Posted by: tonyteaching | July 10, 2009

Login Page

Often we need Login Page for pages restricted for specific users.

To make it, we need to create 4 files and 1 table (storing usernames and passwords) in a database

1. a Page that has content of FORM for login. e.g. “loginform.html” (this form will have action=”file for taking action of the input data”..e.g. “checklogin.php”)

2. a file for receiving input data from login form (then opening and connecting with database & table which store username and password, alternatively the list of username and password can be put as static data on this file directly as PHP script), –> then verifying the username and password, –>  . e.g. “checklogin.php”, –> then heading to next file (the restricted file)

3. The login_success file, e.g. “login_success.php” (for checking the session is registered on not, so the system will reject if user accesses manually typing the file location…also here is the restricted content.it can be HTML sintax)

4. logout.php (for destroying the session)

————————————————– The Scripts:

1. “loginform.html”

<html>

<form name=”login” action=”checklogin.php” method=”post”>

Username: <input name=”myusername” id=”myusername” size=”15″ maxlength=”15″ type=”text” /><br >
Password: <input name=”mypassword” id=”mypassword” size=”15″ maxlength=”15″ type=”password” />        <br>
<input value=”LOGIN” type=”submit” name=”submit”/>

</form>

</html>

—————————-

2. checklogin.php

<?php
ob_start();
$host=”localhost”; // Host name
$username=”…”; // Mysql username
$password=”….”; // Mysql password
$db_name=”…”; // Database name
$tbl_name=”….”; // Table name

// Connect to server and select databse.
mysql_connect(“$host”, “$username”, “$password”)or die(“cannot connect”);
mysql_select_db(“$db_name”)or die(“cannot select DB”);

// Define $myusername and $mypassword
$myusername=$_POST[‘myusername’];
$mypassword=$_POST[‘mypassword’];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql=”SELECT * FROM $tbl_name WHERE username=’$myusername’ and password=’$mypassword'”;
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file “login_success.php”
session_register(“myusername”);
session_register(“mypassword”);
header(“location:login_success.php“);
}
else {
echo “Wrong Username or Password”;
}

ob_end_flush();
?>

————————————————–

3. login_success.php

<?
session_start();
if(!session_is_registered(myusername)){
header(“location:index.html”);
}
?>

<html>
<head>
<title>Restricted Page</title>
<body>
<H1> This is the restricted Page </H1>
<br>
<br>
<a href=”logout.php”>Logout</a>
</body>
</html>

————————————————–

4. logout.php

<?php
session_start();
session_unset();

session_destroy();
// Logged out, return home.
Header(“Location: index.html”);
?>


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: