Registration/Login Tutorial part 2

[Slaytanist2]

Note For this login script to work you will need to follow instructions from part one.

Well since we created a Registration script we need to make a login script.  To Completely understand this tutorial we recommend that all viewers know Basics of PHP and the Super Global SESSION.

First off we check to see if a user is logged in. TO do this we simply check to see if the session First lets start our session.

Code:

<?php session_start(); ?>

Now we can check to see if a user is logged in.

Code:

<div align="center">
<?php
include ("info.php");//include our DB connection
if($_SESSION['username']){//if the user is logged in
echo "You are already Logged in: ".$_SESSION['username'];
}else{//else show the form

//form here
}
?></div>

What above does is check the user session and if the user is logged in it will show a message telling them they are logged in and there logged in user name.

Now we got that set up out the way lets create the form. The form will include the following:

2 inputs
check hash
see if the username is correct
see if the passwords are correct.

First off we will do some input checking and show the form. And set up the logged in variables.

Code:

<?php session_start(); ?>
<div align="center">
<?php
include ("info.php");//include our DB connection
if($_SESSION['username']){//if the user is logged in
echo "You are already Logged in: ".$_SESSION['username'];
}else{//else show the form


############Variables#############
$password = sha1($_POST['password']);
$username = $_POST['username'];
$login = $_POST['login'];
##################################

if(!$login){//if you didn't press the login button.

echo ("
<form method='post'>
<table colspan=\"2\">
<tr>
<td>Username</td><td><input type='text' name='username' /></td>
</tr>
<tr>
<td>Password</td><td><input type='password' name='password' /></td>
</tr>
</table><input type='submit' name='login' />
</form>

");
}//end if
else{//else check login

echo ("You pressed Login");
}


}
?>
</div>

The above code would show the form then once submitted it will say "You pressed Login".

Now since we got the form working lets put it in action. First we will check to see if username and password fields were left empty.

Code:

<?php session_start(); ?>
<div align="center">
<?php
include ("info.php");//include our DB connection
if($_SESSION['username']){//if the user is logged in
echo "You are already Logged in: ".$_SESSION['username'];
}else{//else show the form


############Variables#############
$password = sha1($_POST['password']);
$username = $_POST['username'];
$login = $_POST['login'];
##################################

if(!$login){//if you didn't press the login button.

echo ("
<form method='post'>
<table colspan=\"2\">
<tr>
<td>Username</td><td><input type='text' name='username' /></td>
</tr>
<tr>
<td>Password</td><td><input type='password' name='password' /></td>
</tr>
</table><input type='submit' name='login' />
</form>

");
}//end if
else{//else check login

if(empty($username)){//checks to see if username was empty
echo ("You left user input empty");
exit;//tell the script to stop
}
if(empty($password)){//checks to see if the password was empty
echo ("You left password input empty");
exit;//we tell the whole script to stop
}
}


}
?>
</div>

Now we need to make our script check if user is a valid user and check if userpassword is correct.

Code:

<?php session_start(); ?>
<div align="center">
<?php
include ("info.php");//include our DB connection

if($_SESSION['username']){//if the user is logged in
echo "You are already Logged in: ".$_SESSION['username'];
}else{//else show the form


############Variables#############
$password = sha1($_POST['password']);
$username = $_POST['username'];
$login = $_POST['login'];
##################################

if(!$login){//if you didn't press the login button.

echo ("
<form method='post'>
<table colspan=\"2\">
<tr>
<td>Username</td><td><input type='text' name='username' /></td>
</tr>
<tr>
<td>Password</td><td><input type='password' name='password' /></td>
</tr>
</table><input type='submit' name='login' />
</form>

");
}//end if
else{//else check login

if(empty($username)){//checks to see if username was empty
echo ("You left user input empty");
exit;//tell the script to stop
}
if(empty($password)){//checks to see if the password was empty
echo ("You left password input empty");
exit;//we tell the whole script to stop
}

$userinfo = mysql_query("SELECT * FROM usertable WHERE username='$username' ");
$valid = mysql_fetch_array($userinfo);
if(empty($valid)){
echo ("This username doesn't exist in our Database");
exit;//stop the script
}

if($valid[password] == $password){

echo("Thank you for logging in ".$username."");
$_SESSION['username'] = $valid[username];
}else{
echo ("Your password for this account is invalid");
}
}


}
?>
</div>

What the above code does is check if passwords are correct from the database then it sets the session if it is. Else if password is incorrect it won't set the session and it will just stop the script and alert a message.


I Hoped you learned from these 2 tutorials Post bugs if any.

Please read the PHP comments if problems please post them.

[pr0nslave]

-nevermind-

but, it's an OK tutorial ... needs a bit of info on sanitization (anti-XSS/anti-SQL injections)

[Slaytanist2]

Well if I told you everything what makes me know that people are not just copying and pasting.

Maybe in my next tutorial.