Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles / database / MySQL

PHP MySQL Login Form

4.00/5 (7 votes)
9 Oct 2012CPOL1 min read 441.6K  
In this tutorial, you will learn how to create a login form for your website using PHP and MySQL.

Introduction

In this tutorial, you will learn how to create a login form for your website using PHP and MySQL. This tutorial will be very basic, and very brief. It is to show the simplest way to have a user login to your website.

Login Form using PHP and MySQL

Generally, it is mandatory to have a user login form in a website if you only want people with certain credentials view your content. It is a good way to keep your data secure from those who it is not intended for. Do you remember one of our previous tutorials on saving data to a database. Well, we will use that same data and that same users table.

Since we already have our table created and stored data in it: See here: Save Records, we will query that same table for what the user has input on the login form.

Now let’s create the login form.

login.php

XML
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
    "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Jotorres Login Form</title>
</head>
<body>
    <form method="post" action="validate_login.php" >
        <table border="1" >
            <tr>
                <td><label for="users_email">Email</label></td>
                <td><input type="text" 
                  name="users_email" id="users_email"></td>
            </tr>
            <tr>
                <td><label for="users_pass">Password</label></td>
                <td><input name="users_pass" 
                  type="password" id="users_pass"></input></td>
            </tr>
            <tr>
                <td><input type="submit" value="Submit"/>
                <td><input type="reset" value="Reset"/>
            </tr>
        </table>
    </form>
</body>
</html>

Now that we have the login form created, let’s go ahead and create the actual file for validation.

validate_login.php

PHP
<?php

// Grab User submitted information
$email = $_POST["users_email"];
$pass = $_POST["users_pass"];

// Connect to the database
$con = mysql_connect("localhost","root","");
// Make sure we connected successfully
if(! $con)
{
    die('Connection Failed'.mysql_error());
}

// Select the database to use
mysql_select_db("my_dbname",$con);

$result = mysql_query("SELECT users_email, users_pass FROM users WHERE users_email = $email");

$row = mysql_fetch_array($result);

if($row["users_email"]==$email && $row["users_pass"]==$pass)
    echo"You are a validated user.";
else
    echo"Sorry, your credentials are not valid, Please try again.";
?>

If the username and password both are correct, then the output will be:

You are a validated user.

If any one of the fields or both are incorrect, then the output will be:

Sorry, your credentials are not valid. Please try again.

Exercise

In the form of exercise, since we are little by little becoming PHP experts, you need to identify where this script would be vulnerable. Also, give reference to what you can do to prevent attacks.

Hints: SQL injection, mysql_real_escape_string, filter_var() with FILTER_SANITIZE_? I basically gave you more than what you need to answer those questions.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)