Hi mactrac11, I'm currently creating my own login scripts on behalf of someone else's site (although slowly, as I'm basing it in classes as much as possible!). A while ago, I taught myself on how to achieve this by coming across "
PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling" on Dev Articles. It's quite an old post, but it does explain about the three most important requirements to a successful login (and logout) system... the login page with the form, the method of storing login details, and session implementation. Without these, you wouldn't get far!! It also explains about how to check if the user has entered the correct details, and detecting when the user wants to log out.
A few things I would suggest though:
- It makes use of the "session_register" function; this has now been deprecated, so using it is not advised. Instead, use $_SESSION and assign a value to it.
- It also makes use of the "session_is_registered" function; again, this has now been deprecated. So instead of using:
if(session_is_registered('username')), use:
if(isset($_SESSION['username'])).
- It makes use of the built-in mysql functions. These aren't deprecated, and are still used massively. However in terms of robustness and security, there are other database object handlers out there that does a much better job at preventing SQL Injections from occuring. A good alternative is the PDO handler. The page "Writing MySQL Scripts with PHP and PDO" shows a good tutorial on this, and it's what I've referred to to get me off the ground with PDO.
So whilst looking through that page (or any other you come across), please be aware of the points I have mentioned