Login Example

A typical PHP web application authenticates the user before logging in, by asking his credentials such as username and password. The credentials are then checked against the user data available with the server. In this example, the user data is available in the form of an associative array. The following PHP Login script is explained below −

HTML Form

The HTML part of the code presents a simple HTML form, that accepts username and password, and posts the data to itself.

<form action = "<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="post"><div><label for="username">Username:</label><input type="text" name="username" id="name"></div><div><label for="password">Password:</label><input type="password" name="password" id="password"></div><section style="margin-left:2rem;"><button type="submit" name="login">Login</button></section></form>

PHP Authentication

The PHP script parses the POST data, and checks if the username is present in the users array. If found, it further checks whether the password corresponds to the registered user in the array

<?php
   if (array_key_exists($user, $users)) {
      if ($users[$_POST['username']]==$_POST['password']) {
         $_SESSION['valid'] = true;
         $_SESSION['timeout'] = time();
         $_SESSION['username'] = $_POST['username'];
         $msg = "You have entered correct username and password";
      } else { 
         $msg = "You have entered wrong Password"; 
      }
   } else {
      $msg = "You have entered wrong user name";
   }
?>

The username and the appropriate message is added to the $_SESSION array. The user is prompted with a respective message, whether the credentials entered by him are correct or not.

The Complete Code

Here is the complete code −

Login.php

<?php
   ob_start();
   session_start();
?><html lang = "en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><link rel="stylesheet" href="loginstyle.css"><title>Login</title></head><body><h2 style="margin-left:10rem; margin-top:5rem;">Enter Username and Password</h2><?php
      $msg = '';
      $users = ['user'=>"test", "manager"=>"secret", "guest"=>"abc123"];

      if (isset($_POST['login']) && !empty($_POST['username']) 
      && !empty($_POST['password'])) {
         $user=$_POST['username'];                  
         if (array_key_exists($user, $users)){
            if ($users[$_POST['username']]==$_POST['password']){
               $_SESSION['valid'] = true;
               $_SESSION['timeout'] = time();
               $_SESSION['username'] = $_POST['username'];
               $msg = "You have entered correct username and password";
            }
            else {
               $msg = "You have entered wrong Password";
            }
         }
         else {
            $msg = "You have entered wrong user name";
         }
      }
   ?><h4 style="margin-left:10rem; color:red;"><?php echo $msg; ?></h4><br/><br/><form action = "<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="post"><div><label for="username">Username:</label><input type="text" name="username" id="name"></div><div><label for="password">Password:</label><input type="password" name="password" id="password"></div><section style="margin-left:2rem;"><button type="submit" name="login">Login</button></section></form><p style="margin-left: 2rem;"><a href = "logout.php" tite = "Logout">Click here to clean Session.</a></p></div></body></html>

Logout.php

To logout, the user clicks on the link to logout.php

<?php
   session_start();
   unset($_SESSION["username"]);
   unset($_SESSION["password"]);
   
   echo '<h4>You have cleaned session</h4>';
   header('Refresh: 2; URL = login.php');
?>

Start the application by entering “http://localhost/login.php”. Here are the different scenarios −

Correct Username and Password

PHP Login Example 1

Incorrect Password

PHP Login Example 2

Incorrect Username

PHP Login Example 3

When the user clicks the link at the bottom, the session variables are removed, and the login screen reappears.


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *