PHP Login Script
Many people have been wondering how they can create a secure
login form. A secure login form must have security checks, free from mysql
injections or database attacks, passwords must be encoded, e.t.c.
If you are one of such wonderers today, this script is just for you. You would really like it.
Please don’t forget to leave a comment or post in tutorials. You can also work
on (improve) our tutorials and then post back for the benefit of the
community.
Download
This tutorial require the jQuery-1.5.1.min.js plugin. A MySQL file is also attached to the download file to help you create the database.
We shall create four files named below:
- Index.php - Login and registration page
- Process.php
- Loggedin.php
- Logout.php
Index.php - Login and logout page
<html><head>
<title>Secure Login Form - Ohwofosirai Desmond</title>
<script src="jquery-1.5.1.min.js"></script>
<script>
var msg=
[
"Valid Format: you@domain.com",
"Alphanumeric chars preferred",
];
var prev;
function show(msg_id){
if (msg_id==2){
document.getElementById("tip"+prev).innerHTML="";
}
else{
document.getElementById("tip"+msg_id).innerHTML=msg[msg_id];
prev=msg_id;
}
}
function just(action){
if (action=='login')
var key="u="+$("#u").val()+"&p="+$("#p").val()+"&a="+action;
else
var key="u="+$("#u1").val()+"&p="+$("#p1").val()+"&a="+action;
$.ajax({
url: "process.php",
type: "post",
data: key,
async:false,
success:function(response){
if (response==0)
$("#res").html("Wrong Email or Password");
else if(response==1)
window.location.href="loggedin.php";
else if(response==2)
$("#res1").html("Registered Successfully");
}
});
}
</script>
<style type="text/css">
label{
font-variant:small-caps; color:#690069; font-weight:bold;
margin-left:0em;
}
form{
font-family:cursive; margin-top:1em; margin-left:5em;
border:1px solid #aaaaaa; float:left; width:40%;
}
input{
margin:4px; outline:none; border:1px #aaaaaa solid;
}
input[type=submit]{
margin-left:14.8em
}
span{
color:#ffccff; font-size:12px;
}
h1,p{
margin-left:5em; color:#000000; text-align:left;
}
</style>
</head>
<body>
<h1>Welcome to Osirai's Blog</h1>
<p/>
<i id="res">Please Login to enjoy all benefits:</i>
<form method="post" onSubmit="just('login');return false" enctype="multipart/form-data">
<p/>
<label for="email">Your Email:</label>
<input type="text" name="u" onFocus="show(0)" onBlur="show(2)" id="u"/>
<span id="tip0"></span><br/>
<label for="password">Password:</label>
<input type="password" name="p" onFocus="show(1)" onBlur="show(2)" id="p"/>
<span id="tip1"></span><br/>
<input type="submit" value="Login"/>
</form>
<div style="clear:both"></div>
<p/>
<i id="res1">OR Register a new to user</i>
<p/>
<form method="post" onSubmit="just('register');return false" enctype="multipart/form-data">
<p/>
<label for="email2">Your Email:</label>
<input type="text" name="u1" id="u1"/><br/>
<label for="password2">Password:</label>
<input type="password" name="p1" id="p1"/><br/>
<input type="submit" value="Register"/>
</form>
</body>
</html>
Process.php - validate user
<?phpsession_start();
if (!isset($_POST['u']))
exit;
extract($_POST);
$uname=strip_tags($u);
$password=strip_tags($p);
//striptags are to prevent adding script elements to your db
$uname=stripslashes($uname);
//stripslashes are to prevent possible mysql injection attacks
$password=stripslashes($password);
//expected that you should encrypt passwords using md5 or sha1 before storing in db
$password=md5($password);
mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("tutorial") or die(mysql_error());
if ($a=='login'){
//to check if a user exists in db
$query=mysql_query("select email,pswd from profiles where email='$uname' and pswd='$password'") or die(mysql_error());
if (mysql_num_rows($query)<1)
{
echo "0"; //does not match an existing user
}
else{
$_SESSION['email']=$uname;
echo "1";
}
}
else {
//to add user registration entries to database
$query=mysql_query("insert into profiles(email,pswd) values('$uname','$password')") or die(mysql_error());
if ($query) echo '2';
}
?>
Loggedin.php
<?phpsession_start();
if(!isset($_SESSION['email']))
exit; //or return to login page using: header("location: index.php");
?>
<html>
<head>
<title>Logged In Successfully - script by Ohwofosirai Desmond</title>
</head>
<body>
<h2>Logged in as: <?php echo $_SESSION['email']; ?>| <a href="logout.php">Logout</a></h2>
<div style="width:50%; font-stretch:1px; text-align:justify; font-size:14px">
welcome to your personal homepage. You can customise this to make it personalized for each user.
Always remember to give feedbacks, and participate by improving scripts on http://tag4free.blogspot.com and uploading back to us for the benefit of the entire community. Thanks.
</div>
</body>
Logout.php
<?phpsession_start();
session_unset();
session_destroy();
header("location: index.php");
?>
KEYWORDS: PHP login script, Ajax login, PHP Password encryption