PHP MySQL Login Form
In this tutorial you will learn how to create a login form for your website using PHP and MySQL. This tutorial will be very basic, and very brief.
It is to show the simplest way to have a user login to your website.
Login Form using PHP and MySQL:
Generally, it is mandatory to have a user login form in a website if you only want people with certain credentials view your content. It is a good way to keep your data secure
from those who it is not intended to. Do you remember one of our previous tutorials on saving data to a database. Well we will use that same data and that same users table.
Since we already have our table created and stored data in it: See here: Save Records,
we will query that same table for what the user has input on the login form.
Now let’s create the login form
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Jotorres Login Form</title>
<form method="post" action="validate_login.php" >
<table border="1" >
<td><input type="submit" value="Submit"/>
<td><input type="reset" value="Reset"/>
Now that we have the login form created, let’s go ahead and create the actual file for validation.
$email = $_POST["users_email"];
$pass = $_POST["users_pass"];
$con = mysql_connect("localhost","root","");
$result = mysql_query("SELECT users_email, users_pass FROM users WHERE users_email = $email");
$row = mysql_fetch_array($result);
if($row["users_email"]==$email && $row["users_pass"]==$pass)
echo"You are a validated user.";
echo"Sorry, your credentials are not valid, Please try again.";
If the username and password both are correct then output will be:
You are a validated user.
If any one of the field or both are incorrect then the output will be:
Sorry, your credentials are not valid. Please try again.
In form of exercise, since we are little by little becoming PHP experts, you need to identify where would this script be vulnerable. Also, give reference to what can you do to prevent attacks.
Hints: SQL injection,
FILTER_SANITIZE_? I basically gave you more than what you need to answer those questions.