PHP MySQL Login Form

jotorres

Rate me:

4.00/5 (7 votes)

9 Oct 2012CPOL1 min read

434.7K

In this tutorial, you will learn how to create a login form for your website using PHP and MySQL.

Introduction

In this tutorial, you will learn how to create a login form for your website using PHP and MySQL. This tutorial will be very basic, and very brief. It is to show the simplest way to have a user login to your website.

Login Form using PHP and MySQL

Generally, it is mandatory to have a user login form in a website if you only want people with certain credentials view your content. It is a good way to keep your data secure from those who it is not intended for. Do you remember one of our previous tutorials on saving data to a database. Well, we will use that same data and that same users table.

Since we already have our table created and stored data in it: See here: Save Records, we will query that same table for what the user has input on the login form.

Now let’s create the login form.

login.php

XML

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
    "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Jotorres Login Form</title>
</head>
<body>
    <form method="post" action="validate_login.php" >
        <table border="1" >
            <tr>
                <td><label for="users_email">Email</label></td>
                <td><input type="text" 
                  name="users_email" id="users_email"></td>
            </tr>
            <tr>
                <td><label for="users_pass">Password</label></td>
                <td><input name="users_pass" 
                  type="password" id="users_pass"></input></td>
            </tr>
            <tr>
                <td><input type="submit" value="Submit"/>
                <td><input type="reset" value="Reset"/>
            </tr>
        </table>
    </form>
</body>
</html>

Now that we have the login form created, let’s go ahead and create the actual file for validation.

validate_login.php

PHP

<?php

// Grab User submitted information
$email = $_POST["users_email"];
$pass = $_POST["users_pass"];

// Connect to the database
$con = mysql_connect("localhost","root","");
// Make sure we connected successfully
if(! $con)
{
    die('Connection Failed'.mysql_error());
}

// Select the database to use
mysql_select_db("my_dbname",$con);

$result = mysql_query("SELECT users_email, users_pass FROM users WHERE users_email = $email");

$row = mysql_fetch_array($result);

if($row["users_email"]==$email && $row["users_pass"]==$pass)
    echo"You are a validated user.";
else
    echo"Sorry, your credentials are not valid, Please try again.";
?>

If the username and password both are correct, then the output will be:

You are a validated user.

If any one of the fields or both are incorrect, then the output will be:

Sorry, your credentials are not valid. Please try again.

Exercise

In the form of exercise, since we are little by little becoming PHP experts, you need to identify where this script would be vulnerable. Also, give reference to what you can do to prevent attacks.

Hints: SQL injection, mysql_real_escape_string, filter_var() with FILTER_SANITIZE_? I basically gave you more than what you need to answer those questions.

This article was originally posted at http://www.jotorres.com/2012/04/php-mysql-login-form

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Written By

jotorres

Software Developer

Puerto Rico

As a computer scientist, I strive to learn more everyday in my field. Everything I learn, I share with my community by writing articles for future references.

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.