Jump to content


This topic is now archived and is closed to further replies.


The right way to do a login script

Recommended Posts

OK, I've seen this in many places, but neither was thorough, as it often happens with quick and sloppy tutorials. So, please enlighten me with a simple and up-to-date snippet that does login and logout. Specifically, I would like to check in index.php if the user is logged in and display text accordingly. If you redirect me to something, please confirm that it is accurate, up-to-date and fairly secure code. I am learning and would like to do this the right way.

Thank you.

Share this post

Link to post
Share on other sites
well, im no PHP-whizz! but i find PHP sessions are the easiest way. I store their user information in a database when they register. and when they login, the database is checked for their info, if it exsists i set the sessions with a few vital pieces of user info, like username, password, name, status level etc. then the if i run to check if they are logged in is:

if (isset($_SESSION["password"])) {

... they are logged in ...

} else {

... they are not logged in ...


Im not really sure how safe or decent that method is, but i do know PHP sessions cannot be editted by users in the same way cookies can. perhaps someone could let me know how safe/good it is? .. but, as a basic login system, i think that's the wya to go ;)

Share this post

Link to post
Share on other sites
But how do I set logged in state and, more importantly, what do I need to do when the user logs out?

Share this post

Link to post
Share on other sites
i will try to explain this the best i can
//ok here is your basic login on form i will not go into explaining this
//assuming you have the basic nowledge of html

<center><table border=1>
<form method="post" action="authenticate.php">
User Id: <td>
<input type="text" name="id" vspace="7">
<input type="password" name="pass" vspace="7">
<input type="submit" value="Log-In"><input type="reset" value="Reset">



ok now i am gonna setup a mysql connect page to connect to your database



//ok now we are gonna log you in to your mysql database
//first you have to enter your database hosts name then your userid and password
mysql_connect('yourhost', 'your userid', 'yourpassword') or die('Could not connect.');
//now wehave to select a database and check to see if it exists
//and it is not found we will give ourself an error
if(!mysql_select_db('database name'))
    die('No database selected.');

ok here is where everything gets logged in and you set your session variables



//ok here we include the  is the mysql connect page we did earlier
include 'connect.php';
//ok next we have to start sessions
//now we have to grab the variables from login.php
$user = $_POST['id'];
$pass = $_POST['pass'];
//ok now we are gonna check to see that the user enter his/her userid and password
if((!$user) || (!$pass)){
//if the user forgot to enter there userid and or password we show them an error
//message and display the login.php page for them to try again
    echo "Please enter ALL of the information! <br />";
    include 'login.php';

//here we are checking to see if the userid and password match a userid and password
//in your batabase
$sql = mysql_query("select * from your table here where youruseridcolumnname='$user' and yourpasswordcolumnname='$pass'"); //we are now call thebatabase table where all the
//userids and passwords are stored
$login_check = mysql_num_rows($sql);//here we are checking to see if they match
//if they match we are gonna call them up and log them in
if($login_check > 0){
    while($row = mysql_fetch_array($sql)){
    foreach( $row AS $key => $val ){
        $$key = stripslashes( $val );
//ok now we are gonna set up some session variables these are very important
//with the session variables you can check to see if the user is logged on later
//and they are used to log the user out
        $_SESSION['user'] = $user;
        $_SESSION['pass'] = $pass;
        $_SESSION['email'] = $email;

//now that the user is logged in and session variables are set we will redirect the
//user to your indexpage
        print "<META HTTP-EQUIV = 'Refresh' Content = '0; URL =index.php'>";

// now if the user could not belogged in we display an error message and the
//login.php form for them to try again
    echo "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br />
    Please try again!<br />";
    include 'login.php';

now we check to see if the user is logged in whith you index.php page


//first we start sessions you must do this at the top of every page in order for sessions to work

//now we check to se if the user is logged in by useing the session variables we creatwed earlier
//by call for the $_SESSION['user'] variable
if(isset($_SESSION['user'])){ //if the sessionvariable was created you will now display your index page
welcome to my site and so forth
//and if the session variable was not created which means the user didnt log in we give them an error
echo "sorry you cannot view this page because you have failed to log in";
//and now we display your login.php page
include 'login.php

sorry it wont lit me post the logout part for some reason but you can get all of what is here plus the logout part [a href=\"http://tfws.dynu.com/loginlogouttut.php\" target=\"_blank\"]here[/a]

Share this post

Link to post
Share on other sites


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.