So people are always searching around for how to make a passworded area, it may look like a really daunting task to begin with, but it really isn’t that hard. In this tutorial i will explain how to setup and create a multi-user login page for your site.
Things you need
PHP 4 or 5 enabled server
MYSQL database
Some basic HTML and CSS Knowledge (PHP knowledge isnt required i will tell you how to do it here)
About 20 minutes
This script is made for a small personal site and it is only the very basic that you can do for a MYSQL login system, if you wanted to have a more secure system then the use of encryption would be required. This script will stop about 90% of web users from accessing your site, but those more advanced in hacking sites and databases may still get through.
Step 1 – Things to know
This is where your HTML and CSS knowledge comes into play, this part is super easy and in the example below i called the page “login.html” and it should contain a simple login form that will run the file we will make in step 3 called “login-run.php” the method to send the data should be POST.
Step 2 – Creating the login portal page
<form action="login-run.php" method="POST">
<input name="username" type="text" />
<input name="password" type="password" />
<input type="submit" value="Login Now" />
</form>
I wont go on to explain this block of code as it is basic HTML and hopefully you know what is does and how it does it.
Ok so make a new MYSQL database now, create a table called “users” and create 3 columns with the following names and values.
Step 3 – Creating the database
id INT(4) AUTOINCREMENT
username VARCHAR(24)
password VARCHAR(24)
So basically you are creating 3 columns, one is called “id” that is type INT and is 4 characters long this is the user id that is automatically made so it should have AUTO INCREMENT on so the database will automatically generate it. The next column is called “username” and it should be type VARCHAR as it contains non-numerical characters and the length should be around 24. The last column should be called “password” and have the same type and length as the username column.
Once you have done this add one user to test with in my examples i used admin and password, for username and password.
This is where it gets hard if you have never written PHP before, we are now going to make the login script that actually checks your database for the users details.
Step 4 – Creating the login-run script
So our first task is to actually connect to the database so for this we need the following block of code
<?
$con = mysql_connect("localhost","dbuser","dbpass");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
?>
This code may be short but what it does is mighty, it will connect to the database with the name “dbuser” and password “dbpass” and will then check to see if it logged in ok if it didn’t get that far it will echo back and error to you on the page. Note that you will have to change dbuser and dbpass to your databases name and password.
Now for the next bit we want to get the information that the user just entered in our form for this we need to add this code under the block we just made. (Note the last thing on the page MUST be the ?> symbol, this ends the PHP code.
$user = $_POST['username'];
$pass = $_POST['password'];
Ok so that bit of code will get your users information from the form and save it to two variables called “user” for the username and “pass” for the password.
All that is left to do now is to search the database for that information and check if the user is allowed to enter, and then redirect them to the secure page. To do this add the following code block to the end of the document (remember the php end tag must be at the base of the document).
mysql_select_db("dbname", $con);
$result = mysql_query("SELECT * FROM users WHERE username='$user' AND password='$pass'");
if(mysql_num_rows($result)=="1")
{
header("Location: securepage.php");
}
else {
header("Location: login.html");
}
mysql_close($con);
The last thing you need to do is make a page called “securepage.php” this si where the user will go when they have logged in correctly. There you have it test it out and enjoy, there is so much more that you can do like checking if a user is logged in when they go to a page and to assign certain users different areas to access. If there is a need for this i will write another tutorial to show how to do that.
