User Login

PHP Login Form with MySQL database and form validation

Login form – an entry point of a website to authenticate users. PHP login system requires users to register with the application first to log in later.

The registered users are managed in a database at the back end. On each login attempt via the PHP login form, it verifies the database to find a match.

It is a very simple and essential job. At the same time, it should be designed with security to guard the site. It should filter anonymous hits 100% not to let unregistered users get in.

The PHP login form action stores the logged-in user in a session. It uses PHP $_SESSION one of its superglobals. It’s better to validate the existence of this session at the beginning of each page to be protected.

This PHP code can also be used to add an admin login for your control panel. Also, it can be used as a common authentication entry for both admin and user side of an application.

PHP login form code

This example is to design a PHP login form working with backend processing. The login page in PHP shows the UI elements like social login, forgot password and etc.

It posts data to process a username/password-based login authentication. This example uses the database to authenticate the user login.

This PHP login system is capable of linking the following code to the additional login form controls.

HTML form template

The landing page renders this template into the UI to let the user log in. It will happen when there is no logged-in session.

This form accepts the user’s login details username or email and a secure password. The submit event triggers the PHP login form validation and posts the login data to the PHP.

This PHP login form is responsive to the different viewport sizes. It uses simple CSS media queries for adding site responsiveness.

The form tag calls a JavaScript function validate() on the submit event. The below code includes the PHP login form validation script at the end.

        
 
 
Login
  
 ?> 
 
Username 
 
 
Password 
 
 
 
Forgot password? 
 
New user?
 Signup Now 
 
May also signup with
  
 
  
    

PHP login form action

A PHP endpoint script that is an action target of the login form handles the login data.

This login page in PHP sanitizes the data before processing them. It uses PHP filter_var function to sanitize the user entered authentication details.

It conducts the authentication process after receiving the user credentials.

This program puts the authenticated user details in a session. Then, it acknowledges the user accordingly.

processLogin($username, $password); if (! $isLoggedIn) < $_SESSION["errorMessage"] = "Invalid Credentials"; >header("Location: ./index.php"); exit(); > 

PHP login authentication model class

It contains the processLogin() function to check the PHP login form data with the database. It uses PHP password_verify() function to validate the user-entered password. This PHP function compares the password with the hashed password on the database.

The getMemberById() function reads the member result by member id. After successful login, it is called from the case to display the dashboard. It returns the array of data to be displayed on the dashboard.

ds = new DataSource(); > function getMemberById($memberId) < $query = "select * FROM registered_users WHERE $paramType = "i"; $paramArray = array($memberId); $memberResult = $this->ds->select($query, $paramType, $paramArray); return $memberResult; > public function processLogin($username, $password) < $query = "select * FROM registered_users WHERE user_name = ? OR email = ?"; $paramType = "ss"; $paramArray = array($username, $username); $memberResult = $this->ds->select($query, $paramType, $paramArray); if(!empty($memberResult)) < $hashedPassword = $memberResult[0]["password"]; if (password_verify($password, $hashedPassword)) < $_SESSION["userId"] = $memberResult[0]["id"]; return true; >> return false; > > 

Show dashboard and logout link after PHP login

After successful login, the site says there exists a session of the logged-in user. It can be shown in different ways.

In most sites, the site header displays the logged-in user’s profile link. It can be a clickable avatar that slides down a profile menu.

This PHP login system redirects the user to a dashboard page after login. This dashboard page shows a welcome message, about-user with an avatar.

The landing page checks the PHP session if any user has already login. If so, it will redirect to this dashboard page.

getMemberById($_SESSION["userId"]); if(!empty($memberResult[0]["display_name"])) < $displayName = ucwords($memberResult[0]["display_name"]); >else < $displayName = $memberResult[0]["user_name"]; >> ?>   body < font-family: Arial; color: #333; font-size: 0.95em; >.dashboard < background: #d2edd5; margin: 15px auto; line-height: 1.8em; color: #333; border-radius: 4px; padding: 30px; max-width: 400px; border: #c8e0cb 1px solid; text-align: center; >a.logout-button < color: #09f; >.profile-photo  
 
 
Welcome !
 
 
You have successfully logged in!
 
Click to Logout
 
 
 
   

Logging out from the site

This is a general routine to log out from the site. The following script clears the PHP session. Then it redirects back to login page in PHP.

Sometimes, the logout case may clear cookies. Example: In the case of using a cookie-based Remember Me feature in login.

Files structure

See the below image that shows the file structure of this simple PHP login form example. It contains a featured login form UI with the application view files.

The login action calls the PHP model on the submit event. It performs backend authentication with the database.

Database script

Look at this SQL script which contains the CREATE statement and sample row data.

By importing this SQL, it creates database requisites in your development environment.

The sample data helps to try a login that returns success response on the authentication.

Test data: username: kate_91 password: admin123

-- -- Database: `blog_eg` -- -- -------------------------------------------------------- -- -- Table structure for table `registered_users` -- CREATE TABLE `registered_users` ( `id` int(8) NOT NULL, `user_name` varchar(255) NOT NULL, `display_name` varchar(255) NOT NULL, `password` varchar(255) NOT NULL, `email` varchar(255) NOT NULL, `photo` text DEFAULT NULL, `about` text DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; -- -- Dumping data for table `registered_users` -- INSERT INTO `registered_users` (`id`, `user_name`, `display_name`, `password`, `email`, `photo`, `about`) VALUES (1, 'kate_91', 'Kate Winslet', '$2y$10$LVISX0lCiIsQU1vUX/dAGunHTRhXmpcpiuU7G7.1lbnvhPSg7exmW', 'kate@wince.com', 'images/photo.jpeg', 'Web developer'); -- -- Indexes for dumped tables -- -- -- Indexes for table `registered_users` -- ALTER TABLE `registered_users` ADD PRIMARY KEY (`id`); -- -- AUTO_INCREMENT for dumped tables -- -- -- AUTO_INCREMENT for table `registered_users` -- ALTER TABLE `registered_users` MODIFY `id` int(8) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=2; 

Secure DataSource using MySQL with prepared statements

This DataSource is a common file to be used in any stand-alone PHP application. It uses MySQLi with prepared statement to execute database queries. It works with PHP 8 and 7+

This class is available in the project download zip file below. It is a common wrapper for MySQL using PreparedStatement.

Conclusion

We have seen a simple example on the PHP login form. Hope this will be useful to have a featured, responsive login form.

The article interlinks the constellations of a login form. It will be helpful to integrate more features with the existing login template.

Let me know your feedback on the comments section if you need any improvements on this PHP login system.

Источник

Simple Password Protected Page Content Using PHP

I am again here with a new PHP coding tutorial and this is also a simple tutorial that may be useful for you.

Do you want a hidden web page or hidden content on your web page and make it accessible only for those peoples whom you give a specific password? Yes, you will set a password and peoples who know that password will be able to access it using the password.

In this post, I am going to give you the PHP code which will make a content or web page password protect. Only those peoples will able to access the content who know your password that you use to protect your page or content.

PHP code to make a page password protected

Below is the code that will do the task.

//Set the password $password = "12345678pw"; //Let the user access protected content on page if the password match with the password that you have provided if (isset($_POST["password"]) && ($_POST["password"]=="$password")) < ?>
Congratulations! You have successfully accessed the password protected content!
 //Display this content if the provided password is wrong else < //Show the wrong password notice if($_SERVER['REQUEST_METHOD'] == 'POST') < ?>
Sorry. The password you have provided was Wrong!
 ?> 
Enter correct password to see the protected content on this page
    ?> " method="post"> 

First I have set a password and take it inside the variable $password. Then create a form with the input field name “password“. And then I have created an if else condition which checks if the password submitted from the form input box match with my selected password or not.

If it matches with that password then it will show the text “Congratulations! You have successfully accessed the password protected content!” in a green colored text. Otherwise, it will show “Sorry…! The password you have provided was Wrong!” in a red colored text if the password provided is incorrect.

Источник