If you need a simple login functionality for your site, here is a way to accomplish that.
1. Create a users table
Create a table in the mysql-database where username and password are stored and accessed.
- Create three fields, for example id (primary key, int, auto-increment), uname (varchar) and passwd (varchar).
- Add a user manually either via the provided interface or using SQL (
"INSERT INTO users (uname, passwd) VALUES ('johndoe', 'password')").
2. Create a login page
Create a login page from where you fill in username and password and press a login button to gain access to restricted access pages.
It could for example look like this if you are using a simple html-post to another page.
<!--
:: LOGIN.PHP ::
-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns='http://www.w3.org/1999/xhtml' xmlns:b='http://www.google.com/2005/gml/b' xmlns:data='http://www.google.com/2005/gml/data' xmlns:expr='http://www.google.com/2005/gml/expr'>
<head>
<title>Login</title>
</head>
<body>
<div style="margin:20px;">
<h2>Login</h2>
<br />
<form name="loginForm" method="post" action="verifyLogin.php" >
<table>
<tr>
<td><h3>Username:<h3></td>
<td>
<input type="text" name="uname" />
</td>
</tr>
<tr>
<td><h3>Password:<h3></td>
<td>
<input type="password" name="passwd" />
</td>
</tr>
<tr>
<td colspan="2">
<input type="submit" value="Login" />
</td>
</tr>
</table>
</form>
</div>
</body>
</html> |
3. Create the controller page
The page that receives the post will take care of the data and take different actions depending on the match result of the username and password.
<!--
:: VERIFYLOGIN.PHP ::
-->
<?php
/* Login variables */
$mysql_username = "usernameToDatabase";
$mysql_password = "passwordToDatabase";
$mysql_host = "hostname";
$mysql_database = "dbName";
/* Create a connection and set current active database */
$link = mysql_connect($mysql_host, $mysql_username, $mysql_password) or die("Could not connect to database: " . mysql_error());
mysql_select_db($mysql_database, $link) or die("Could not set database");
$uname = $_POST['uname'];
$uname = mysql_real_escape_string($uname);
$passwd = $_POST['passwd'];
$passwd = mysql_real_escape_string($passwd);
$select_query = sprintf("SELECT * FROM users WHERE (uname='%s' AND passwd='%s')", $uname, $passwd);
// Perform Query
$select_result = mysql_query($select_query);
/* Check result */
if (!$select_result) {
$message = 'Invalid query: ' . mysql_error() . "\n";
$message .= 'Whole query: ' . $select_query;
die($message);
}
/* If there was a match */
if (mysql_num_rows($select_result) == 1) {
/* Set session variable */
$row = mysql_fetch_assoc($select_result);
$_SESSION['uname'] = $row['uname'];
/* Redirect user to restricted areas */
header("Location: http://www.theAddress.com/restrictedArea.php");
} else {
Print "User was not found. Check your username and password and try again or register if you haven't! <br /><br />=> <a href='login.php'>";
}
?> |
4. Create check on restricted pages.
Create a check on the restricted pages that verify that the users are really logged on, since otherwise people can just type in the url. Below we are checking whether a session variable 'uname' is set or not. If it is set we can also check its value if we want to.
<!--
:: SOMERESTRICTEDPAGE.PHP ::
--><?php
session_start();
// If the session variable is not set
if (!isset($_SESSION['uname'])) {
// Redirect user to the login page
header("Location: http://www.theAddress.com/login.php");
}
// Session variable i set, now check it for a specific value
else {
if ($_SESSION['uname'] != 'someValue') {
// Redirect user to the login page
header("Location: http://www.theAddress.com/login.php");
}
}
/* Everything went well, we have a registered user and the rest of the page can continue to display. */
?>
|
You could also do the verifying part using AJAX to get rid of the reload part. In fact this is what we are using but I wanted to provide a simple to implement solution. If anyone is interested tell me in the comments and I'll be happy to put the solution here.
