Creating Simple Member Login Area Using PHP

tayyabtariq — Tue, 31 Mar 2009 15:54:59 +0000

This tutorial is aimed at creating a simple login/members area using PHP MySQL.

I will waste no time and get straight down to business. The tutorial is based on 6 easy steps.

Step 1:

Creating a table in the database.

I have created a very simple table that has only two columns; username and password.

Here is the SQL:

CREATE TABLE `userstable` (
`userName` varchar(20) NOT NULL default ”,
`password` varchar(20) NOT NULL default ”,
PRIMARY KEY (`userName`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

Step 2:

Create a connection to the database. Although the file below is meant only for a database connection I have taken the liberty of using it to save some general purpose settings as well.

//dbConfig.php

/*

The config file for the database connection and variables

change the database name and username and password

/

//variables for the databse connection
$serverName = “localhost”;
$userName = “manager”;
$password = “”;
$dbName = “testdatabase”;

$conn = mysql_pconnect($serverName, $userName, $password);
if (!$conn)
{
//print error message, the echo command support html encodeing.
echo(’The connection to the database could not be established!’);
die(’The connection to the database could not be established!’);
}
else
{
// select the database which you wish to opereate
mysql_select_db($dbName);

}

// other variable
$loginSuccess = “phpMembersArea.php”;
$RegisterSuccess = “phpRegister.php?op=thanks”;
$loginRequired = “phpLogin.php?op=loginFirst”;
$timeout = 3600;
$authenticatioMethod = “cookie”;

function CheckLogin() {

// fucntion that checks if some is logged in or not
global $authenticatioMethod;
if (strcmp($authenticatioMethod ,”cookie”) == 0)//we have choosen to use cookies
{

if (!isset($_COOKIE["login"]))
{
return null;
}
else
{
return $_COOKIE["login"];

}
}
else// we are using session based authentication
{
if (!$_Session["userID"] || $_Session["valid_expire_time"] < time())
{
$_Session["userID"] = null;
$_Session["valid_expire_time"] = time()-1;
session_destroy();
return null;
}
else
{
return $_Session["userID"];
}
}
return null;
}
function RedirectTo($url)
{
//I have to use this function because the php function header can only be called
// if no output has been sent
// this solution uses java scripts so beware
echo(’’);
}
?>

Step 3:

Create a Registeration Page.

I provide a simple registeration page, where you can enter two fields, username and password.

//phpRegister.php

Username:

Password:

// first we include the dbconfig file
// note that we do not need to open the connection
// when the file is included and this page is loaded, the code is automatically executed
echo(’hello’);
include (”dbConfig.php”);

/*

Here is the plan of action, this is the page that contains the registeration form

also this is the page that will connect to the database and execute the insert query

so we need to know if the page is being run from a

/

// we suppose that a variable named op would be passed with a value
// register if there is a registeration request.
if ($_GET["op"] == “register”)
{

if (!($userID = $_POST["userID"]) )
{
echo(’UserName field is missing!’);
}
else if (!($password = $_POST["password"]))
{
echo(’Password field is missing!’);
}

$query = “INSERT INTO `USERSTABLE` VALUES( ‘”.$_POST["userID"].”‘, Password(’”.$_POST["password"].”‘))”;
//note that my sql requires the password filed to be casted
// also note that . is the string concatenation operator
// also not the “ around the table name

$result = mysql_query($query, $conn);
//you can also redirect to a different page

if (!$result )
{
// make sure that the user was inserted
echo(’
The user could not be inserted
’);
echo(’The error cant be displayed
’);
}
else
{

REdirectTo($RegisterSuccess);
}

}
else if ($_GET["op"] == “thanks”)
{
echo(’
The user was added successfully!
’);
}
//The web form for input ability

?>

After this step you have successfully created a user account. All you need to do now is to create a login page.

Step 4:

The plan of action for our login page is that we pass it an query string argument, ‘op’ that dictates what the page does. If the value of this variable is ‘login’ the page gets the POST information and tries to login.

//phpLogin.php

include (’dbConfig.php’);
if ($_GET["op"] == “login”)//check if this is a login request
{
$query = “Select * from `userstable` where `userName`=’”.$_POST["userID"].”‘ AND `password`=Password(’”.$_POST["password"].”‘) “;

$result = mysql_query($query, $conn);
$obj = @mysql_fetch_object($result);
if ($obj)
{
// means sucessful login
$loginSucessful = 1;
//create session variables
// i will create both a login cookie
// and session variables
// and show how to use both for authentication

$_SESSION["valid_userID"] = $_POST["userID"];
$_SESSION["valide_time"] = time();
$_SESSION["valid_expire_time"] = time()+$timeout;

//set the cookies
//i create a cookie where i set the cookie information to the user name
// the userID can be encrypted also for better security.
setcookie(”login”, $_POST["userID"], time()+$timeout);

// create a cookie
}
else
{
$loginSucessful = 0;
}

if ($loginSucessful == 1)
{
//login has succeeded proceed to members area
if ($_GET["referrer"] )
{
// if we were sent to the login page due to some request of a members area page
// go to that page
RedirectTo($_POST["referrer"]);
}
else
{
RedirectTo($loginSuccess);
}
}
else
{
echo(’
Login Information is not correct
’.$_POST["userID"].’ does not exist or password is incorrect
’);
}
}
else if($_GET["op"] == “loginFirst”)
{
echo(’
You must login first.
’);
}
?>

”); ?>

UserID:

Password:

Caution: There must be nothing before the ‘

PS: When a members area page is accessed without being logged in, the page redirects to the login page giving it a ‘referrer’ argument. I however could not make it work, if anyone can help please look at:

”); ?>

I was trying to replace this with

”); ?>

However, whenever there was a valid referrer the username and password is not verified, the page works fine otherwise.

Step 5:

The members area page.

//phpMembersArea.php

session_start();
include (’dbConfig.php’);
$loggedInUser = CheckLogin();
if (!$loggedInUser)// no one is logged in
{
echo(’You are not logged in’);
RedirectTo(”phpLogin.php?referrer=phpMembersArea.php”);
}
else
{
echo(’
Welcome ‘.$loggedInUser.’!

’);
}
?>

This is the members area

Logout

?>

The page calls the CheckLogin() function defined in the dbConfig.php. This function checks the cookie or the session variable for login information. If this information is found the login proceeds otherwise the user is redirected to the login page.

Step 6:

The logout page simply deletes the cookie and the session.

//phpLogout.php

setcookie(”login”, “”, time()-100);
include (’DbConfig.php’);

RedirectTo(”index.php”);
?>
To change this template, choose Tools | Templates
and open the template in the editor.
–>

And there you go, you are done.

Share on Facebook

Tayyab Bin Tariq » PHP Login

Creating Simple Member Login Area Using PHP

The user could not be inserted
’);
echo(’The error cant be displayed

The user was added successfully!

Login Information is not correct
’.$_POST["userID"].’ does not exist or password is incorrect

You must login first.

Welcome ‘.$loggedInUser.’!

This is the members area

Tayyab Bin Tariq » PHP Login

Creating Simple Member Login Area Using PHP

The user could not be inserted’); echo(’The error cant be displayed

The user was added successfully!

Login Information is not correct’.$_POST["userID"].’ does not exist or password is incorrect

You must login first.

Welcome ‘.$loggedInUser.’!

This is the members area

The user could not be inserted
’);
echo(’The error cant be displayed

Login Information is not correct
’.$_POST["userID"].’ does not exist or password is incorrect