user login

[ohdang888]

hey. Does anyone knwo of any really good tutorials about hwo to create a login system with php and mysql?

[nano]

something I have done following a few tutorials:

 

database.php

 

<?php
$conn = mysql_connect("localhost", "user", "password") or die(mysql_error());
mysql_select_db('stream_simple', $conn) or die(mysql_error());
?>

 

login.php (this is where the user enters their login info)

 

<form name="login_form" id="login_form" action="logon.php" method="post">
<font class="login_content">Email:</font>

<input name="email" type="text" maxlength="50" id="email" class="member_boxes">

<font class="login_content">Password:</font>

<input name="password" type="password" maxlength="15" id="password" class="member_boxes">

<input type="submit" value="Sign In" id="sign_in" name="Submit">
</form>

 

logon.php (this script is ran when user presses submit)

 

<?php

session_start();

include("database.php");

$tbl_name="user_system";
//remove slashes
$email=stripslashes($_POST['email']);
$password=stripslashes($_POST['password']);
//encrypt password
$encpass = md5($password);

mysql_real_escape_string($email);
mysql_real_escape_string($password);


$sql="SELECT * FROM $tbl_name WHERE email='$email' and password='$encpass'";

$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
// if user login is successful then create session and direct to members.php
$_SESSION['email']=$email;
echo "<meta http-equiv='refresh' content='0;url=members.php'>";

}
else {
// if user login is wrong direct to failed.php
session_destroy();
echo "<meta http-equiv='refresh' content='0;url=failed.php'>";

}
?>

 

members.php (this represents any page you need to be logged in)

 

<?php
// always start a session 
session_start();
// if user does not have session open, direct them to login.php
if (!isset($_SESSION['email'])){
    header("Location:login.php");
    exit();
}
?>
<html>

 

If you don't understand anything just ask, but you can search the different options to find out what they do, I never seem to comment stuff

 

Obvisouly you will need to create your table to how you want it. I have used email and password, but you could have username etc.

 

hope this helps.

[ohdang888]

thanks!

but a few questions...

 

1) where is the info in the session stored?

 

2) recommend using session names?

[trq]

1)in logon.php, wouldn't i need to put "mysql_query($sql)"

 

Yes you would, its in the example posted.

 

And what would i even do with that info retrieved?

 

It is stored in the $_SESSION[] array, again, look at the example.

 

2) where is the info in the session stored?

 

By default the data is stored in flat files on the server.

 

3) recommend using session names?

 

Call them whatever you like, doesn't really matter.