English

PHP Tutorial

PHP Operators

PHP Control Statements

PHP Arrays

PHP Functions

PHP Superglobals

PHP File Handling

Object Oriented PHP

PHP Web Development

PHP AJAX

PHP XML

PHP Login Example

PHP Advanced

PHP - MySQL Login: A Beginner's Guide

Hello there, aspiring web developers! Today, we're going to embark on an exciting journey into the world of PHP and MySQL to create a simple yet powerful login system. As someone who's been teaching this stuff for years, I can tell you that mastering this skill is like unlocking a secret door in the world of web development. So, let's roll up our sleeves and dive in!

PHP - MySQL Login

Understanding the Big Picture

Before we start coding, let's take a moment to understand what we're trying to achieve. Imagine you're building a treehouse. You need a sturdy foundation, walls, a roof, and a way to get in and out. Our PHP-MySQL login system is similar:

  • Config.php: This is our foundation, connecting us to the database.
  • Login.php: Think of this as the door to our treehouse.
  • Session.php: This keeps track of who's inside the treehouse.
  • Welcome.php: The cozy interior where authorized users hang out.
  • Logout.php: The exit sign, showing users the way out.

Now, let's build each part step by step!

Config.php: Laying the Foundation

This file is like the secret handshake between PHP and MySQL. It's where we store our database connection details.

<?php
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'root');
define('DB_PASSWORD', '');
define('DB_NAME', 'login_demo');

$conn = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME);

if($conn === false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}
?>

Let's break this down:

  • We're using define() to set constants for our database details.
  • mysqli_connect() establishes the connection to our MySQL database.
  • If the connection fails, we use die() to stop execution and show an error message.

Pro tip: Never share your real database credentials! This example uses default values, but in a real project, keep these secret!

Login.php: The Gatekeeper

This is where the magic happens. Users enter their credentials, and we check if they're allowed in.

<?php
session_start();
require_once "config.php";

if($_SERVER["REQUEST_METHOD"] == "POST"){
    $username = trim($_POST["username"]);
    $password = trim($_POST["password"]);

    $sql = "SELECT id, username, password FROM users WHERE username = ?";

    if($stmt = mysqli_prepare($conn, $sql)){
        mysqli_stmt_bind_param($stmt, "s", $param_username);
        $param_username = $username;

        if(mysqli_stmt_execute($stmt)){
            mysqli_stmt_store_result($stmt);

            if(mysqli_stmt_num_rows($stmt) == 1){
                mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password);
                if(mysqli_stmt_fetch($stmt)){
                    if(password_verify($password, $hashed_password)){
                        session_start();
                        $_SESSION["loggedin"] = true;
                        $_SESSION["id"] = $id;
                        $_SESSION["username"] = $username;
                        header("location: welcome.php");
                    } else{
                        $login_err = "Invalid username or password.";
                    }
                }
            } else{
                $login_err = "Invalid username or password.";
            }
        } else{
            echo "Oops! Something went wrong. Please try again later.";
        }
        mysqli_stmt_close($stmt);
    }
    mysqli_close($conn);
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Login</title>
</head>
<body>
    <h2>Login</h2>
    <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
        <div>
            <label>Username</label>
            <input type="text" name="username" required>
        </div>    
        <div>
            <label>Password</label>
            <input type="password" name="password" required>
        </div>
        <div>
            <input type="submit" value="Login">
        </div>
    </form>
</body>
</html>

Wow, that's a lot to take in! Let's break it down:

  • We start the session and include our config file.
  • We check if the form was submitted using POST.
  • We use prepared statements to prevent SQL injection (a common security vulnerability).
  • We verify the password using password_verify() (always hash passwords in real projects!).
  • If login is successful, we set session variables and redirect to welcome.php.
  • We also have a simple HTML form for users to enter their credentials.

Remember, in real-world applications, you'd want to add more security measures and error handling!

Session.php: The Bouncer

This file checks if a user is logged in. If not, it sends them back to the login page.

<?php
session_start();

if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){
    header("location: login.php");
    exit;
}
?>

Short and sweet! This code:

  • Starts the session.
  • Checks if the user is logged in.
  • If not, it redirects them to the login page.

Welcome.php: The VIP Area

This is where users end up after successfully logging in.

<?php
require_once "session.php";
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Welcome</title>
</head>
<body>
    <h1>Hi, <b><?php echo htmlspecialchars($_SESSION["username"]); ?></b>. Welcome to our site.</h1>
    <p>
        <a href="logout.php">Sign Out</a>
    </p>
</body>
</html>

Here's what's happening:

  • We include session.php to ensure only logged-in users can access this page.
  • We display a personalized welcome message using the username stored in the session.
  • We provide a link to log out.

Logout.php: The Exit

Finally, we need a way for users to log out securely.

<?php
session_start();
$_SESSION = array();
session_destroy();
header("location: login.php");
exit;
?>

This script:

  • Starts the session.
  • Unsets all session variables.
  • Destroys the session.
  • Redirects the user back to the login page.

Putting It All Together

Now that we've built all the pieces, let's summarize how they work together:

File Purpose Key Functions
Config.php Database connection mysqli_connect()
Login.php User authentication mysqli_prepare(), password_verify()
Session.php Session management session_start(), $_SESSION checks
Welcome.php Authorized user page Displays personalized content
Logout.php End user session session_destroy()

And there you have it! You've just built a basic PHP-MySQL login system. Remember, this is just the beginning. In real-world applications, you'd want to add more features like:

  • Password reset functionality
  • Remember me option
  • More robust error handling
  • Enhanced security measures

Keep practicing, stay curious, and before you know it, you'll be building complex web applications with ease. Happy coding, future web wizards!

Credits: Image by storyset

Previous Tutorial:
PHP - Paypal Integration
Next Tutorial:
PHP - MySQL