Creating A Custom Php Login Script

[princeofvegas 0]

Creating a Custom PHP Login Script

 

I figured I would contribute something to the tutorials from my web programming knowledge. This is how to create a custom login script in PHP.

 

Requirements:

 

Basic Knowledge of PHP

Knowledge of creating MySQL Databases

Web Server with PHP/MySQL Support (Xisto Hosting is Sufficient)

Step 1:

We need to create a database to store the users information in. You can create the database in cPanel under MySQL Databases. One you have created your database, you can create the table for your user information to be stored in. That can easily be done by running this code:

 

//This makes sure they did not leave any fields blank

if (!$_POST[\'username\'] | !$_POST[\'pass\'] | !$_POST[\'pass2\'] ) {

die(\'You did not complete all of the required fields\');

}

 

// checks if the username is in use

if (!get_magic_quotes_gpc()) {

$_POST[\'username\'] = addslashes($_POST[\'username\']);

}

$usercheck = $_POST[\'username\'];

$check = mysql_query(\"SELECT username FROM users WHERE username = \'$usercheck\'\")

or die(mysql_error());

$check2 = mysql_num_rows($check);

 

//if the name exists it gives an error

if ($check2 != 0) {

die(\'Sorry, the username \'.$_POST[\'username\'].\' is already in use.\');

}

 

// this makes sure both passwords entered match

if ($_POST[\'pass\'] != $_POST[\'pass2\']) {

die(\'Your passwords did not match. \');

}

 

// here we encrypt the password and add slashes if needed

$_POST[\'pass\'] = md5($_POST[\'pass\']);

if (!get_magic_quotes_gpc()) {

$_POST[\'pass\'] = addslashes($_POST[\'pass\']);

$_POST[\'username\'] = addslashes($_POST[\'username\']);

}

 

// now we insert it into the database

$insert = \"INSERT INTO users (username, password)

VALUES (\'\".$_POST[\'username\'].\"\', \'\".$_POST[\'pass\'].\"\')\";

$add_member = mysql_query($insert);

?>

 

 

<h1>Registration Complete</h1>

<p>Your account has been created, you can now log in.</a>.</p>

 

<?php

}

else

{

?>

<form action=\"<?php echo $_SERVER[\'PHP_SELF\']; ?>\" method=\"post\">

<table border=\"0\">

<tr><td>Username linenums:0'><?php // Connects to your Database mysql_connect(\"your.hostaddress.com\", \"username\", \"password\") or die(mysql_error()); mysql_select_db(\"Database_Name\") or die(mysql_error()); //This code runs if the form has been submitted if (isset($_POST[\'submit\'])) { //This makes sure they did not leave any fields blank if (!$_POST[\'username\'] | !$_POST[\'pass\'] | !$_POST[\'pass2\'] ) { die(\'You did not complete all of the required fields\'); } // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST[\'username\'] = addslashes($_POST[\'username\']); } $usercheck = $_POST[\'username\']; $check = mysql_query(\"SELECT username FROM users WHERE username = \'$usercheck\'\") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die(\'Sorry, the username \'.$_POST[\'username\'].\' is already in use.\'); } // this makes sure both passwords entered match if ($_POST[\'pass\'] != $_POST[\'pass2\']) { die(\'Your passwords did not match. \'); } // here we encrypt the password and add slashes if needed $_POST[\'pass\'] = md5($_POST[\'pass\']); if (!get_magic_quotes_gpc()) { $_POST[\'pass\'] = addslashes($_POST[\'pass\']); $_POST[\'username\'] = addslashes($_POST[\'username\']); } // now we insert it into the database $insert = \"INSERT INTO users (username, password) VALUES (\'\".$_POST[\'username\'].\"\', \'\".$_POST[\'pass\'].\"\')\"; $add_member = mysql_query($insert); ?> <h1>Registration Complete</h1> <p>Your account has been created, you can now log in.</a>.</p> <?php } else { ?> <form action=\"<?php echo $_SERVER[\'PHP_SELF\']; ?>\" method=\"post\"> <table border=\"0\"> <tr><td>Username:</td><td> <input type=\"text\" name=\"username\" maxlength=\"60\"> </td></tr> <tr><td>Password:</td><td> <input type=\"password\" name=\"pass\" maxlength=\"10\"> </td></tr> <tr><td>Confirm Password:</td><td> <input type=\"password\" name=\"pass2\" maxlength=\"10\"> </td></tr> <tr><th colspan=2><input type=\"submit\" name=\"submit\" value=\"Register\"></th></tr> </table> </form> <?php } ?>

This script checks to see if the form was submitted as if it was it makes sure that all of the fields are filled out properly, such as the username not existing and passwords are matching. If the form has not been submitted by the user they are shown the registration form.

 

Step 3:

Next we are going to create a new file and call it login.php. You will then insert this code into login.php:

 

//if there is, it logs you in and directes you to the members page

{

$username = $_COOKIE[\'ID_my_site\'];

$pass = $_COOKIE[\'Key_my_site\'];

$check = mysql_query(\"SELECT * FROM users WHERE username = \'$username\'\")or die(mysql_error());

while($info = mysql_fetch_array( $check ))

{

if ($pass != $info[\'password\'])

{

}

else

{

header(\"Location linenums:0'><?php // Connects to your Database mysql_connect(\"your.hostaddress.com\", \"username\", \"password\") or die(mysql_error()); mysql_select_db(\"Database_Name\") or die(mysql_error()); //Checks if there is a login cookie if(isset($_COOKIE[\'ID_my_site\'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE[\'ID_my_site\']; $pass = $_COOKIE[\'Key_my_site\']; $check = mysql_query(\"SELECT * FROM users WHERE username = \'$username\'\")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info[\'password\']) { } else { header(\"Location: members.php\"); } } } //if the login form is submitted if (isset($_POST[\'submit\'])) { // if form has been submitted // makes sure they filled it in if(!$_POST[\'username\'] | !$_POST[\'pass\']) { die(\'You did not fill in a required field.\'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST[\'email\'] = addslashes($_POST[\'email\']); } $check = mysql_query(\"SELECT * FROM users WHERE username = \'\".$_POST[\'username\'].\"\'\")or die(mysql_error()); //Gives error if user dosen\'t exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die(\'That user does not exist in our database. <a href=add.php>Click Here to Register</a>\'); } while($info = mysql_fetch_array( $check )) { $_POST[\'pass\'] = stripslashes($_POST[\'pass\']); $info[\'password\'] = stripslashes($info[\'password\']); $_POST[\'pass\'] = md5($_POST[\'pass\']); //gives error if the password is wrong if ($_POST[\'pass\'] != $info[\'password\']) { die(\'Incorrect password, please try again.\'); } else { // if login is ok then we add a cookie $_POST[\'username\'] = stripslashes($_POST[\'username\']); $hour = time() + 3600; setcookie(ID_my_site, $_POST[\'username\'], $hour); setcookie(Key_my_site, $_POST[\'pass\'], $hour); //then redirect them to the members area header(\"Location: members.php\"); } } } else { // if they are not logged in ?> <form action=\"<?php echo $_SERVER[\'PHP_SELF\']?>\" method=\"post\"> <table border=\"0\"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type=\"text\" name=\"username\" maxlength=\"40\"> </td></tr> <tr><td>Password:</td><td> <input type=\"password\" name=\"pass\" maxlength=\"50\"> </td></tr> <tr><td colspan=\"2\" align=\"right\"> <input type=\"submit\" name=\"submit\" value=\"Login\"> </td></tr> </table> </form> <?php } ?>

This script checks to see if the login information is stored in a cookie on the users computer. If a cookie already exists with the proper credentials then the user will be redirected to the memers page. If no cookie exists for the site, then the login page is displayed and if the login credentials are valid then the cookie is created and the user is directed to the members page.

 

Step 4:

Next we are going to create a file called members.php. Once you have created that file, insert the following code:

{

$username = $_COOKIE[\'ID_my_site\'];

$pass = $_COOKIE[\'Key_my_site\'];

$check = mysql_query(\"SELECT * FROM users WHERE username = \'$username\'\")or die(mysql_error());

while($info = mysql_fetch_array( $check ))

{

 

//if the cookie has the wrong password, they are taken to the login page

if ($pass != $info[\'password\'])

{ header(\"Location linenums:0'><?php // Connects to your Database mysql_connect(\"your.hostaddress.com\", \"username\", \"password\") or die(mysql_error()); mysql_select_db(\"Database_Name\") or die(mysql_error()); //checks cookies to make sure they are logged in if(isset($_COOKIE[\'ID_my_site\'])) { $username = $_COOKIE[\'ID_my_site\']; $pass = $_COOKIE[\'Key_my_site\']; $check = mysql_query(\"SELECT * FROM users WHERE username = \'$username\'\")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { //if the cookie has the wrong password, they are taken to the login page if ($pass != $info[\'password\']) { header(\"Location: login.php\"); } //otherwise they are shown the admin area else { echo \"Admin Area<p>\"; echo \"Your Content<p>\"; echo \"<a href=logout.php>Logout</a>\"; } } } else //if the cookie does not exist, they are taken to the login screen { header(\"Location: login.php\"); } ?>

This code checks to see if a cookie exists for the user. If it does then the page is shown. If no cookie exists then the user is simply redirected to the login page so that they can log in.

 

Step 5:

Lastly, we are going to create a logout.php papge. Once you have created that file, then you can insert this code into the file:

{

$username = $_COOKIE[\'ID_my_site\'];

$pass = $_COOKIE[\'Key_my_site\'];

$check = mysql_query(\"SELECT * FROM users WHERE username = \'$username\'\")or die(mysql_error());

while($info = mysql_fetch_array( $check ))

{

 

//if the cookie has the wrong password, they are taken to the login page

if ($pass != $info[\'password\'])

{ header(\"Location linenums:0'><?php // Connects to your Database mysql_connect(\"your.hostaddress.com\", \"username\", \"password\") or die(mysql_error()); mysql_select_db(\"Database_Name\") or die(mysql_error()); //checks cookies to make sure they are logged in if(isset($_COOKIE[\'ID_my_site\'])) { $username = $_COOKIE[\'ID_my_site\']; $pass = $_COOKIE[\'Key_my_site\']; $check = mysql_query(\"SELECT * FROM users WHERE username = \'$username\'\")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { //if the cookie has the wrong password, they are taken to the login page if ($pass != $info[\'password\']) { header(\"Location: login.php\"); } //otherwise they are shown the admin area else { ?>

and then by adding this to the very bottom of the file (AFTER EVERYTHING!!!)

<?php } ?>

That is pretty much it. Please feel free to post any questions or comments and I will be more than happy to help you out.

[DroopsLoops 0]

Hey! I have an error in the login.php. Can you help me solve it?

 

the error is the following:

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\ja_pruebas\login.php:9) in C:\xampp\htdocs\ja_pruebas\login.php on line 70

 

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\ja_pruebas\login.php:9) in C:\xampp\htdocs\ja_pruebas\login.php on line 71

 

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\ja_pruebas\login.php:9) in C:\xampp\htdocs\ja_pruebas\login.php on line 74

 

and those lines are in the code the followings:

 

70 setcookie(ID_my_site, $_POST['username'], $hour);

71 setcookie(Key_my_site, $_POST['pass'], $hour);

 

74 header("Location: members.php");

Edited February 9, 2010 by truefusion (see edit history)

[Pankyy 0]

Droops, it would be better if you created a new thread, but anyway, going to your problem; The #9 line in the script login.php would be good to find the problem also.

[jlhaslip 4]

Indeed, this should be a seperate thread, and after the issue is resolved, it can be moved.Check the Login.php file and remove all the spaces from the first line before the <?php token. See if that works.

[contactskn 2]

Thank you for such a good code set for login, Even I was searching something like that for my new website and I think it will be very useful for me. Thanks again.?

[stefan_pavikevik 0]

Pretty nice tutorial. I really needed as thing such as this. I am experimenting with the code, to get some other kind of php login script.Thanks!

[Ash-Bash 0]

Thank you for sharing this with us princeofvegas I will be using this on my site, But I wonder if you could make a tutorial on how to make your own image upload script or own file uploading script Like Rapid-Share or Megaupload? That would be most kind of you if you did make one .

[DroopsLoops 0]

Droops, it would be better if you created a new thread, but anyway, going to your problem; The #9 line in the script login.php would be good to find the problem also.

Hey, how do I create a new thread? I'm not the most advance programmer. In fact I'm a bit lost in some parts of this code. If you can help me a bit more or direct me on the way of a tutorial that help me with the problem would be awesome. Also I dont know what is the problem in the line #9... so the same that up there, if you can help me a bit more or direct me on the way of a tutorial that help me with the problem would be awesome.

Thanks for the answers everyone!

[ghulamsarwer 0]

Hi to all,i am facing a problem with login page script. As i login it gives me "Incorrect password, please try again"Need Help

[Semsem 0]

If I were you, I'd go for a different login. This one is too dang confusing and has pointless stuff in it for normal use.However, sounds to me as though you haven't registered an account (via the script). Do that, or manually add a row in MySQL, and you should be good to go.

[Ndogg 0]

Very awesome Guide, this will be very helpful for my site.