How to make a login

[JSHINER]

I've been trying to make it so a user can login to an area of my site. I have the registration all set and have all users stored in a database with md5(passwords) - How can I make a login form that creates a "logged in" session?

 

Sorry no code - I have a bunch, but it's a mess and isn't working so I figure starting from scratch will be much easier.

 

My users table is: user_id, username, password, email.

 

Any help is much appreciated!

 

Thanks!

[budimir]

You have loads of good tutorials on the web about the login systems. You got a very nice one here, on phpfreaks, try to search for them. Everything is perfectly explaind. You got a lot of them with admin pages.

 

Enjoy.

[stublackett]

Your best following a tutorial, I'd reccomend www.tutorialized.com/

 

But since I've already done it, You can guide your way through my code, If you like

 

login.php

<?php
session_start();

include ("dbconnect.php");

$message = $_GET['message'];

//LoginForm using HEREDOC
$loginform = <<<LOGINFORM
<div id="login">
<form method="post" action="" login=true">
    <fieldset>
      <div>
      <label for="username">User Name :</label>
      <input type="text" name="username" id="username" class="txt" />
    </div>
    <div>
      <label for="fullname">Password : </label>
      <input type="password" name="password" id="password" class="txt" />
    </div>
      </fieldset>
    <div>
      <input type="submit" name="Submit" id="Submit" value="Login" class="btn" />
    </div>  
    </fieldset>
  </form>
</div>
LOGINFORM;

// Connect to server and select databse.
mysql_connect($hostname, $db_user, $db_password)or die("cannot connect");
mysql_select_db($dbname)or die("cannot select DB");

//Check if "submit button was pressed"
if (isset($_POST['Submit'])) { 
// username and password sent from signup form
   $username=stripslashes($_POST['username']);
   $password=stripslashes($_POST['password']);

   $sql="SELECT * FROM $db_table WHERE username='" . mysql_real_escape_string($username) . "' and password='" . mysql_real_escape_string($password) . "'";
   $result=mysql_query($sql);

// Mysql_num_row is counting table row
   $count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row

   if($count==1){
//Register Username and Password
       $_SESSION['username'] = $username;
       $_SESSION['password'] = $password;
       [b]$_SESSION['userlevel'] = $userlevel;[/b]
       header("location:login_success.php"); //If login is correct direct to login_success.php
              exit(); // always use the exit after a header to prevent the rest of the script from executing
   } else {
         $errormessage = "Invalid Username or Password";
   }
}
?>

 

login_success.php

<?php 
session_start(); 
include ("dbconnect.php");

if(!isset($_SESSION[username])){ 
$message = <<<HTML
This page is for Registered users only <br />
Click Here to Register to the site, <br />
Or follow the link in the menu on the left

HTML;

}else{ 

//Protected Area sits below
$message = "Welcome to the Site <b>".$_SESSION["username"]; 

} 

 

Enjoy! 

[skiingguru1611]

If you were thinking of starting from scratch, you should check out this login system.

 

http://evolt.org/PHP-Login-System-with-Admin-Features?from=800&comments_per_page=50

 

It works great, and as you can tell by the link it comes with an admin feature.

 

I don't know exactly what you are trying to accomplish but this may be helpful.

[phpSensei]

Your best following a tutorial, I'd reccomend www.tutorialized.com/

 

But since I've already done it, You can guide your way through my code, If you like

 

login.php

<?php
session_start();

include ("dbconnect.php");

$message = $_GET['message'];

//LoginForm using HEREDOC
$loginform = <<<LOGINFORM
<div id="login">
<form method="post" action="" login=true">
    <fieldset>
      <div>
      <label for="username">User Name :</label>
      <input type="text" name="username" id="username" class="txt" />
    </div>
    <div>
      <label for="fullname">Password : </label>
      <input type="password" name="password" id="password" class="txt" />
    </div>
      </fieldset>
    <div>
      <input type="submit" name="Submit" id="Submit" value="Login" class="btn" />
    </div>  
    </fieldset>
  </form>
</div>
LOGINFORM;

// Connect to server and select databse.
mysql_connect($hostname, $db_user, $db_password)or die("cannot connect");
mysql_select_db($dbname)or die("cannot select DB");

//Check if "submit button was pressed"
if (isset($_POST['Submit'])) { 
// username and password sent from signup form
   $username=stripslashes($_POST['username']);
   $password=stripslashes($_POST['password']);

   $sql="SELECT * FROM $db_table WHERE username='" . mysql_real_escape_string($username) . "' and password='" . mysql_real_escape_string($password) . "'";
   $result=mysql_query($sql);

// Mysql_num_row is counting table row
   $count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row

   if($count==1){
//Register Username and Password
       $_SESSION['username'] = $username;
       $_SESSION['password'] = $password;
       [b]$_SESSION['userlevel'] = $userlevel;[/b]
       header("location:login_success.php"); //If login is correct direct to login_success.php
              exit(); // always use the exit after a header to prevent the rest of the script from executing
   } else {
         $errormessage = "Invalid Username or Password";
   }
}
?>

 

login_success.php

<?php 
session_start(); 
include ("dbconnect.php");

if(!isset($_SESSION[username])){ 
$message = <<<HTML
This page is for Registered users only <br />
Click Here to Register to the site, <br />
Or follow the link in the menu on the left

HTML;

}else{ 

//Protected Area sits below
$message = "Welcome to the Site <b>".$_SESSION["username"]; 

} 

 

Enjoy! 

 

 

You cant BOLD anything within the CODE tags. $_SESSION['userlevel'] = $userlevel;

 

Plus here are some tutorials:

 

http://www.google.ca/search?hl=en&q=PHP+login+system&meta=

 

Plenty