PHPjabbers - tools for webmasters Stay in touch
HOME
ORDER
PHP TUTORIALS
PHP FORUM
ABOUT US
CONTACT US
Our products

Create user login in PHP

Create members pages on your website within minutes with Member Login script.

PHP is a good alternative when you decide to add a password protected web pages on your web site. You can also use htaccess password protection but with PHP you can create a lot more complex and configurable protection. In this example I will use SESSION variables for login verification.

Lets start with building a configuration file for setting up all the username/password combinations. Create a new passwords.php file and add the following code in it. 

<?php 
$USERS["username1"] = "password1"; 
$USERS["username2"] = "password2"; 
$USERS["username3"] = "password3"; 
 
function check_logged(){ 
     global $_SESSION, $USERS; 
     if (!array_key_exists($_SESSION["logged"],$USERS)) { 
          header("Location: login.php"); 
     }; 
}; 
?>

Above code creates an $USER array with 3 username/password combinations. We also did a function which will be used later to check if an user is logged in or not. What we need now is a login page (called login.php) where users will enter their username and password and will login. 

<?php 
session_start(); 
include("passwords.php"); 
if ($_POST["ac"]=="log") { /// do after login form is submitted  
     if ($USERS[$_POST["username"]]==$_POST["password"]) { /// check if submitted 
	 username and password exist in $USERS array  
          $_SESSION["logged"]=$_POST["username"]; 
     } else { 
          echo 'Incorrect username/password. Please, try again.'; 
     }; 
}; 
if (array_key_exists($_SESSION["logged"],$USERS)) { //// check if user is logged or not  
     echo "You are logged in."; //// if user is logged show a message  
} else { //// if not logged show login form 
     echo '<form action="login.php" method="post"><input type="hidden" name="ac" value="log"> '; 
     echo 'Username: <input type="text" name="username" /><br />'; 
     echo 'Password: <input type="password" name="password" /><br />'; 
     echo '<input type="submit" value="Login" />'; 
     echo '</form>'; 
}; 
?>

In order to use the user login feature for your PHP files you need to put that code at the very top of each of your PHP files that need to be protected. 

<?php 
session_start(); /// initialize session 
include("passwords.php"); 
check_logged(); /// function checks if visitor is logged. 
If user is not logged the user is redirected to login.php page  
?> 
 
your page code goes here

Create members pages on your website within minutes with Member Login script.

COMMENTS
Rob

THIS WORKED LIKE A CHARM!!! THANK YOU, THANK YOU, THANK YOU!! One question I have is though, is there a way to make the username and password not case sensitive?
--------------
Veselin: array_key_exists() function used is case sensitive. This is wht you should define all user names and passwords in lowercase. Then change login.php page instead of
if ($USERS[$_POST["username"]]==$_POST["password"]) {
$_SESSION["logged"]=$_POST["username"];
it should be
$tmpUser = strtolower($_POST["username"]);
if ($USERS[$tmpUser]==strtolower($_POST["password"])) {
$_SESSION["logged"]=strtolower($_POST["username"]);
Spencer

thank you, but on the logout code, do i make a link to it? and on the other post,do i put this on the passwords.php and login.php or just the users page (s)?

$PAGE["username1"] = true
$PAGE["username3"] = true;
and then change check_logged() function to

function check_logged(){
global $_SESSION, $USERS;
if (!array_key_exists($_SESSION["logged"],$USERS) OR !array_key_exists($_SESSION["logged"],$PAGE)) {
header("Location: login.php");
};
};

------------
Veselin: you need to create a new page logout.php and put the code in it. Then create logout link which points to this logout.php page

You need to put the $PAGE array on pages which user can access. For each page you can allow the users that can access it by creating $PAGE array element with their username. And finally change the line in function in passwords.php with the one I sent you.
spence

okay i got everything to work but the logout page, explain please how to make it so users can logout
----------------------
Veselin: logout code can be found in my post on 2008-02-09 08:12:39
Spencer

okay i can make everything,but how do i make it so only users can access surtain pages?
---------------
Veselin: at the top of each page above check_logged(); you can define which users can access it using an array
$PAGE["username1"] = true
$PAGE["username3"] = true;
and then change check_logged() function to

function check_logged(){
global $_SESSION, $USERS;
if (!array_key_exists($_SESSION["logged"],$USERS) OR !array_key_exists($_SESSION["logged"],$PAGE)) {
header("Location: login.php");
};
};
Rodrigo

Same question as Art:

Do you know how to destroy the session when a user closes the window or closes the tab?
--------------------
Veselin: if window is closed session is destroyed but if a tab is close it is not
Veselin

to make a logout page you can use this code (put it in a PHP file called logout.php)
<?php
session_start();
$_SESSION["logged"]='';
unset();
$_SESSION["logged"]
echo "You are logged out";
?>
Ginger

I'm very new at this. Your code worked splendidly for me and it was really easy to follow. However, how exactly do I tie the php code to the database, so that when users click the Submit button, the php page actually queries my database for the user information ... and allows authenticated users through?
------------------
Veselin: First you will need to change login.php file and make a SELECT query to your MySQL table to check if there is an user with inputted username and password. If there is such an user you should assign the username (or a random ID associated to that user) to $_SESSION["logged"] variable. You will also have to change check_logged() function and instead of using array_key_exists() you should do SELECT query to the users table again to see if the value in $_SESSION["logged"] variable is in your database.
Tyler

I have something like this:

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /xxxx/xxxxxx/public_html/xxxx/login.php:7) in /home/xxxxx/public_html/xxxxx/login.php on line 8
before and after I loggin..
////the loggin function and everything is fine except that warning.
-----------------------
Veselin: session_start() shoult be at the very top of your PHP file
Art

Hello, Can someone please copy and paste the code so the page will be re-directed to the main "registered user area" ? I tried everything off of "Dan's post on 2007-07-23 20:23:09" but it still doesnt work....everything works perfect, except the re-direct. Thank you for sharing this info.
Art

Great scripts. thanks - once they login, it appears that it doesn't automaticaly logout once the user leaves the website...Is there a way that will ogout the user when they exit the site ?

Thank you
 
POST A COMMENT
Your name:
Your email: (email address will not be posted on the website)
Comment:
Verification code:
type characters on the image in the text box