How to Create Login Page in PHP and MySQL with Session

Submitted by GeePee on Monday, June 1, 2015 - 22:26.
How to Create Login Page in PHP and MySQL with Session In my previous tutorial called "How to Create Secure Login Page in PHP/MySQL", I explain on the three ways on how create a login page using PHP/MySQL. This time, I will add more functionality on this tutorial. We will add session so that we will know if the visitor has logged in on our site or not. In PHP, there is a variable called $_SESSION. Session allow you to store information and used it in any pages that you like. An example of this is storing of login information. If the visitor has logged in into your site, you can save the id and username of that particular visitor so you will not what privilege you can give to him/her. Unlike cookie, session is stored on the server. This means that session is more secure compare with cookie. Now let's begin creating our script. Create an html file called "login.html" and put the following code:
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  4. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  5. <title>Login Form</title>
  6. </head>
  7.  
  9. <form id="form1" name="form1" method="post" action="login.php">
  10.         <table width="510" border="0" align="center">
  11.                 <tr>
  12.                         <td colspan="2">Login Form</td>
  13.                 </tr>
  14.                 <tr>
  15.                         <td>Username:</td>
  16.                         <td><input type="text" name="username" id="username" /></td>
  17.                 </tr>
  18.                 <tr>
  19.                         <td>Password</td>
  20.                         <td><input type="password" name="password" id="password" /></td>
  21.                 </tr>
  22.                 <tr>
  23.                         <td>&nbsp;</td>
  24.                         <td><input type="submit" name="button" id="button" value="Submit" /></td>
  25.                 </tr>
  26.         </table>
  27. </form>
  28. </body>
  29. </html>
Next, create a PHP file called "login.php" and put the following code:
  1. <?php
  4.  
  5. $username = $_POST['username'];
  6. $password = $_POST['password'];
  7.  
  8. $conn = mysql_connect('localhost', 'root', '');
  9. mysql_select_db('login', $conn);
  10.  
  11. $username = mysql_real_escape_string($username);
  12. $query = "SELECT id, username, password, salt
  13.        FROM member
  14.        WHERE username = '$username';";
  15.                
  16. $result = mysql_query($query);
  17.  
  18. if(mysql_num_rows($result) == 0) // User not found. So, redirect to login_form again.
  19. {
  20.     header('Location: login.html');
  21. }
  22.  
  23. $userData = mysql_fetch_array($result, MYSQL_ASSOC);
  24. $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
  25.  
  26. if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again.
  27. {
  28.     header('Location: login.html');
  29. }else{ // Redirect to home page after successful login.
  30.         session_regenerate_id();
  31.         $_SESSION['sess_user_id'] = $userData['id'];
  32.         $_SESSION['sess_username'] = $userData['username'];
  33.         session_write_close();
  34.         header('Location: home.php');
  35. }
  36. ?>
If you notice, we have added two line at the very top of the page. The lines are:
It is very important to declare these two lines above of any code. Adding it below will not simply work. Take note also that we change the SQL statement on our previous tutorial. This is the line that has change:
  1. $query = "SELECT id, username, password, salt
  2.        FROM member
  3.        WHERE username = '$username';";
And we added the following line after successful login:
  1.         session_regenerate_id();
  2.         $_SESSION['sess_user_id'] = $userData['id'];
  3.         $_SESSION['sess_username'] = $userData['username'];
  4.         session_write_close();
Next, create another PHP file called "home.php" and put the following code:
  1. <?php
  2. //Start session
  4.  
  5. //Check whether the session variable SESS_MEMBER_ID is present or not
  6. if(!isset($_SESSION['sess_user_id']) || (trim($_SESSION['sess_user_id']) == '')) {
  7.         header("location: login.html");
  8.         exit();
  9. }
  10. ?>
  11. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  12. <html xmlns="http://www.w3.org/1999/xhtml">
  13. <head>
  14. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  15. <title>Home Page</title>
  16. </head>
  17.  
  18. <body>
  19. <h1>Welcome, <?php echo $_SESSION["sess_username"] ?></h1>
  20. </body>
  21. </html>
We have also added session_start() function at the very top and check if the variable sess_user_id was set or not. If the variable is not set, then we will redirect the page url to the login page.
Tags
login Page
session

Add new comment

About text formats
  • 316 views