Having a Secure Login is the most basic but the most vital component of a website. In this article, we are going to develop a secure login using PHP and MySQL where PHP SESSION function will play the most important role.
Before starting the execution, let’s understand the concepts behind the SESSION process, how session keeps users data until unless user destroys it.
$_SESSION is PHP predefined function for keeping data in a Session.You can image a session as a time period which is alloted to indivudual user till he is logged into the system/website.Session needs to evoked by session_start(); method on each page or any 1 common page which is included in your overall project.
Let’s start creating secure login process in PHP and MySQL.
First, we need to create a database and table as mentioned below.
CREATE TABLE 'user' (
'id' int(11) NOT NULL AUTO_INCREMENT,
'username' varchar(255) NOT NULL,
'email' varchar(255) NOT NULL,
'password' varchar(255) NOT NULL,
'status' int(11) NOT NULL,
PRIMARY KEY ('id')
Copy and paste the above SQL command into PHPMyAdmin and create a user table for the login process.
Now, we are going to design an HTML form with the help of username and password fields for the login process.
<form method="post"><input name="username" type="text" placeholder="Username" />
<input name="password" type="password" placeholder="Password" />
<input name="login" type="submit" value="Login" /></form>
The Next step to create a connection with the database for retrieving data for the login process. Since MYSQL connection has been depreceated we will make use of MYSQLI connection
$hostname = "localhost";
$database_user = "databaseusername";
$databasepassword = "databasepassword";
$database = "database";
$connect = mysqli_connect($hostname,$database_user,$database_password,$database);
echo "Database connection couldn't steblish" . mysqli_connect_error();
Let’s create PHP script for the login process:
session_start(); // call session_start function on every pages
include('database.php'); // Include database.php for the connection
if(isset($_REQUEST['username']) && $_REQUEST['password'])
$username = mysqli_real_escape_string($_REQUEST['username']);
echo “User couldn’t empty.”; exit;
$name = $username;
$password = mysqli_real_escape_string($_REQUEST['password']);
echo “Password field couldn’t empty”; exit;
$pass = $password;
/* Note: for preventing your login script to the hackers kindly use mysqli_real_escape_string function */
$selectQry = "SELECT id, username, password, status FROM user WHERE username='$name’ AND password='$pass’ AND status='1'";
/*SQL query for select the user for user table where username and password and status of the user are active*/
$result = mysqli_query($selectQry);
$row = mysqli_fetch_array($result);
/*How to assign a value in session*/
$_SESSION['USERNAME'] = $row['username'];
header('location:dashboard.php'); //This would be your dashboard page after successful login.
echo "Sorry! Username or Password are wrong.";
Now just create a Username and password along with your email ID in your database and try logging if your credentials are right you will be surely redirected to your own personalized dashboard.
Hope this tutorial will help the newbies to get kick start to their development journey.
See you soon
Because Hurdles aren’t really Hurdles.