Today i am going to show you how to create a login-logout system in php. Just to make the tutorial easy i have skipped the registration part which include the storage of user's detail in the database. First of all, we want a sql database containing the user' detail in it, here we will deal with only two column that is username and password. I have not provided the demo database file in the source code.
The detail of the table column are very clear.
- unique id for each user.
- Username of the registered user.
- His/her Password.
You can clearly observe here that i've not stored the hash value of the password in our database. During registration process, user's entered password field is first transformed to it's hash value and is then finally stored. However, the scope of this article is not that. You can view my article on that Encrypting the database password field.
. Many more coloumn are skipped out in this part, such as ip address, user's personal information etc.
Now days, websites are very cautious as much as security is concerned. They keep track of all the record of user's login location area, his/her device information and even the browser type. As, this article is for beginner's you will soon learn all that. Websites also have some restriction on how much the user attempt to go through the login check. For example, more than three wrong attempt restrict the user for sometime, check out this tutorial for more detail - Limiting Attempt in php
Sessions variable are use to store data on the server, which can be preserved during page access. The data stored in session variable is for limited time, that is it get timeout at some point. This time is set by the variable session.cache_expire(in minutes) located in the php initialization file, php.ini. Beside, this there are number of factor you can control. As mentioned above, the session data can be preserved during page access thus it is our suitable choice for storing user's information in an authentication system.
If you have already downloaded the source code for this project, you must have come to know that we have to create three pages. One page named index.php
which consist of two input text field, and a code to check that username and password is correct or not. Ths second page welcome.php
, is the welcome page for our registered user, showing the message that they are successfully login. The last page logout.php
, is for destroying the session variable.
What index.php basically contains? - It must have a connection to our sql database, from where the fetching operation is conducted. Next, a comparison of entered username and password by the user stored in the post variable, to the fetched value from the database. If ok, then the session must be start using session_start(), otherwise the failure message is displayed. I have written the processing code and the input form in the same page, by making the action of the form equal to $_SERVER['PHP_SELF']
if ($_SERVER["REQUEST_METHOD"] == "POST")
$name=$_POST['name']; //username as entered by user.
$pass=$_POST['password']; //password as entered by user.
$conn=@mysql_connect("localhost","root","") or die("could not connect to database"); $db=@mysql_select_db("login",$conn) or die("could not select database");
$result = mysql_query("SELECT * FROM rec",$conn);
while($row = mysql_fetch_array($result))
if($row['name']==$email && $row['pass']==$pass) //check
echo "Type the correct username and password";
<body> <form action ="index.php" method="POST">
<b>Username : </b><input type="text" name="name" id="name"><br> <b>
Password : </b><input type="text" name="password" id="pass"> <
input type="submit" value="
Username = archit , Password= archit
As the name suggest it is the welcome page for our login user. In the previous page, during username and password check we have started a new session and simultaneously used a key 'login' and have stored the primary id of the user in it. The main logic here, is that we will only check the existence of our $_SESSION variable corresponding to same key created earlier, if exist then the welcome message will be displayed otherwise the php header function will redirect the user to previous page(index.php). Some of you will wonder why we've used the function session_start() again on this page, the reason is that this function should be there whenever we are working with sessions.
<body> Login Successful <br>
It contain just two php function, one is the mandatory function used whenever one has to deal with sessions that is - session_start()
and other one session_destroy()
for dumping all the data stored in the session variables.
<!DOCTYPE html> <html>
<h>You are successfully logout.</h><br>
<a href="index.php">Go to Login Page.</a>