Developing a Login System with PHP and MySQL

[daboss]

I reserve copyright to this article. Please include the following paragraph should you decide to use this article for your website. You are required to include a direct text link to http://www.designerbanners.com.

Used with the author's permission.
This article is written by daBoss. daBoss is the Webmaster of Designer Banners (http://www.designerbanners.com). daBoss can be contacted at sales (at) designerbanners (dot) com.


Developing a Login System with PHP and MySQL

Most interactive websites nowadays would require a user to log in into the website’s system in order to provide a customized experience for the user. Once the user has logged in, the website will be able to provide a presentation that is tailored to the user’s preferences.

A basic login system typically contains 3 components:
1. The component that allows a user to register his preferred login id and password
2. The component that allows the system to verify and authenticate the user when he subsequently logs in
3. The component that sends the user’s password to his registered email address if the user forgets his password

Such a system can be easily created using PHP and MySQL.

================================================

Component 1 – Registration

Component 1 is typically implemented using a simple HTML form that contains 3 fields and 2 buttons:
1. A preferred login id field
2. A preferred password field
3. A valid email address field
4. A Submit button
5. A Reset button

Assume that such a form is coded into a file named register.html. The following HTML code excerpt is a typical example. When the user has filled in all the fields, the register.php page is called when the user clicks on the Submit button.

[form name="register" method="post" action="register.php"]
[input name="login id" type="text" value="loginid" size="20"/][br]
[input name="password" type="text" value="password" size="20"/][br]
[input name="email" type="text" value="email" size="50"/][br]
[input type="submit" name="submit" value="submit"/]
[input type="reset" name="reset" value="reset"/]
[/form]

The following code excerpt can be used as part of register.php to process the registration. It connects to the MySQL database and inserts a line of data into the table used to store the registration information.

@mysql_connect("localhost", "mysql_login", "mysql_pwd") or die("Cannot connect to DB!");
@mysql_select_db("tbl_login") or die("Cannot select DB!");
$sql="INSERT INTO login_tbl (loginid, password and email) VALUES (".$loginid.â€Â�,â€Â�.$password.â€Â�,â₠¬Â�.$email.â€Â�)â€Â�;
$r = mysql_query($sql);
if(!$r) {
$err=mysql_error();
print $err;
exit();
}

The code excerpt assumes that the MySQL table that is used to store the registration data is named tbl_login and contains 3 fields – the loginid, password and email fields. The values of the $loginid, $password and $email variables are passed in from the form in register.html using the post method.

================================================

Component 2 – Verification and Authentication

A registered user will want to log into the system to access the functionality provided by the website. The user will have to provide his login id and password for the system to verify and authenticate.

This is typically done through a simple HTML form. This HTML form typically contains 2 fields and 2 buttons:
1. A login id field
2. A password field
3. A Submit button
4. A Reset button

Assume that such a form is coded into a file named authenticate.html. The following HTML code excerpt is a typical example. When the user has filled in all the fields, the authenticate.php page is called when the user clicks on the Submit button.

[form name="authenticate" method="post" action="authenticate.php"]
[input name="login id" type="text" value="loginid" size="20"/][br]
[input name="password" type="text" value="password" size="20"/][br]
[input type="submit" name="submit" value="submit"/]
[input type="reset" name="reset" value="reset"/]
[/form]

The following code excerpt can be used as part of authenticate.php to process the login request. It connects to the MySQL database and queries the table used to store the registration information.

@mysql_connect("localhost", "mysql_login", "mysql_pwd") or die("Cannot connect to DB!");
@mysql_select_db("tbl_login") or die("Cannot select DB!");
$sql="SELECT loginid FROM login_tbl WHERE loginid=’".$loginid.�’ and password=’�.$password.�’ �;
$r = mysql_query($sql);
if(!$r) {
$err=mysql_error();
print $err;
exit();
}
if(mysql_affected_rows()==0){
print "no such login in the system. please try again.";
exit();
}
else{
print "successfully logged into system.";
//proceed to perform website’s functionality – e.g. present information to the user
}

As in component 1, the code excerpt assumes that the MySQL table that is used to store the registration data is named tbl_login and contains 3 fields – the loginid, password and email fields. The values of the $loginid and $password variables are passed in from the form in authenticate.html using the post method.

================================================

Component 3 – Forgot Password

A registered user may forget his password to log into the website’s system. In this case, the user will need to supply his loginid for the system to retrieve his password and send the password to the user’s registered email address.

This is typically done through a simple HTML form. This HTML form typically contains 1 field and 2 buttons:
1. A login id field
2. A Submit button
3. A Reset button

Assume that such a form is coded into a file named forgot.html. The following HTML code excerpt is a typical example. When the user has filled in all the fields, the forgot.php page is called when the user clicks on the Submit button.

[form name="forgot" method="post" action="forgot.php"]
[input name="login id" type="text" value="loginid" size="20"/][br]
[input type="submit" name="submit" value="submit"/]
[input type="reset" name="reset" value="reset"/]
[/form]

The following code excerpt can be used as part of forgot.php to process the login request. It connects to the MySQL database and queries the table used to store the registration information.

@mysql_connect("localhost", "mysql_login", "mysql_pwd") or die("Cannot connect to DB!");
@mysql_select_db("tbl_login") or die("Cannot select DB!");
$sql="SELECT password, email FROM login_tbl WHERE loginid=’".$loginid.�’�;
$r = mysql_query($sql);
if(!$r) {
$err=mysql_error();
print $err;
exit();
}
if(mysql_affected_rows()==0){
print "no such login in the system. please try again.";
exit();
}
else {
$row=mysql_fetch_array($r);
$password=$row["password"];
$email=$row["email"];

$subject="your password";
$header="from:you@yourdomain.com";
$content="your password is ".$password;
mail($email, $subject, $row, $header);

print "An email containing the password has been sent to you";
}

As in component 1, the code excerpt assumes that the MySQL table that is used to store the registration data is named tbl_login and contains 3 fields – the loginid, password and email fields. The value of the $loginid variable is passed from the form in forgot.html using the post method.

================================================

Conclusion

The above example is to illustrate how a very basic login system can be implemented. The example can be enhanced to include password encryption and additional functionality – e.g. to allow users to edit their login information.

[Python]

nice

[CannonBallGuy]

Woah. I only skim read parts of that but its one heck of a tutorial.
Noce going!

[daboss]

thanks! more to come... when i find the time, that is

[martian2k4]

whoaa kew makes my tutorials look crap

[Forge]

thats a nice tutorial, but it lacks of small things, what if the username field is empty, password? Email? And what if the user is already taken? That can cause some serious problems, your intentions are good but somethings in my opionion should be fixed.

[martian2k4]

In that tutorial who ever is doing it is developing a basic login and register system and thats good if you re learning. You don't wanna be learning and have a huge list of if else statements they would just confewz u or checking the database to see if the username is taken

[Python]

what you havent included (or what i dont think you included) is a bit of code which could be placed onto a page to make it accesible to logged in users only...in the end thats the whole point of a login script...

[Tillbster]

I am trying to do a log in page but have connected to an MS Access database. The problem i'm having is on the line:

if(mysql_affected_rows()==0){
print "no such login in the system. please try again.";
exit();

on mine i've got:

$rs=odbc_exec($conn,$sql);
if (!$rs)
{
$_SESSION["message"] = "Could not connect to Airedale Sports Centre as $appUsername";
header("Location: login.php");
}
else
{
$_SESSION["authenticatedUser"] = $appUsername;
// Relocate to the logged-in page
header("Location: loggedon.php");
}

All it does is let anyone log in nomatter what user name or password. If i change it to:

if (!$rs->$appPassword=false)

No one can log in. I think its only this line thats wring with it. I tried putting in if(mysql_affected_rows()==0 but that came up with an error.

Any help would be greatly appreciated,

Cheers.

[WatchOut]

wow great article! thanks a lot

[Kilk]

This is a pretty good article, Thanks daboss!

[DeluxeNames]

This thread is the most viewed one in the whole forum by far

[Kilk]

Quote:

Originally Posted by DeluxeNames

This thread is the most viewed one in the whole forum by far

Well it was posted almost 1 year ago...

[soepxozk]

You should really go see LowCostLinks.com, they sell the very highest quality backlinks on the internet.

[soepxozk]

You should definitely go see LowCostLinks.com, they sell the best quality backlinks online!