PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling

able: users
Column Name    Type    Null    Primary Key    Extra
user_id    int(8)    No    PK    AUTO
username    varchar(11)    No         
password    varchar(32)    No         


Once we have the table created, now we need to populate it with some user information.

INSERT INTO users (username, password) VALUES (‘someUser’, md5(‘somePass’));

The username and password values can be whatever you want tlhem to be. The md5() function is built into PHP, and will convert your password into a 32 character string. This is one good method for encrypting password information. Whenever you use this, though, you should be careful. The conversion is one-way, and you cannot decrypt your password to read it.

Are you asking yourself “Then how am I going to be able to make sure the user is entering the right password?” Don’t worry, all will be revealed.

Now let’s create the login.htm form:

<html>
<head>
<title>Login</title>
</head>
<body>
<form method="POST" action="login.php">
Username: <input type="text" name="username" size="20">
Password: <input type="password" name="password" size="20">
<input type="submit" value="Submit" name="login>
</form>
</body>
</html>

Let’s look at the code for login.php:

<?PHP
//check that the user is calling the page from the login form and not accessing it directly
//and redirect back to the login form if necessary
if (!isset($username) || !isset($password)) {
header( "Location: http://www.yourdomain/login.htm" );
}
//check that the form fields are not empty, and redirect back to the login page if they are
elseif (empty($username) || empty($password)) {
header( "Location: http://www.yourdomain.com/login.htm" );
}
else{

//convert the field values to simple variables

//add slashes to the username and md5() the password
$user = addslashes($_POST['username']);
$pass = md5($_POST['password']);


//set the database connection variables

$dbHost = "localhost";
$dbUser = "yourUsername";
$dbPass = "YourPassword";
$dbDatabase = "yourDB";

//connet to the database

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");

mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); phpsu is a phpschool

$result=mysql_query("select * from users where username='$user' AND password='$pass'", $db);

//check that at least one row was returned

$rowCheck = mysql_num_rows($result);
if($rowCheck > 0){
while($row = mysql_fetch_array($result)){

  //start the session and register a variable

  session_start();
  session_register('username');

  //successful login code will go here...
  echo 'Success!';

  //we will redirect the user to another page where we will make sure they're logged in
  header( "Location: checkLogin.php" );

  }

  }
  else {

  //if nothing is returned by the query, unsuccessful login code goes here...

  echo 'Incorrect login name or password. Please try again.';
  }
  }
  ?>

And that’s it. Good luck.
TITLE:PHP for Beginners by a Beginner: Simple Login, Logout, and Session Handling