In this tutorial we are going to learn that How to Make a Login Form with Session in PHP. These days almost every website require a Login System for their website to protect their precious data from unauthorized access. I try my best to explain every thing in this article. If you need any type of help you can freely ask by commenting below. Follow the following simple steps and your Login Page will be ready.
What is PHP Session?
A session is a way to store information (in variables) to be used across multiple pages. Unlike a cookie, the information is not stored on the users computer.
How to start Session in PHP?
<?php session_start(); // Do Anything ?>
How to Store values in PHP Session Variable?
<?php session_start(); // to store session values $_SESSION['username']= $username; // Initializing Session with value of PHP Variable ?>
How to read values of PHP Session variable?
We simply need to echo (print) our initialized session as:
echo $_SESSION["username"];
Let’s Move to Our Login Form
We need to create a HTML Form for user to input his username and password. I have create simple HTML Form below. If you want to chose your own design you can use it.
Database Structure
CREATE TABLE `users` ( `uid` int(11) NOT NULL AUTO_INCREMENT, `username` varchar(50) NOT NULL, `password` varchar(50) NOT NULL, PRIMARY KEY (`uid`), UNIQUE KEY `username` (`username`) )
PHP File: index.php
This file contain basic HTML form and some PHP code.
<?php include('login.php'); // Include Login Script if ((isset($_SESSION['username']) != '')) { header('Location: home.php'); } ?> <!doctype html> <html> <head> <meta charset="utf-8"> <title>PHP Login Form with Session</title> <link rel="stylesheet" href="style.css" type="text/css" /> </head> <body> <h1>PHP Login Form with Session</h1> <div class="loginBox"> <h3>Login Form</h3> <br><br> <form method="post" action=""> <label>Username:</label><br> <input type="text" name="username" placeholder="username" /><br><br> <label>Password:</label><br> <input type="password" name="password" placeholder="password" /> <br><br> <input type="submit" name="submit" value="Login" /> </form> <div class="error"><?php echo $error;?></div> </div> </body> </html>
PHP File: connection.php
This file contain database configuration code. You have to change it with your server, username, password and database.
<?php define('DB_SERVER', 'localhost'); define('DB_USERNAME', 'username'); define('DB_PASSWORD', 'password'); define('DB_DATABASE', 'database'); $db = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE); ?>
PHP File: login.php
This file contain main part of our login system.
<?php session_start(); include("connection.php"); //Establishing connection with our database $error = ""; //Variable for storing our errors. if(isset($_POST["submit"])) { if(empty($_POST["username"]) || empty($_POST["password"])) { $error = "Both fields are required."; }else { // Define $username and $password $username=$_POST['username']; $password=$_POST['password']; // To protect from MySQL injection $username = stripslashes($username); $password = stripslashes($password); $username = mysqli_real_escape_string($db, $username); $password = mysqli_real_escape_string($db, $password); $password = md5($password); //Check username and password from database $sql="SELECT uid FROM users WHERE username='$username' and password='$password'"; $result=mysqli_query($db,$sql); $row=mysqli_fetch_array($result,MYSQLI_ASSOC); //If username and password exist in our database then create a session. //Otherwise echo error. if(mysqli_num_rows($result) == 1) { $_SESSION['username'] = $login_user; // Initializing Session header("location: home.php"); // Redirecting To Other Page }else { $error = "Incorrect username or password."; } } } ?>
PHP File: check.php
This file check whether the user is logged in or not. If user is not logged in it will redirect to index.php that is our login page. You can include this file to every file on which you can restrict user to log in.
<?php include('connection.php'); session_start(); $user_check=$_SESSION['username']; $sql = mysqli_query($db,"SELECT username FROM users WHERE username='$user_check' "); $row=mysqli_fetch_array($sql,MYSQLI_ASSOC); $login_user=$row['username']; if(!isset($user_check)) { header("Location: index.php"); } ?>
PHP File: home.php
This is your welcome page.
<?php include("check.php"); ?> <!doctype html> <html> <head> <meta charset="utf-8"> <title>Home</title> <link rel="stylesheet" href="style.css" type="text/css" /> </head> <body> <h1 class="hello">Hello, <em><?php echo $login_user;?>!</em></h1> <br><br><br> <a href="logout.php" style="font-size:18px">Logout?</a> </body> </html>
PHP File: logout.php
This is your logout file that will destroy session and redirect user to index.php
<?php session_start(); if(session_destroy()) { header("Location: index.php"); } ?>
If you have any problem regarding to this post you can ask freely in comment 🙂
Updated 01/28/2015
Many readers were facing problem in installation of this script that I have given in download link. So here is the short video to learn how to install this script.