Login Script
Login script is a very common requirement of many websites. How to create one login script ? There are three steps involved in developing a login script.
- First asking user or member to login using a form.
- Then checking the entered information with one existing table of a database.
- Allowing the member to enter into restricted area based on successful login.
We will assume that our data member are stored into a mysql database.
There are 4 files define.php , func.php , logadm.php and main.php .
Short description :
- define.php contains the database name, server name, username and password . A connection to the database will be established within this file.
It will be included in all files that will use a database connection . If you modify any of these variables like username or password you won't have to modify each file
where you have a database connection , only this file , define.php .Of course, it is possible to place the connection string within each file instead of using the include
directive , but when you will need to modify a variable you will have to find and modify each line where you use a database connection.Usually server name it is localhost if mysql server resides on the same server as the web server . If not , your web hosting company will give you the exact details.
Line 6 and 7 are the most important as they realise the connection to the database server and then select the actual database.
If this operation it is successful you will be able to use the database for any needed operation like insert , update , delete .
The variable used will be $dblnk - this is the link to the database.
<?php
$dbsrv = "localhost";
$db = "login";
$user = "root";
$user_password ="root";
$dblnk = mysql_connect($dbsrv,$user,$user_password);
$rez = mysql_select_db($db, $dblnk);
?> - func.php . This file will keep the functions used . It will include "define.php" as we need to connect to the database .
In this case , the application being fairly simple there will be only one function , auth_adm that will check if the information
entered by users exists into the database .The function auth_adm will receive to input parameters , $uname and $upass . These are the username and the password entered by user.
As the function code begins variable $dblnk, the database connection , will have to be declared as global in order to be accessible inside the function. This aspect is important because it is not declared as global you will receive an error that you can't connect to mysql.
As you remember variables declared outside a function are not visible inside a function unless they are declared as global or sent as function parameters.
In this case we sent as function parameters the username and user password.
This file will have to be included in each file that is using any of the functions from this file.
<?php
include ("define.php");
function auth_adm($uname, $upass)
{
global $dblnk;
$sql="select id from admin where uname='$uname' and pass='$upass'";
$rez=mysql_query($sql,$dblnk);//echo $rez;
$nr=mysql_num_rows($rez);
$row=mysql_fetch_array($rez);
$ok=$row['id'];
return $ok;
} //end auth
?> - logadm.php . This is the actual html form where users input their username and password.
First , the script checks if the form was submitted or not (line 2) . If the form wasn't submitted the actual html form is displayed. When user clicks submit , after entering the username and password , the session variables "tname" and "tpass" are registered .Then the username and password entered by user are attributed to these variables. As stated in sessions tutorial these variables will be available in all pages where they are registered.
After the variables are registered the page is redirected to main_page.php . This is the main page of the script.
<?php
if (!isset($uname))
{
echo "
<FORM action=logadm.php method=post>
<title> Login</title>
<H2 align=center>Administrator Login</H2>
<TABLE align=center>
<TR>
<TD>Login name:</TD>
<TD><INPUT name=uname></TD>
</TR>
<TR>
<TD>Login password:</TD>
<TD><INPUT name=upass type=password></TD>
</TR>
</TABLE>
<P align=center><INPUT class=button type=submit value=Login> <INPUT class=button type=reset value=Reset></P>
</FORM>";
}
else
{
session_register("tname");
session_register("tpass");
$tname = $uname;
$tpass = $upass;
?>
<script language="javascript">location.href='./main_page.php'</script>
<?
die (" ") ;
}
?> - main_page.php . In this page , like in all pages that needs secure access , the username and password entered previousely are checked against the database.
In order to use the values entered by users and previousely saved using session variables the session_register() directive must be use.
This way the browser will be aware of the variable names .The next line includes func.php file described above. It is called using username and password entered by user (saved in session variables).
If the function returns TRUE , the script it is executed. If it returns FALSE the script is halted and an error message is displayed.
<?php
session_register("tname");
session_register("tpass");
include("func.php");
if (!auth_adm($tname, $tpass))
die("Incorrect Username/Password.Please <a href=./logadm.php>login</a>.");
else
{
?>
Main page text....
<?
}
?> - admin.sql . In order to be completely functional , a database must be create and a username and password inserted into the table.
You can dump the structure from admin.sql into your phpMyAdmin if you use it.-- Table structure for table `admin`
--
CREATE TABLE `admin` (
`id` int(11) NOT NULL auto_increment,
`uname` text NOT NULL,
`pass` text NOT NULL,
PRIMARY KEY (`id`)
)
--
-- Dumping data for table `admin`
--
INSERT INTO `admin` VALUES (1, 'admin', 'admin');
Note : 1.The script to be protected should be place only inside the test if the authentication is successful.
2.On each page that has to be protected the most important lines are session_register lines and the authentication call function.