Why should I rely on
PHPJabbers.com for all my PHP scripting needs? What do you offer me when
buying some script?
Top quality scripts
Full demo before buying
Best pricing
Script customization
7 days a week support
Installation support
Secure buying
Create user login in PHP
posted on 2006-10-03 22:05:11PHP is a good alternative when you decide to add a password protected web pages on your web site. You can also use htaccess password protection but with PHP you can create a lot more complex and configurable protection. In this example I will use SESSION variables for login verification.
Lets start with building a configuration file for setting up all the username/password combinations. Create a new passwords.php file and add the following code in it.
<?
$USERS["username1"] = "password1";
$USERS["username2"] = "password2";
$USERS["username3"] = "password3";
function check_logged(){
global $_SESSION, $USERS;
if (!array_key_exists($_SESSION["logged"],$USERS)) {
header("Location: login.php");
};
};
?>
$USERS["username1"] = "password1";
$USERS["username2"] = "password2";
$USERS["username3"] = "password3";
function check_logged(){
global $_SESSION, $USERS;
if (!array_key_exists($_SESSION["logged"],$USERS)) {
header("Location: login.php");
};
};
?>
Above code creates an $USER array with 3 username/password combinations. We also did a function which will be used later to check if an user is logged in or not. What we need now is a login page (called login.php) where users will enter their username and password and will login.
<?
session_start();
include("passwords.php");
if ($_POST["ac"]=="log") { /// do after login form is submitted
if ($USERS[$_POST["username"]]==$_POST["password"]) { /// check if submitted username and password exist in $USERS array
$_SESSION["logged"]=$_POST["username"];
} else {
echo 'Incorrect username/password. Please, try again.';
};
};
if (array_key_exists($_SESSION["logged"],$USERS)) { //// check if user is logged or not
echo "You are logged in."; //// if user is logged show a message
} else { //// if not logged show login form
echo '<form action="login.php" method="post"><input type="hidden" name="ac" value="log"> ';
echo 'Username: <input type="text" name="username" /><br />';
echo 'Password: <input type="password" name="password" /><br />';
echo '<input type="submit" value="Login" />';
echo '</form>';
};
?>
session_start();
include("passwords.php");
if ($_POST["ac"]=="log") { /// do after login form is submitted
if ($USERS[$_POST["username"]]==$_POST["password"]) { /// check if submitted username and password exist in $USERS array
$_SESSION["logged"]=$_POST["username"];
} else {
echo 'Incorrect username/password. Please, try again.';
};
};
if (array_key_exists($_SESSION["logged"],$USERS)) { //// check if user is logged or not
echo "You are logged in."; //// if user is logged show a message
} else { //// if not logged show login form
echo '<form action="login.php" method="post"><input type="hidden" name="ac" value="log"> ';
echo 'Username: <input type="text" name="username" /><br />';
echo 'Password: <input type="password" name="password" /><br />';
echo '<input type="submit" value="Login" />';
echo '</form>';
};
?>
In order to use the user login feature for your PHP files you need to put that code at the very top of each of your PHP files that need to be protected.
<?
session_start(); /// initialize session
include("passwords.php");
check_logged(); /// function checks if visitor is logged. If user is not logged the user is redirected to login.php page
?>
your page code goes here
session_start(); /// initialize session
include("passwords.php");
check_logged(); /// function checks if visitor is logged. If user is not logged the user is redirected to login.php page
?>
your page code goes here
If you do not have one or need custom build, do not hesitate to contact me.
| Comments |
| Daniel posted on 2008-05-26 04:28:21 |
| Excellent post! Thank you all wery much! All works like a charm. The only problem I had with the logout page code. I played arround a bit and this works for me: <?php session_start(); $_SESSION["logged"]=''; echo "You are logged out"; ?> Especial thanks to Veselin on all his efforts :) Cheers! |
| Mike Tree posted on 2008-05-18 09:17:51 |
| Hello, I am BRAND NEW at this PHP game, can Anyone explain me how it works, I want to make a page where I can have people Sign up, and Than after email verified, (or not if not possible) and LOG IN. I am a little familiar with HTML, stuff. but php or SQL is new to me :D. >>>? |
| venkat posted on 2008-04-23 14:42:56 |
| i want php user login page |
| Rob posted on 2008-04-21 21:54:50 |
| Going back to the post on 2008-02-08 21:45:08, is there an example that you can show us on how to query users and passwords from the MySQL database instead of using an array? Thanks! --------------- Veselin: this is a piece of code that I usually use to do it if ($ac=='logout') { $_SESSION["userID"] = '0'; } elseif ($ac=='login') { $sql = "SELECT * FROM userstable WHERE username='".$_REQUEST["username"]."' AND password='".$_REQUEST["password"]."'"; $sql_result = mysql_query ($sql, $connection ) or die ('request "Could not execute SQL query" '.$sql); if (mysql_num_rows($sql_result)>0) { $USER = mysql_fetch_assoc($sql_result); $_SESSION["userID"] = $USER["id"]; } else { $message = '<strong style="color:#FF0000">Incorrect login details.</strong>'; $_SESSION["userID"] = ""; unset($_SESSION["userID"]); }; }; |
| Mary McGowan posted on 2008-04-16 18:03:56 |
| interested in login |
| Rob posted on 2008-04-09 23:26:43 |
| THIS WORKED LIKE A CHARM!!! THANK YOU, THANK YOU, THANK YOU!! One question I have is though, is there a way to make the username and password not case sensitive? -------------- Veselin: array_key_exists() function used is case sensitive. This is wht you should define all user names and passwords in lowercase. Then change login.php page instead of if ($USERS[$_POST["username"]]==$_POST["password"]) { $_SESSION["logged"]=$_POST["username"]; it should be $tmpUser = strtolower($_POST["username"]); if ($USERS[$tmpUser]==strtolower($_POST["password"])) { $_SESSION["logged"]=strtolower($_POST["username"]); |
| Spencer posted on 2008-03-17 19:08:19 |
| thank you, but on the logout code, do i make a link to it? and on the other post,do i put this on the passwords.php and login.php or just the users page (s)? $PAGE["username1"] = true $PAGE["username3"] = true; and then change check_logged() function to function check_logged(){ global $_SESSION, $USERS; if (!array_key_exists($_SESSION["logged"],$USERS) OR !array_key_exists($_SESSION["logged"],$PAGE)) { header("Location: login.php"); }; }; ------------ Veselin: you need to create a new page logout.php and put the code in it. Then create logout link which points to this logout.php page You need to put the $PAGE array on pages which user can access. For each page you can allow the users that can access it by creating $PAGE array element with their username. And finally change the line in function in passwords.php with the one I sent you. |
| spence posted on 2008-03-17 03:00:40 |
| okay i got everything to work but the logout page, explain please how to make it so users can logout ---------------------- Veselin: logout code can be found in my post on 2008-02-09 08:12:39 |
| Spencer posted on 2008-03-16 23:25:45 |
| okay i can make everything,but how do i make it so only users can access surtain pages? --------------- Veselin: at the top of each page above check_logged(); you can define which users can access it using an array $PAGE["username1"] = true $PAGE["username3"] = true; and then change check_logged() function to function check_logged(){ global $_SESSION, $USERS; if (!array_key_exists($_SESSION["logged"],$USERS) OR !array_key_exists($_SESSION["logged"],$PAGE)) { header("Location: login.php"); }; }; |
| Rodrigo posted on 2008-02-10 02:57:30 |
| Same question as Art: Do you know how to destroy the session when a user closes the window or closes the tab? -------------------- Veselin: if window is closed session is destroyed but if a tab is close it is not |