Developing a Login System with PHP and MySQL by John L
Used with the author's permission. This article is written by daBoss. daBoss is
the Webmaster of {a href=" http://www.designerbanners.com"}Designer
Banners. daBoss can be contacted at sales (at) designerbanners (dot) com.
Developing a Login System with PHP and MySQL
Most interactive websites nowadays would require a user to log in into the
website's system in order to provide a customized experience for the user. Once
the user has logged in, the website will be able to provide a presentation that
is tailored to the user's preferences.
A basic login system typically contains 3 components: 1. The component that
allows a user to register his preferred login id and password 2. The component
that allows the system to verify and authenticate the user when he subsequently
logs in 3. The component that sends the user's password to his registered email
address if the user forgets his password
Such a system can be easily created using PHP and MySQL.
================================================
Component 1 - Registration
Component 1 is typically implemented using a simple HTML form that contains 3
fields and 2 buttons: 1. A preferred login id field 2. A preferred password
field 3. A valid email address field 4. A Submit button 5. A Reset button
Assume that such a form is coded into a file named register.html. The following
HTML code excerpt is a typical example. When the user has filled in all the
fields, the register.php page is called when the user clicks on the Submit
button.
[form name="register" method="post" action="register.php"] [input name="login
id" type="text" value="loginid" size="20"/][br] [input name="password"
type="text" value="password" size="20"/][br] [input name="email" type="text"
value="email" size="50"/][br] [input type="submit" name="submit"
value="submit"/] [input type="reset" name="reset" value="reset"/] [/form]
The following code excerpt can be used as part of register.php to process the
registration. It connects to the MySQL database and inserts a line of data into
the table used to store the registration information.
@mysql_connect("localhost", "mysql_login", "mysql_pwd") or die("Cannot connect
to DB!"); @mysql_select_db("tbl_login") or die("Cannot select DB!");
$sql="INSERT INTO login_tbl (loginid, password and email) VALUES
(".$loginid.",".$password.",".$email.")"; $r = mysql_query($sql); if(!$r) {
$err=mysql_error(); print $err; exit(); }
The code excerpt assumes that the MySQL table that is used to store the
registration data is named tbl_login and contains 3 fields - the loginid,
password and email fields. The values of the $loginid, $password and $email
variables are passed in from the form in register.html using the post method.
=================================================
Component 2 - Verification and Authentication
A registered user will want to log into the system to access the functionality
provided by the website. The user will have to provide his login id and
password for the system to verify and authenticate.
This is typically done through a simple HTML form. This HTML form typically
contains 2 fields and 2 buttons: 1. A login id field 2. A password field 3. A
Submit button 4. A Reset button
Assume that such a form is coded into a file named authenticate.html. The
following HTML code excerpt is a typical example. When the user has filled in
all the fields, the authenticate.php page is called when the user clicks on the
Submit button.
[form name="authenticate" method="post" action="authenticate.php"] [input
name="login id" type="text" value="loginid" size="20"/][br] [input
name="password" type="text" value="password" size="20"/][br] [input
type="submit" name="submit" value="submit"/] [input type="reset" name="reset"
value="reset"/] [/form]
The following code excerpt can be used as part of authenticate.php to process
the login request. It connects to the MySQL database and queries the table used
to store the registration information.
@mysql_connect("localhost", "mysql_login", "mysql_pwd") or die("Cannot connect
to DB!"); @mysql_select_db("tbl_login") or die("Cannot select DB!");
$sql="SELECT loginid FROM login_tbl WHERE loginid='".$loginid."' and
password='".$password."'"; $r = mysql_query($sql); if(!$r) {
$err=mysql_error(); print $err; exit(); } if(mysql_affected_rows()==0){ print
"no such login in the system. please try again."; exit(); } else{ print
"successfully logged into system."; //proceed to perform website's
functionality - e.g. present information to the user }
As in component 1, the code excerpt assumes that the MySQL table that is used
to store the registration data is named tbl_login and contains 3 fields - the
loginid, password and email fields. The values of the $loginid and $password
variables are passed in from the form in authenticate.html using the post
method.
================================================
Component 3 - Forgot Password
A registered user may forget his password to log into the website's system. In
this case, the user will need to supply his loginid for the system to retrieve
his password and send the password to the user's registered email address.
This is typically done through a simple HTML form. This HTML form typically
contains 1 field and 2 buttons: 1. A login id field 2. A Submit button 3. A
Reset button
Assume that such a form is coded into a file named forgot.html. The following
HTML code excerpt is a typical example. When the user has filled in all the
fields, the forgot.php page is called when the user clicks on the Submit
button.
[form name="forgot" method="post" action="forgot.php"] [input name="login id"
type="text" value="loginid" size="20"/][br] [input type="submit" name="submit"
value="submit"/] [input type="reset" name="reset" value="reset"/] [/form]
The following code excerpt can be used as part of forgot.php to process the
login request. It connects to the MySQL database and queries the table used to
store the registration information.
@mysql_connect("localhost", "mysql_login", "mysql_pwd") or die("Cannot connect
to DB!"); @mysql_select_db("tbl_login") or die("Cannot select DB!");
$sql="SELECT password, email FROM login_tbl WHERE loginid='".$loginid."'"; $r =
mysql_query($sql); if(!$r) { $err=mysql_error(); print $err; exit(); }
if(mysql_affected_rows()==0){ print "no such login in the system. please try
again."; exit(); } else { $row=mysql_fetch_array($r);
$password=$row["password"]; $email=$row["email"];
$subject="your password"; $header="from:you@yourdomain.com"; $content="your
password is ".$password; mail($email, $subject, $row, $header);
print "An email containing the password has been sent to you"; }
As in component 1, the code excerpt assumes that the MySQL table that is used
to store the registration data is named tbl_login and contains 3 fields - the
loginid, password and email fields. The value of the $loginid variable is
passed from the form in forgot.html using the post method.
================================================
Conclusion
The above example is to illustrate how a very basic login system can be
implemented. The example can be enhanced to include password encryption and
additional functionality - e.g. to allow users to edit their login information.
About the Author
Used with the author's permission. This article is written by daBoss. daBoss is
the Webmaster of {a href=" http://www.designerbanners.com"}Designer
Banners (http://www.designerbanners.com).
daBoss can be contacted at sales (at) designerbanners (dot) com.
|
