How to Create Login Page in PHP/MySQL

To make some follow up with my registration page tutorial, I decided to create another tutorial on how to create a login page using PHP/MySQL. The Features of my login page contain input validation using PHP session. One unique feature also with my login page is the logout function, it is unique because unlike with other login page once the user click the logout button and click the back button of the browser, their system allows the user to go back as if it still logged in, which is not appropriate for security reason. But here in my login page once the user click the logout button, the user can no longer go back to their previous page. The only way to go back to the previous page is to login again.

To start this tutorial let’s follow some steps below.

Creating Our Database

First we are going to create our database which stores our data.
To create a database:
1. Open phpmyadmin
2. Click create table and name it.
3. Then name the database as "simple_login".
4. After creating a database name, click the SQL and paste the following code.

CREATE TABLE IF NOT EXISTS `member` (


  `mem_id` int(11) NOT NULL AUTO_INCREMENT,


  `username` varchar(30) NOT NULL,


  `password` varchar(30) NOT NULL,


  `fname` varchar(30) NOT NULL,


  `lname` varchar(30) NOT NULL,


  `address` varchar(100) NOT NULL,


  `contact` varchar(30) NOT NULL,


  `picture` varchar(100) NOT NULL,


  `gender` varchar(10) NOT NULL,


  PRIMARY KEY (`mem_id`)


) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;

Creating Our Form

Next step is to create a form and save it as index.php. To create a form, open your HTML code editor and paste the code below in the upper part of the document or above the html tag. The code below is use to disallow the user to go back as if it still logged in.

<?php


	//Start session


	session_start();	


	//Unset the variables stored in session


	unset($_SESSION['SESS_MEMBER_ID']);


	unset($_SESSION['SESS_FIRST_NAME']);


	unset($_SESSION['SESS_LAST_NAME']);


?>

Paste the code bellow after the body tag of the HTML document

<form name="loginform" action="login_exec.php" method="post">


<table width="309" border="0" align="center" cellpadding="2" cellspacing="5">


  <tr>


    <td colspan="2">


		<!--the code bellow is used to display the message of the input validation-->


		 <?php


			if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {


			echo '<ul class="err">';


			foreach($_SESSION['ERRMSG_ARR'] as $msg) {


				echo '<li>',$msg,'</li>'; 


				}


			echo '</ul>';


			unset($_SESSION['ERRMSG_ARR']);


			}


		?>


	</td>


  </tr>


  <tr>


    <td width="116"><div align="right">Username</div></td>


    <td width="177"><input name="username" type="text" /></td>


  </tr>


  <tr>


    <td><div align="right">Password</div></td>


    <td><input name="password" type="text" /></td>


  </tr>


  <tr>


    <td><div align="right"></div></td>


    <td><input name="" type="submit" value="login" /></td>


  </tr>


</table>


</form>

Creating our Connection

Next step is to create a database connection and save it as "connection.php". This file is used to connect our form to database.

<?php


$mysql_hostname = "localhost";


$mysql_user = "root";


$mysql_password = "";


$mysql_database = "simple_login";


$prefix = "";


$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");


mysql_select_db($mysql_database, $bd) or die("Could not select database");


?>

Writing Our Login Script

Next step is to create our login script that validates our input data and save it as login_exec.php.

<?php


	//Start session


	session_start();


 


	//Include database connection details


	require_once('connection.php');


 


	//Array to store validation errors


	$errmsg_arr = array();


 


	//Validation error flag


	$errflag = false;


 


	//Function to sanitize values received from the form. Prevents SQL injection


	function clean($str) {


		$str = @trim($str);


		if(get_magic_quotes_gpc()) {


			$str = stripslashes($str);


		}


		return mysql_real_escape_string($str);


	}


 


	//Sanitize the POST values


	$username = clean($_POST['username']);


	$password = clean($_POST['password']);


 


	//Input Validations


	if($username == '') {


		$errmsg_arr[] = 'Username missing';


		$errflag = true;


	}


	if($password == '') {


		$errmsg_arr[] = 'Password missing';


		$errflag = true;


	}


 


	//If there are input validations, redirect back to the login form


	if($errflag) {


		$_SESSION['ERRMSG_ARR'] = $errmsg_arr;


		session_write_close();


		header("location: index.php");


		exit();


	}


 


	//Create query


	$qry="SELECT * FROM member WHERE username='$username' AND password='$password'";


	$result=mysql_query($qry);


 


	//Check whether the query was successful or not


	if($result) {


		if(mysql_num_rows($result) > 0) {


			//Login Successful


			session_regenerate_id();


			$member = mysql_fetch_assoc($result);


			$_SESSION['SESS_MEMBER_ID'] = $member['mem_id'];


			$_SESSION['SESS_FIRST_NAME'] = $member['username'];


			$_SESSION['SESS_LAST_NAME'] = $member['password'];


			session_write_close();


			header("location: home.php");


			exit();


		}else {


			//Login failed


			$errmsg_arr[] = 'user name and password not found';


			$errflag = true;


			if($errflag) {


				$_SESSION['ERRMSG_ARR'] = $errmsg_arr;


				session_write_close();


				header("location: index.php");


				exit();


			}


		}


	}else {


		die("Query failed");


	}


?>

Creating Our Authentication File

Next step is to create our authentication file and save it as auth.php. this code is use to disallow the user to go back as if it still logged in.

<?php


	//Start session


	session_start();


	//Check whether the session variable SESS_MEMBER_ID is present or not


	if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {


		header("location: index.php");


		exit();


	}


?>

Creating Our Home page

Next step is to create a homepage and save it as home.php.

<?php


	require_once('auth.php');


?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">


<head>


<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />


<title>Untitled Document</title>


<style type="text/css">


<!--


.style1 {


	font-size: 36px;


	font-weight: bold;


}


-->


</style>


</head>


 


<body>


<p align="center" class="style1">Login successfully </p>


<p align="center">This page is the home, you can put some stuff here......</p>


<p align="center"><a href="index.php">logout</a></p>


</body>


</html>

That’s all you have already created your login page with unique features. Hope this code will help you, see you guys in my next tutorial.