSION['sid'] = session_id(); // Make it more secure by storing the user's IP address. $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; // Now give the success message. // $_SESSION['username'] should print out your username. echo "Success! You are now logged in " . $_SESSION['username']; } } |
This all should work fine if you correctly followed everything. I have included a .zip file with the full login form in it. Feel free to comment and ask questions
Download .zip
February 29th, 2008 at 6:35 pm
exactly what i was looking for! did help me a lot! thanks!
just a little typo in ‘register.php’ “You are now registred” …
February 29th, 2008 at 8:48 pm
i had to add “session_start();” to “access.php” .. else it wouldn’t work …
March 1st, 2008 at 12:42 pm
Thanks. Changed the errors.
March 4th, 2008 at 11:33 am
Perfect for my personalized website! big thanks to you bro
March 6th, 2008 at 4:46 pm
Thank’s alot
March 10th, 2008 at 8:23 am
can i change access page layout, colors, images etc.
March 10th, 2008 at 11:49 am
very useful, thanks a lot
March 13th, 2008 at 7:07 pm
What if two users sign up with the same username?
March 17th, 2008 at 6:20 am
if two users signed up with the same username there would be an issue with the row lookup in the select query.
to solve this make the username column in the table unique.
you will probably want to make the email column unique as well.
here’s how to with the example table:
ALTER TABLE users ADD UNIQUE (username,email);
March 17th, 2008 at 9:57 pm
What about validation of submitted Data?
If you use such a login script every trained security-interested programmer can drop your whole database. NEVER EVER submit data which is filled out by user without validating them and replace certain tags!
March 19th, 2008 at 8:57 am
When you assign the $username and $password variable, you can give them a basic security. e.g
$username = mysql_real_escape_string($_POST[’username’];
$password = mysql_real_escape_string($_POST[’password’];
This is just a howto how to make a real basic login and register form, without adding security checks.
When checking if the desired username already exists try:
$sql = “SELECT username FROM users WHERE username=’$username’”;
if($sql) {
echo “Username already exists”;
} else {
echo “Username doesn’t exist”;
}
March 20th, 2008 at 8:11 pm
I dont know why i am getting this. I have a wamp sever i submited the query to the database in phpmyadmin please tell me how to do this. I just started learning this would love some help thank you. How do i find the user and password for mysql on wampsever(wamp5)
************************************************************
Warning: mysql_connect() [function.mysql-connect]: Access denied for user ‘root’@'localhost’ (using password: YES) in D:\wamp\www\PHP\connection.php on line 19
Cannot connect. Access denied for user ‘root’@'localhost’ (using password: YES)
**********************************************************
Then I tried giving blanks in them then I got this
____________________________________________________
Cannot select database Access denied for user ”@’localhost’ to database ‘login’
March 20th, 2008 at 11:01 pm
I tried it on my wampserver it was working i dont know fow to do this in a site. i dont know .Help me please
*************************************************************
Warning: mysql_connect(): Access denied for user ‘rosjos’@'ws5.100ws.com’ (using password: NO) in /home/www/chakaro.100webspace.net/connection.php on line 19
Cannot connect. Access denied for user ‘rosjos’@'ws5.100ws.com’ (using password: NO)
March 22nd, 2008 at 7:24 pm
Awesome, it works! Thanks
Hmm now I need a log out page and a members only page… any ideas on how to do this?
March 24th, 2008 at 8:11 pm
I had to take out the md5() secure function so that I could login after registering. If I left it in the code, then when I tried to login, I got the error stating, “The passwords are not equal.” Meaning that the password I entered was not the same encrypted password in the database. Do you know how to fix this so that I can use the md5() function? Thanks.
April 6th, 2008 at 10:39 am
money, and afterwards exchanges that money for bread and for beer. The happen to be carried on by two or three distinct merchants, of whom the
April 7th, 2008 at 3:58 am
in the smallest degree increased by it. Clothes and household furniture, in having no market at home, and being deprived of that which they had abroad,
April 9th, 2008 at 10:47 am
riches, and so far as power depends upon riches, the power of every country other commodity and these owners can never be collected into
April 9th, 2008 at 10:09 pm
I have used some parts of your PHP-code. Thanks for it!
April 10th, 2008 at 8:56 pm
The login works fine, but I am also able to browse directly to the site content page and am not redirected to login.php. Why is this?
I tried to copy the contents of ‘access.php’ and paste it above the html of my content page but to no avail.
What am I missing?
April 21st, 2008 at 5:55 pm
Hi there,
Howto: Create a login form in PHP
I see on the form for the above that in login2.php you ask the user ” For example now the password is checked if they’re equal. if($row->password != $password) ”
The loginform only asks for username and password therefore why would you want to check if passwords are equal, that only applies to initial register.php form where you have to confirm password. Also the download zip file is different for login2.php as it contains a header “Location: login.php” which is not in your script above.
I am trying to learn PHP and all you are doing is confusing me. Please advise
regards
seamus
June 5th, 2008 at 8:17 pm
Hi,
thanks a lot, very usefull script.
For security reasons I would avoid informing user what was wrong with their login atempt - wrong username or wrong password - I would give single response “login failed” in either case.
Also it would be nice using
June 8th, 2008 at 1:58 pm
Great tutorial thanks, but you forgot the “?>” code in the last block =)
June 16th, 2008 at 7:23 pm
Excellent script…works great. Now to further it along. Noting that I am new to all of this!
How can I add a registration confirmation…i.e. e-mail with a link to activate without directly activating by submission. This is an obvious security question.
Then once they are registered, how do I secure pages BEHIND that login to prevent access to the pages. I am reading through more of this so if I happen to find the information I appologise in advance, but maybe someone can help point me in the right direction.
I have a site that is going to have a ‘members’ section that requires this, obviously, and I want to build it myself vs. having someone else do it. I want/need to learn this stuff..:)
thanks!! keep up the great work!
June 27th, 2008 at 9:38 pm
I can’t get login.php to submit. The form clears and login2.php never executes. Do I need the absolute URL in the action=? That didn’t work either. Please respond.
Thanks for the script.
July 29th, 2008 at 11:11 am
The site adriaanvm.com is amazing site, good job, admin.
Good buy.
July 29th, 2008 at 9:12 pm
The site adriaanvm.com is good resource, good job, admin.
Good luck.
July 30th, 2008 at 6:46 am
Your site- adriaanvm.com is amazing site, tnks, admin.
August 12th, 2008 at 4:45 am
That’s awesome, it’s the first login script that i found in the internet and work perfectly. Thanx very much…you’re the best…
I doens’t looking for yet, but the logout script it’s missing, i think…
August 16th, 2008 at 10:55 pm
Thanks for this script.
But I have a problem. I can not log out it. Please give a log out script for this script.
August 20th, 2008 at 9:47 pm
To log out:
session_destroy();
August 23rd, 2008 at 9:21 am
Coll blog, thanks.
August 25th, 2008 at 8:47 am
Cool blog
Thanks, webmaster.
August 26th, 2008 at 2:02 am
Nice site
Thanks, webmaster.
August 26th, 2008 at 9:21 am
Amazine site
Thanks, webmaster.
August 26th, 2008 at 12:29 pm
Nice site
Thanks, webmaster.
August 26th, 2008 at 3:03 pm
Cool blog
Thanks, webmaster.
August 26th, 2008 at 7:14 pm
Cool blog
Thanks, webmaster.
August 27th, 2008 at 12:43 am
Beautifull design
Thanks, webmaster.
August 27th, 2008 at 12:19 pm
Viagra
August 27th, 2008 at 5:26 pm
Amazing site.
Thanks, webmaster.