[PHP] MySQL Login System

[BrettFreeman]

In this tutorial, I will teach you how to create a login system that takes the username and password from a database. Here is the code, I will break it down at the end.
First, we will begin by making our table and fields, and insert data into them. Execute this SQL command in a interface such as phpMyAdmin:

CREATE TABLE `users` (
`username` VARCHAR(255) NOT NULL,
`password` VARCHAR(255) NOT NULL
);

INSERT INTO `users` ( `username` , `password` )
VALUES (
'USERNAME', 'PASSWORD'
);

Login.php:

<html>
<head>
</head>
<body>
<form action="./login.php" method="POST">
<input type="text" name="username"><br>
<input type="password" name="password"><br>
<input type="submit" value="Login!">
</form>

<?

$connection = @mysql_connect("localhost", "username", "password")
or die(mysql_error());
$dbs = @mysql_select_db(database, $connection) or
die(mysql_error());



$sql = "SELECT * FROM `users` WHERE username = '$_POST[username]' AND password = '$_POST[password]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());



$num = @mysql_num_rows($result);

if ($num != 0) {
$cookie_name = "auth";
$cookie_value = "ok";
$cookie_expire = "0";
$cookie_domain = "yoursite.com";


setcookie($cookie_name, $cookie_value, $cookie_expire, "/" , $cookie_domain, 0);

header("Location: http://YourSite.com/secretpage.php");
exit;
}

?>
</body>
</html>

Basically, the SQL part of it takes the username and password that is in the database and matches it to the username and password you submitted. If it does not match, it will show the login form again. If the username and password DO match, it will set a cookie on your system named auth with the value 'ok'. In secretpage.php, it will verify that that cookie value is okay by using this bit of code:
secretpage.php:

if ($_COOKIE[auth] == "ok") {
   echo "Welcome Admin!";
} else {
    header("Location: http://YourSite.com/login.php");
    exit;
}

Basically, that code is saying 'If cookie auth = ok, let them in. If it does not, redirect them'. I hope that this has helped someone. If you have any questions, you can reply here!

 

[Chris]

Re:

MySQL Login System[/b]

I'm too lazy to find out... I don't think so, but is this similar to what forums, CMS's, etc., use?

 

[CheetahShrk]

Re:

MySQL Login System[/b]

[QUOTE]$sql = "SELECT * FROM `users` WHERE username = '$_POST[username]' AND password = '$_POST[password]'"; 
$result = @mysql_query($sql,$connection) or die(mysql_error()); [/QUOTE] 
Wouldnt that mean if the password doesnt match it will error out which isnt very good then.




[QUOTE=Chris]I'm too lazy to find out... I don't think so, but is this similar to what forums, CMS's, etc., use?[/QUOTE]

It is only similar to a few of em, ones like IPB use more advance systems including password hash comparing and other secruity.

 

[BrettFreeman]

Re:

MySQL Login System[/b]

On the error output, if they do not match, it will show the login form again. I'll put a demo up.

 

[Origin]

Re:

MySQL Login System[/b]

And they have a session system

 

[situ]

Re:

MySQL Login System[/b]

Hi Brett,

Thanks a lot for nice tutorial.

 

[Conquester777]

Re:

MySQL Login System[/b]

im pretty sure all forums do use that.  except yes, they can use a combination of cookies and sessions and even ip addresses.

and yes, they use md5 encrypting.  it's a php command.

 

[Bryon]

You shouldn't just have something like:

if ($_COOKIE['auth'] == "ok") { 
grant access
}

That would be too easy for someone to do something like:

javascript:void(document.cookie="auth=ok");

and "log" them in without signing up, you should change it to use sessions which would be "safer" for a beginner to use.

 

[dsfreak]

uh..... for some reason I get this error (
Warning: Cannot modify header information - headers already sent by (output started at /home/dsfreak/public_html/staff/login.php:11) in /home/dsfreak/public_html/staff/login.php on line 34

Warning: Cannot modify header information - headers already sent by (output started at /home/dsfreak/public_html/staff/login.php:11) in /home/dsfreak/public_html/staff/login.php on line 36)


Help out plz!!!

 

[CheetahShrk]

1.) Don't toy with php when you don't know it
2.) the error means that the cookie is being set by the login after all the cookies were already set, the problem is usually because your including the login.php file in a page.

 

[Bryon]

uh..... for some reason I get this error (
Warning: Cannot modify header information - headers already sent by (output started at /home/dsfreak/public_html/staff/login.php:11) in /home/dsfreak/public_html/staff/login.php on line 34

Warning: Cannot modify header information - headers already sent by (output started at /home/dsfreak/public_html/staff/login.php:11) in /home/dsfreak/public_html/staff/login.php on line 36)


Help out plz!!!

You have white space somewheres before all of your headers were sent, or you outputed something. It could be anything. Get rid of all output before you try to send headers.

 

[dsfreak]

Ok, I have the EXACT same script as shown on the original post here, just modified to work with my mysql and stuff, but it still doesn't work!!!

 

[Bryon]

Ok, I have the EXACT same script as shown on the original post here, just modified to work with my mysql and stuff, but it still doesn't work!!!

What error do you get? Post it all and I could try to help... If not someone else will.:shaun:

Edit: You PM'ed me, I sent a reply with a script, but I am going to post it here for everyone else to use.

Login Script:

<?php

	###################
	## Connect To DB ##
	###################

$connection = mysql_connect("localhost", "root", "*******") or die(mysql_error());
$dbs = mysql_select_db(test) or die(mysql_error());

	###########################
	## If Form Was Submitted ##
	###########################

if ($_POST['action'] == "login")
	{

$username = $_POST['username'];
$password = $_POST['password'];
$results = mysql_query("SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'");
$row = mysql_fetch_array($results);


	#######################################################################
	## If Row Existed With Username and Pass equal to what was submitted ##
	#######################################################################
	if ($row['username'])
		{
	$cookie_name = "auth";
	$cookie_value = "ok";
	$cookie_expire = "0";
	$cookie_domain = "yoursite.com";
	
	setcookie($cookie_name, $cookie_value, $cookie_expire, "/" , $cookie_domain, 0);
	header("Location: /secretpage.php");
		} else {

	##############################
	## Else, Show Error Message ##
	##############################
	echo "Error Logging You in. Please Click <a href=\"login.php\">Here</a> To Try Again";

		}
	################################################
	## Else, Show Form Because It Wasnt Submitted ##
	################################################

	} else {

?>

<form action="login.php" method="POST">
<input type="text" name="username" maxlength="16"><br>
<input type="password" name="password" maxlength="16"><br>
<input type="submit" value="Login!">
<input type="hidden" name="action" value="login">
</form>
<?php
	}
?>

 

[trev]

Great tutorial its exelent thanks. How can i make so the cookie auth only lasts for 10mins before it its invalid? Thanks again for the tutorial!

 

[Bryon]

....
	$cookie_expire = "0";
	$cookie_domain = "yoursite.com";
	
	setcookie($cookie_name, $cookie_value, $cookie_expire, "/" , $cookie_domain, 0);
...

How many seconds are in 10 minutes? Try to figure that out, when you do, replace the "0" in $cookie_expire with that value. It should work.

 

[trev]

Ok thanks i thought so but just wanted to check! Thanks