next »

[TechnicalTalk]

 TechnicalTalk » Programming and Web Development » PHP
 php login with session

[arsah]

arsah  

 php login with session

The script below checks a user name and password against a MySQL query and refers the user to a new page on successful login, or prompts them to try again on a failed login.

Note that you don't need to explicitly register a session variable; instantiating it registers it.

<?
session_start();

$link = mysql_pconnect( 'localhost', 'username', 'password') or die( 'Cannot connect to db' );
mysql_select_db( 'database' ) or die(' cannot select db' );

$message = "Please log in. "

if( isset( $_POST['submit'] ) ) {
$query = "SELECT * FROM login_id_table WHERE usercolumn = '" .  mysql_escape_string( $_POST['user'] ) .  "' AND passcolumn = '" .  mysql_escape_string( $_POST['pass'] ) .  "'";
$rs = mysql_query( $query ) or die ('Cannot get login info' );
if( mysql_num_rows( $rs ) > 0 ) {
$_SESSION['loginid'] = $_POST['user'];
header( "Location: newpage. php" );
else {
$message = "Login failed.  Please try again. "
}
}

<html>
<head>
<title>Login Page</title>
</head>
<body>
<h2>Login Form</h2>
<p><? echo $message; ?></p>
<form id="form1" name="form1" method="post">
<p>User name: <input type="text" id="user" name="user" size="30" value="<% echo $_POST['user']; %>" /></p>
<p>Password: <input type="text" id="pass" name="pass" size="30" value="<% echo $_POST['pass']; %>" /></p>
<p><input type="submit" name="submit" id="submit" value="Submit" /></p>
</form>
</body>
</html>

[Admin]

Admin  

 Re: php login with session

Hey thanks for sharing this useful code with us all. This code will help newbie users to create login forms easily.

[singam]

singam  

 Re: php login with session

Well, that all depends on the kind of authentication you're doing. Do you have a backend database with the account information? Is that what you use for the logins? If so, then you're halfway there.

The second part is to make sure the user is logged in. In PHP cases, you use sessions. There's too much about to explain here, but any good PHP manual will explain how sessions work (they can use cookies or not). In a job I'm working, when the user logs in, I have a session open and a flag is set saying that the user who owns that session is logged in.

Then, in the script for each page, run a check to see if there's a user session and if the user is logged in (is the flag set?). If the flag isn't set or the user doesn't have a session, you can immediately redirect them to the login page.
==============

Link Building| Link Building Services

[Admin]

Admin  

 Re: php login with session

Using sessions to check the authentication of a user once the user has logged in, is the most commom and preferred method.

Cookies play important role while dealing with sessions.

Normally whenever a new user starts visiting a site, a session of that user [anonymous user session] is created on server and a cookie is created on the client machine. This cookie basically contains the SessionID of the session that is created on server for that user. Then, with each page request of that site from the user, cookie is transferred to the server. This cookie is basically used to identify the session as the cookie contains the SessionID. Once the user get logged-in OR get registered with the site by creating new user account on that site then this "Anonymous User Session" is converted into "Authenticated User Session"

In case, if the browser does not allow cookie generation then with each page request of the site form the user, the SessionID is passed as querystring to the server. In this case, the SessionID is visible to everyone and anyone can tamper with it.

Therefore Sessions with cookies is the preferred method.