Introduction
In this tutorial, you will learn how to create a login form for your website using PHP and MySQL. This tutorial will be very basic, and very brief. It is to show the simplest way to have a user login to your website.
Login Form using PHP and MySQL
Generally, it is mandatory to have a user login form in a website if you only want people with certain credentials view your content. It is a good way to keep your data secure from those who it is not intended for. Do you remember one of our previous tutorials on saving data to a database. Well, we will use that same data and that same users table.
Since we already have our table created and stored data in it: See here: Save Records, we will query that same table for what the user has input on the login form.
Now let’s create the login form.
login.php
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Jotorres Login Form</title>
</head>
<body>
<form method="post" action="validate_login.php" >
<table border="1" >
<tr>
<td><label for="users_email">Email</label></td>
<td><input type="text"
name="users_email" id="users_email"></td>
</tr>
<tr>
<td><label for="users_pass">Password</label></td>
<td><input name="users_pass"
type="password" id="users_pass"></input></td>
</tr>
<tr>
<td><input type="submit" value="Submit"/>
<td><input type="reset" value="Reset"/>
</tr>
</table>
</form>
</body>
</html>
Now that we have the login form created, let’s go ahead and create the actual file for validation.
validate_login.php
<?php
$email = $_POST["users_email"];
$pass = $_POST["users_pass"];
$con = mysql_connect("localhost","root","");
if(! $con)
{
die('Connection Failed'.mysql_error());
}
mysql_select_db("my_dbname",$con);
$result = mysql_query("SELECT users_email, users_pass FROM users WHERE users_email = $email");
$row = mysql_fetch_array($result);
if($row["users_email"]==$email && $row["users_pass"]==$pass)
echo"You are a validated user.";
else
echo"Sorry, your credentials are not valid, Please try again.";
?>
If the username and password both are correct, then the output will be:
You are a validated user.
If any one of the fields or both are incorrect, then the output will be:
Sorry, your credentials are not valid. Please try again.
Exercise
In the form of exercise, since we are little by little becoming PHP experts, you need to identify where this script would be vulnerable. Also, give reference to what you can do to prevent attacks.
Hints: SQL injection, mysql_real_escape_string
, filter_var()
with FILTER_SANITIZE_
? I basically gave you more than what you need to answer those questions.