Authentication with PHP and SQL

In this lesson of the PHP tutorial, you will learn...
  1. To authenticate users with a login form.

A Database-less Login Form

Below is a simple login form that uses a hard-coded username and password.

Code Sample: Authentication/Demos/SimpleLogin.php

<html>
<head>
<title>Login Page</title>
</head>
<body>
<?php
 require 'Includes/Header.php';

 $msg='';
 $Email = '';
 if (array_key_exists('LoggingIn',$_POST))
 {
  $Email = $_POST['Email'];
  $PW = $_POST['Password'];
  if ($Email == 'jwayne@northwind.com' && $PW == 'cowboy')
  {
   echo '<div align="center">Success</div>';
  }
  else
  {
   echo '<div align="center">Login Failed</div>';
   unset($_POST['LoggingIn']);
  }
 }

 if (!array_key_exists('LoggingIn',$_POST))
 {
?>

<div align="center">

 <h2>Log in</h2>
 <form method="post" action="SimpleLogin.php">
 <input type="hidden" name="LoggingIn" value="true">
  <table>
  <tr>
   <td>Email:</td>
   <td><input type="text" name="Email"
     value="<?php echo $Email?>" size="25"></td>
  </tr>
  <tr>
   <td>Password:</td>
   <td>
   <input type="password" name="Password" size="10">
   </td>
  </tr>
  <tr>
   <td align="right" colspan="2">
   <input type="submit" value="Log in">
   </td>
  </tr>
  </table>
 </form>
</div>
<?php
 }
 require 'Includes/Footer.php';
?>
</body>
</html>
Code Explanation

This page contains an HTML login form, which submits to itself (i.e, the action points to the same page). A hidden field, LoggingIn, is passed to the server when the user submits the form. The script checks to see if LoggingIn exists in the $_POST array. If it does, it processes the form input:

$Email = $_POST['Email'];
$PW = $_POST['Password'];
if ($Email == 'jwayne@northwind.com' && $PW == 'cowboy')
{
 echo '<div align="center">Success</div>';
}
else
{
 echo '<div align="center">Login Failed</div>';
 unset($_POST['LoggingIn']);
}

This code simply checks to see if the user's email and password match the hard-coded values (jwayne@northwind.com and cowboy). If they do, it outputs a "success" message. If they don't, it outputs a "failed" message and removes LoggingIn from the $_POST array, so that the form will be displayed again.

Authentication with PHP and SQL Conclusion

In this lesson of the PHP tutorial, you have learned how to authenticate users. Unfortunately, as it is currently written, only the index page itself is protected. To protect the whole site in this manner, we would have to force the user to log in to every page. That might frustrate our visitors a bit, so we'll learn how to allow users to log in to the whole site later in the course.

To continue to learn PHP go to the top of this page and click on the next lesson in this PHP Tutorial's Table of Contents.

Use of this website implies agreement to the following:

Copyright Information

All pages and graphics on this Web site are the property of Webucator, Inc. unless otherwise specified.

None of the content on this website may be redistributed or reproduced in any way, shape, or form without written permission from Webucator, Inc.

No Printing or saving of web pages

This content may not be printed or saved. It is for online use only.

Linking to this website

You may link to any of the pages on this website; however, you may not include the content in a frame or iframe without written permission from Webucator, Inc.

Warranties

This website is provided without warranty of any kind. There are no guarantees that use of the site will not be subject to interruptions. All direct or indirect risk related to use of the site is borne entirely by the user. All code and explanations provided on this site are provided without warranties to correctness, performance, fitness, merchantability, and/or any other warranty (whether expressed or implied).

For individual private use only

You agree not to use this online manual to deliver or receive training. If you are delivering or attending a class that is making use of this online manual, you are in violation of our terms of service. Please report any abuse to courseware@webucator.com. If you would like to deliver or receive training using this manual, please fill out the form at http://www.webucator.com/Contact.cfm.