06 May, 2013

PHP MySQLi secure login page with session set


I'll be teaching you how to make a secure login page with PHP with simple mysqli connection and will set variable to return error on the form. I'll set session that'll save your login credentials and login expiration time.

 <?php
define("DB_HOST","your-mysql-hostname");
define("DB_USER","your-mysql-account-username");
define("DB_PASS","your-mysql-account-password");
define("DB_NAME","your-mysql-database-name");

 // CONNECT TO MYSQLI
$sqli = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME) or die(mysqli_errno());

 // FETCH DATA FROM FORM USING METHOD POST
// IF BUTTON NAME "LOGIN" IS SET
if (isset($_POST['login'])) {


// FETCH DATA FROM INPUT FIELD
$user = mysqli_real_escape_string($sqli, $_POST['user']);
$pass = mysqli_real_escape_string($sqli, $_POST['pass']);

 // CHECK ALL FIELD HAS BEEN FILLED UP
if ($user && $pass) {

 // QUERY FROM DATABASE
$query= mysqli_query($sqli, "SELECT * FROM member WHERE user='".$user."'");
$checkuser= mysqli_num_rows($query);

 // CHECK IF USERNAME EXIST ON DATABASE
if($checkuser != 1) {

 // I'LL BE SETTING A VARIABLE IF YOUR DOESN'T EXIST
$error = "Username doesn't exist in our database!";
}

 // FETCHING PASSWORD IN DATABASE WHERE USERNAME COINCIDES
while ($row = mysqli_fetch_array($user)) {
$checkpass= $row['pass'];


 // CHECK IF ENTERED PASSWORD MEETS THE USERNAME PASSWORD
if ($pass== $checkpass) {

 // IF ALL OKAY SET SESSION
setcookie("user", $user, time()+7200);
$_SESSION['user'] = $user;
$_SESSION['start'] = time();
$_SESSION['expire'] = $_SESSION['start'] + (60 * 60 * 60);
header("Location: ".$_SERVER['PHP_SELF']);
exit();
} else {

 // SET VARIABLE THAT'LL SHOW IF USER PASSWORD IS INCORRECT
$error = "Incorrect password!";
}
}
} else {

 // SET VARIABLE IF ALL FIELD ARE NOT FILLED UP
$error = "Please enter a username and password.";
}
}

 ?>

 <div style="text-align: center;">
<span class="error"><?php if(isset($error)) { echo $error; } ?></span>
<form action="" method="post" id="loginForm">
<span class="input">Username: <input type="text" name="user" maxlength="16"></span>
<span class="input">Password: <input type="password" name="pass"
Posted by at
Labels: , , ,

9 comments:

  1. agp210587September 4, 2013 at 6:06 AM

    Thank you :) It helps a lot.

    ReplyDelete
    Replies
    1. J.C.September 4, 2013 at 6:36 PM

      No problem, just sharing to all who want to learn coding..
      If you need something else dont hesitate to ask.

      Delete
  2. Nikolas StowSeptember 25, 2013 at 11:41 PM

    I don't see where you define the variable $login

    ReplyDelete
  3. Nikolas StowSeptember 25, 2013 at 11:46 PM

    Try changing the "mysqli_fetch_array($login)" to "$query->fetch_array()";

    Also you misspell the variable $checkpass as $chesspass

    Just thought your should know. Then the code should work.

    ReplyDelete
    Replies
    1. UnknownMarch 10, 2014 at 11:49 AM

      He just work with mysqli and you want it in OOP so that is no problem Nikolas!

      Delete
  4. jesus castroOctober 13, 2013 at 1:14 AM

    Thanks alot! this really helped in improving my security for a school proyect im working on. Really appreciate it.

    ReplyDelete
  5. NyronMarch 18, 2014 at 10:09 PM

    You forgot to start the session

    ReplyDelete
  6. manishJune 26, 2014 at 6:58 PM

    php code for photo tagging with demo and database

    http://www.lessonwithdemo.com/205/ajax/photo-tagging-like-facebook-without-page-refresh-with-ajax-without-jquery.php

    ReplyDelete
  7. AnonymousOctober 23, 2015 at 2:59 AM

    I have problem it says parse error: syntax error, unexpected '$user' (t_variable) on line :$user = mysqli_real_escape_string($sqli, $_POST['user']);

    ReplyDelete

Subscribe to: Post Comments (Atom)