Try an online PHP class for free!
Additional Resources

Authentication with PHP and SQL

In this lesson of the PHP tutorial, you will learn...
  1. To authenticate users with a login form.

A Database-less Login Form

Below is a simple login form that uses a hard-coded username and password.

Code Sample: Authentication/Demos/SimpleLogin.php

<html>
<head>
<title>Login Page</title>
</head>
<body>
<?php
 require 'Includes/Header.php';

 $msg='';
 $Email = '';
 if (array_key_exists('LoggingIn',$_POST))
 {
  $Email = $_POST['Email'];
  $PW = $_POST['Password'];
  if ($Email == 'jwayne@northwind.com' && $PW == 'cowboy')
  {
   echo '<div align="center">Success</div>';
  }
  else
  {
   echo '<div align="center">Login Failed</div>';
   unset($_POST['LoggingIn']);
  }
 }

 if (!array_key_exists('LoggingIn',$_POST))
 {
?>

<div align="center">

 <h2>Log in</h2>
 <form method="post" action="SimpleLogin.php">
 <input type="hidden" name="LoggingIn" value="true">
  <table>
  <tr>
   <td>Email:</td>
   <td><input type="text" name="Email"
     value="<?php echo $Email?>" size="25"></td>
  </tr>
  <tr>
   <td>Password:</td>
   <td>
   <input type="password" name="Password" size="10">
   </td>
  </tr>
  <tr>
   <td align="right" colspan="2">
   <input type="submit" value="Log in">
   </td>
  </tr>
  </table>
 </form>
</div>
<?php
 }
 require 'Includes/Footer.php';
?>
</body>
</html>
Code Explanation

This page contains an HTML login form, which submits to itself (i.e, the action points to the same page). A hidden field, LoggingIn, is passed to the server when the user submits the form. The script checks to see if LoggingIn exists in the $_POST array. If it does, it processes the form input:

$Email = $_POST['Email'];
$PW = $_POST['Password'];
if ($Email == 'jwayne@northwind.com' && $PW == 'cowboy')
{
 echo '<div align="center">Success</div>';
}
else
{
 echo '<div align="center">Login Failed</div>';
 unset($_POST['LoggingIn']);
}

This code simply checks to see if the user's email and password match the hard-coded values (jwayne@northwind.com and cowboy). If they do, it outputs a "success" message. If they don't, it outputs a "failed" message and removes LoggingIn from the $_POST array, so that the form will be displayed again.

Exercise: Authenticating Users

Duration: 25 to 35 minutes.

In this exercise, you will use mysqli or PEAR DB to authenticate users.

  1. Open Authentication/Exercises/index.php in your editor. This file has been created for you and contains the underlying logic of the authentication application. You will see that it includes several of the scripts we saw in earlier exercises. Most of these are exactly the same, but a small change has been made to the pwEntry() function in Authentication/Exercises/Includes/fnFormPresentation.php. It now takes a fifth parameter: $Repeat. When $Repeat is set to true (default), the user will be asked to repeat her password (used for registration forms). When $Repeat is set to false, she'll just get a single password field (used for login forms).
  2. Your job is to finish Authentication/Exercises/Includes/LoginForm.php and Authentication/Exercises/Includes/Login.php, which are currently both nearly empty. You may find it helpful to refer to ManagingData/Demos/Includes/EmployeeForm.php when creating LoginForm.php and to ManagingData/Demos/Includes/ProcessEmployee.php when creating Login.php.

Code Sample: Authentication/Exercises/index.php

<?php
 require 'Includes/fnFormPresentation.php';
 require 'Includes/fnStrings.php';
 $Errors = array();
 $DbEntries = array( 'Email'=>'',
      'Password'=>'');
?>
<html>
<head>
<title>Northwind Home Page</title>
</head>
<body>
<?php
 $msg='';
 require 'Includes/Header.php';
 if (array_key_exists('LoggingIn',$_POST))
 {
  require 'Includes/Login.php';
 }
 if (!array_key_exists('LoggingIn',$_POST))
 {
  require 'Includes/LoginForm.php';
 }
 if (strlen($msg) > 0)
 {
  echo "<div align='center'>$msg</div>";
 }
 require 'Includes/Footer.php';
?>
</body>
</html>
Where is the solution?

Authentication with PHP and SQL Conclusion

In this lesson of the PHP tutorial, you have learned how to authenticate users. Unfortunately, as it is currently written, only the index page itself is protected. To protect the whole site in this manner, we would have to force the user to log in to every page. That might frustrate our visitors a bit, so we'll learn how to allow users to log in to the whole site later in the course.

To continue to learn PHP go to the top of this page and click on the next lesson in this PHP Tutorial's Table of Contents.
Last updated on 2009-03-19

Use of http://www.learnphp-tutorial.com (Website) implies agreement to the following:

Copyright Information

All pages and graphics on Website are the property of Webucator, Inc. unless otherwise specified.

None of the content on Website may be redistributed or reproduced in any way, shape, or form without written permission from Webucator, Inc.

No Printing or saving of pages or content on Website

This content may not be printed or saved. It is for online use only.

Linking to Website

You may link to any of the pages on Website; however, you may not include the content in a frame or iframe without written permission from Webucator, Inc.

Warranties

Website is provided without warranty of any kind. There are no guarantees that use of the site will not be subject to interruptions. All direct or indirect risk related to use of the site is borne entirely by the user. All code and explanations provided on this site are provided without warranties to correctness, performance, fitness, merchantability, and/or any other warranty (whether expressed or implied).

For individual private use only

You agree not to use this online manual to deliver or receive training. If you are delivering or attending a class that is making use of this online manual, you are in violation of our terms of service. Please report any abuse to courseware@webucator.com. If you would like to deliver or receive training using this manual, please fill out the form at http://www.webucator.com/Contact.cfm