Hi everyone. In this tutorial I will tech you how to make a PHP login form using sessions. You will need four files, one named form.php, one named login.php, another named auth.inc and the last named protected.php

NB these names can be changed at your will, but make sure you rename them throughout the tutorial.

Step 1)
Open a blank document in Notepad and type the following:

Listing 1.1 – form.php
<html>
<head>
<title>Login Form</title>
</head>

<body>
<form method="post" action="login.php">
Username: <input type="text" name="username" />

Password: <input type="password" name="password" />

<input type="submit" value="Login" />

</form>
</body>
</html>

Save this file as form.php.

Here we have set up a simple form that will pass submitted information onto the file login.php.


GET A FREE HOSTING AND FREE DOMAIN NOW. It is absolutely free
[url]http://affiliate.doteasy.com/index.cfm?M=red&B=5&T=729826&A=damisco87][/url]



Step 2)
Now open a second blank document in Notepad and enter the following:

Listing 2.1 – login.php
<?php

session_start();

$passwords = array("harry" => "dirtyharry",
"george" => "gorgieboy01",
"bob" => "bigbobby",
"jack" => "jackthelad";

if (!$_POST["username"] or !$_POST["password"]) {
echo "Please enter your username and password.";
exit;
}

if ($_POST["password"] == $passwords[$_POST["username"]]) {
echo "Login successful!";
$_SESSION["auth_username"] = $_POST["username"];
}
else {
echo "Login incorrect, please try again.";
}

?>
<html>
<head>
<title>Login</title>
</head>

<body>
Content in here will only be shown if the username and password supplied are correct.
</body>
</html>

Save this file as login.php.

Notice the php script comes before even the <html> tags. This ensures that the php is executed before the page gets rendered, so if the credentials were wrong the offender cannot see anything protected.

Basically here we tell the browser to start a session to store usernames and passwords in. We then set up an array called passwords which contains a list of usernames and respective passwords, from Harry to Jack.

The next part of the script checks inequality between the submitted credentials and the known credentials. The exclamation mark means “Does not equal”. If the credentials are indeed false/incorrect the script will display the message “Please enter your username and password.” One the users screen. The exit; function stops the script from continuing as soon as incorrect details are given.

The following section of the script checks for equality inequality between the submitted credentials and the known credentials. The double equals checks for equality, whereas a single equals assigns a value to a variable. If the credentials are correct the script displays "Login successful!" on the users screen. Then a session is started called “auth_username”. This allows the browser to remember whether or not a user is logged in, which means that they will not have to login again on a different page.

The final part of the php covers all other eventualities and displays "Login incorrect, please try again." to the user.

The rest of the page is shown below, between the <html> tags. The message between the <body> tags will not be visible unless the user is logged in.

Step 3)
You have pretty much finished creating a php secure login, but to illustrate the functionality of sessions, you may want to continue through Step 3.

Open your third document in notepad and type the following:

Listing 3.1 – auth.inc
<?php
session_start();
if (!isset($_SESSION["auth_username"])) {
echo "You must be logged in to view this page";
exit;
}
else {
echo "Hello, you're logged in!";
}

?>

auth.inc stores the information related to your session. You could type the above in every document, but it would become cumbersome and annoying. By including it using php you only need type it once and pull it in using the include function, as shown below.

The final script, protected.php, will be an arbitrary page that you wish to secure.

Listing 3.2 – protected.php
<?php

include "auth.inc";

?>
<html>
<head>
<title>Protected Page </title>
</head>

<body>
Content in here will only be shown if the username and password supplied are correct.
</body>
</html>

This script simply includes auth.inc at the very beginning. The placement of the script is essential to allowing the script to function properly. This will run the script typed in Listing 3.1, and will verify the credentials of the user. If they are legitimate the page will continue, displaying everything between the <body> tags, otherwise it will terminate, displaying only “You must be logged in to view this page.”
If you want to protect any further pages you simply need to add the include function at the very top of every page.

P.S. This script is not intended for protection of highly confidential documents, but rather for client extranets etc.




check out my blog
http://damisco87..com
http://damisco87.