Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member

Creating a login system

From: PHP with MySQL Essential Training

Video: Creating a login system

In this movie, we'll create the Login page. Process login attempts and if the user is successful we'll mark the user as being logged in as an admin. The easiest way for us to get started with a Login page that people can login from, is to start with our new Admin.php page. That already has a form that's pretty similar. So I'm just going to do Save As on that. We're going to call it login.php. Let's jump down to the form portion here. So, it's still going to say admin area at the top. I think that's still appropriate, even though we're not actually inside the admin area because the login page is the doorway to the admin area. I'm going to go ahead and have it say admin at the top. Don't need to have anything in the navigation.

Creating a login system

In this movie, we'll create the Login page. Process login attempts and if the user is successful we'll mark the user as being logged in as an admin. The easiest way for us to get started with a Login page that people can login from, is to start with our new Admin.php page. That already has a form that's pretty similar. So I'm just going to do Save As on that. We're going to call it login.php. Let's jump down to the form portion here. So, it's still going to say admin area at the top. I think that's still appropriate, even though we're not actually inside the admin area because the login page is the doorway to the admin area. I'm going to go ahead and have it say admin at the top. Don't need to have anything in the navigation.

We can still have our message and form errors. The h2 here is just going to say login. We want to make sure that the form is going to submit to itself, login.php and the username and the password we'll still use, but the label on the submit button is just going to say submit, and we won't need it to say cancel at the bottom. Alright, let's jump up to the form portion now If the person submits the form, we're going to process it. It's up to you whether you do these validations or not. We don't want to do the second one for max_lengths.

But the first one, to make sure that it's required, that's really optional. You can make sure that it's required if you want or you could go ahead and take a blank user name and password, and try and find those in the database. I'm going to go ahead and require them not to be blank before I process the form. If there are no errors. In other words, we have a user name and password. We're going to do something different here. We're going to attempt the login instead. And so this is all going to look very different. We're just going to take that out. Instead of writing sql right here, let's create a function that'll do this for us. I like functions. So let's say found admin equals attempt_login.

And it's going to take username and password as arguments. And so that'll handle everything for us. It'll either find the admin or it'll return something like null or false that will let us know that it didn't find them. And so if it finds an admin, we'll have success. We will then mark user as logged in. And redirect them to admin.php, that's our menu page. If there's failure, then we're going to return a message than can just say "login failed" or, I'm going to say "Username/password not found." Now notice that I did not tell them which one was wrong.

I didn't tell them, hey your username was wrong, or your password was wrong. I don't want to give them any clues. That might help them to hack the sight. Instead I'm just going to say, sorry login failed. That combination didn't work, just in general and it's up to you to try and figure out what you did wrong. Let's go up here and notice that we have user name and password. We're going to need to set those user name, which is going to equal to post, user name and password will be the same thing.

But password. Now, part of the reason that I set these to other variables instead of just passing post directly in here, is because I want to be able to use username. Down here in the form as a value. If they've submitted the form previously then I want to echo back that username to them. I think that is a nice user interface feature. PHP echo htmlentities username and that way they don't have to type their username again just because they got their password wrong.

It always irritates me when I go to websites and I have to refill out the whole thing both my username and password just because I mistyped my password. We're not going to do that for password though because you can't see it anyway. It's going to have those dots there, so there's no way for us to see a type and correct it or anything like that. And of course, if I'm going to display the username some of the time, then I need to make sure I have a value all of the time. So that means that instead of just here, if errors are empty having a username, I need to have one all the way up here at the very top, username equals, I just need my $ sign at the beginning.

So now I have a default value which is an empty string. That'll always be available for the form. So let's just try it out. Let's open up Firefox and go to login.php. And there we go and let's just submit it with no username and password and you'll see that I get my errors there. So that's the, the beginning of it. If we submit it with a correct username and password or even an incorrect one, we want it to now attempt to login. So we need this function written for attempt_login. So we'll go create that and then we'll come back over here and we'll market eh user as logged in if they succeed. So let's do attempt log in, I'm going to close that up, we'll open up functions and down here at the bottom below password check, function attempt login, which is going to take two arguments, user name, password. And let's think about what this is going to do for a second. What do we want to do to attempt a log-in.

Well we want to compare and find out if the database has this user name password combination. In order to check the password though remember we need to use our password check function that we wrote which needs an existing hash. That existing hash is stored in the database. So its a two step process. We first have to look up the user. And if we find the user then take their existing hash and compare it against a password. If we don't find a user obviously the login failed or if the password doesn't match it failed. So two step process. Find the user then find their password. So finding the user, finding this admin, we've actually done before. We had find admin by id.

It's the exact same process, so I'm actually going to just copy that whole function and I'm just going to paste it right here below it, find_admin_by user name. That's the only difference is that instead of using the admin id to find them, we're going to find them by their user name. So everything else works pretty much the same. We going to take user name it gets passed on and we are gong to use MySQL real escape string on that and then will put it into our SQL query. Select all from admins where username equals now we use safe username.

We also need to make sure we put single quote around that cos its a string, alright? Before it was an integer, now its a string so we need to put those quote marks. That'll then look for that in the database and return admin_set and it will either return an admin or return null. We don't need to make any other changes to it, that's it. We're just finding a user by username instead of finding them by ID. So let's take that function and drop down here and use it. So we'll just say admin equals, find admin by username, we'll pass in whatever we have as a username.

So if we have that admin, right? The other choices would have returned null to us. So if we find the admin, then we found admin, now check password. And if not, then admin not found and we'll just return false. Now I could return null here but I'm going to return false for a temp login, it seems more appropriate that it would return a true or false type thing. So found admin, now check password so how do we check the password? We use our password check function up here.

So let's just copy this portion. So if password check password. And existing hash isn't existing hash anymore, it's going to be the admin and then the column there is hash password. That's where our existing hash lives. Let me just open this window a little bit wider. So if we check the password and it we get back either true, remember password check either returns true or false. So if it returns true then password matches and we can return, I'm going to return the actual admin, this hash.

I'll return that back to the user instead of true so that then they can use that admin because we're going to want to use that. And if not, then password does not match will return false. Notice that I'm returning false whether the admin was found or whether the password does not match. I'm not making a distinction. So it's not possible to tell from the attempt login function which one went wrong. I just know that it didn't get back at admin, so it must not have worked. So let's save that. Let me just double check it real quick.

It all looks good. Let's jump back over to our login.php page. So attempt-login will either get an admin back or not. If if has an admin, then mark the user as logged in. So how do we do that? Well, we could put something in the cookie. Like this, admin id and that's going to be equal to the found admin id. So we find an admin and set a cookie equal to that. The problem with cookies is that cookies remember are visible to the user by default in their browser. And on top of that we saw that cookie data can actually be faked as well. So we don't want to trust something that's this important to put in a cookie. It's much better to put it in a session.

Then the user can't see it. It's on the server side. They can see the session id and know where the session is, what the name of the session is but that doesn't help them. It doesn't allow them to put any data in there or anything. So it's much more secure for us to use the session in this case. And then, let's also go ahead and store the username. And the reason I'm doing this is not to make sure that they're logged in, which is what I'm going to use admin_id for, this is just for convenience. This is going to allow me to always know what this person's username is. Every page, I can just pull this value out of the session and I'll know what their username is. I can display it up in the header if I want or I can use it inside the text to refer to them.

I can store it whenever they make certain changes. I'll always know what this persons username is and I don't have to go back to the database to look it up. Alright, so let's actually try that real quick. Let's close this and let's go to admin.php. And when we have welcome to the admin area, let's just put the user's name here. So welcome to the admin area and we need to get that out of the session. let's do echo htmlentities and then on that, we're going to use session username.

Right and then that value will be there. If they are logged in and they're able to get to this page, then we will know what their username is. Notice that I'm using session here but a long time ago, I never set up this admin page to use the session. Any page that's going to need to refer to it is also going to need to call it. So that will set up the session for us. So now we have the session and will pull up the value and go. Let's try it. So let us go to our log in page. Now if you remember what your admins are. If you don't remember you can just jump back over to manage admins.php and you can see what list of admins you have.

You can also create an admin here if you don't have one yet. I'm going to use kskoglund as the admin. Now notice we were able to go to this page without being logged in. We'll talk about that in a second. But for now, I'm just going to try out my login system. Username, my password I believe was secret, submit and there we are. Now I'm on admin.php. Welcome to the admin area, Kskoglund was able to pull it up. Now, like I said. We are able to go to these other pages like manage admins without being logged in. That wasn't a requirement of this page. That's because we don't have anyone checking for that hand stamp yet. We don't have anyone enforcing that on every page saying check to see if the user's logged in.

If not, redirect them back to the login page. That's what were going to do in the next movie.

Show transcript

This video is part of

Image for PHP with MySQL Essential Training
PHP with MySQL Essential Training

131 video lessons · 39096 viewers

Kevin Skoglund
Author

 
Expand all | Collapse all
  1. 4m 8s
    1. Welcome
      1m 0s
    2. Using the exercise files
      3m 8s
  2. 15m 6s
    1. What is PHP?
      3m 52s
    2. The history of PHP
      2m 51s
    3. Why choose PHP?
      4m 10s
    4. Installation overview
      4m 13s
  3. 54m 53s
    1. Overview
      2m 33s
    2. Working with Apache Web Server
      6m 56s
    3. Changing the document root
      7m 24s
    4. Enabling PHP
      6m 16s
    5. Upgrading PHP
      3m 30s
    6. Configuring PHP
      10m 3s
    7. Installing MySQL
      5m 46s
    8. Configuring MySQL
      7m 24s
    9. Text editor
      5m 1s
  4. 31m 25s
    1. Overview
      3m 27s
    2. Installing WampServer
      5m 46s
    3. Finding the document root
      2m 24s
    4. Configuring PHP
      8m 12s
    5. Configuring MySQL
      5m 45s
    6. Text editor
      5m 51s
  5. 19m 12s
    1. Embedding PHP code on a page
      6m 43s
    2. Outputting dynamic text
      5m 55s
    3. The operational trail
      2m 27s
    4. Inserting code comments
      4m 7s
  6. 1h 18m
    1. Variables
      7m 50s
    2. Strings
      4m 38s
    3. String functions
      8m 54s
    4. Numbers part one: Integers
      6m 27s
    5. Numbers part two: Floating points
      5m 25s
    6. Arrays
      10m 0s
    7. Associative arrays
      6m 37s
    8. Array functions
      6m 33s
    9. Booleans
      3m 50s
    10. NULL and empty
      5m 15s
    11. Type juggling and casting
      8m 27s
    12. Constants
      4m 43s
  7. 27m 37s
    1. If statements
      6m 0s
    2. Else and elseif statements
      4m 16s
    3. Logical operators
      7m 30s
    4. Switch statements
      9m 51s
  8. 42m 15s
    1. While loops
      8m 41s
    2. For loops
      5m 59s
    3. Foreach loops
      8m 16s
    4. Continue
      8m 28s
    5. Break
      4m 8s
    6. Understanding array pointers
      6m 43s
  9. 37m 25s
    1. Defining functions
      8m 25s
    2. Function arguments
      5m 32s
    3. Returning values from a function
      7m 33s
    4. Multiple return values
      4m 53s
    5. Scope and global variables
      6m 2s
    6. Setting default argument values
      5m 0s
  10. 20m 18s
    1. Common problems
      3m 47s
    2. Warnings and errors
      8m 36s
    3. Debugging and troubleshooting
      7m 55s
  11. 57m 57s
    1. Links and URLs
      5m 33s
    2. Using GET values
      5m 35s
    3. Encoding GET values
      8m 41s
    4. Encoding for HTML
      9m 26s
    5. Including and requiring files
      7m 40s
    6. Modifying headers
      6m 45s
    7. Page redirection
      6m 43s
    8. Output buffering
      7m 34s
  12. 1h 3m
    1. Building forms
      7m 28s
    2. Detecting form submissions
      5m 59s
    3. Single-page form processing
      7m 57s
    4. Validating form values
      10m 40s
    5. Problems with validation logic
      9m 54s
    6. Displaying validation errors
      7m 23s
    7. Custom validation functions
      6m 28s
    8. Single-page form with validations
      7m 25s
  13. 28m 5s
    1. Working with cookies
      2m 49s
    2. Setting cookie values
      5m 55s
    3. Reading cookie values
      6m 1s
    4. Unsetting cookie values
      4m 51s
    5. Working with sessions
      8m 29s
  14. 48m 39s
    1. MySQL introduction
      6m 43s
    2. Creating a database
      7m 41s
    3. Creating a database table
      7m 42s
    4. CRUD in MySQL
      5m 48s
    5. Populating a MySQL database
      7m 32s
    6. Relational database tables
      6m 40s
    7. Populating the relational table
      6m 33s
  15. 56m 4s
    1. Database APIs in PHP
      4m 51s
    2. Connecting to MySQL with PHP
      7m 45s
    3. Retrieving data from MySQL
      8m 47s
    4. Working with retrieved data
      6m 12s
    5. Creating records with PHP
      6m 58s
    6. Updating and deleting records with PHP
      9m 6s
    7. SQL injection
      3m 5s
    8. Escaping strings for MySQL
      6m 45s
    9. Introducing prepared statements
      2m 35s
  16. 35m 58s
    1. Blueprinting the application
      7m 19s
    2. Building the CMS database
      5m 14s
    3. Establishing your work area
      4m 38s
    4. Creating and styling the first page
      4m 22s
    5. Making page assets reusable
      6m 36s
    6. Connecting the application to the database
      7m 49s
  17. 32m 49s
    1. Adding pages to the navigation subjects
      5m 58s
    2. Refactoring the navigation
      6m 7s
    3. Selecting pages from the navigation
      6m 2s
    4. Highlighting the current page
      5m 26s
    5. Moving the navigation to a function
      9m 16s
  18. 1h 45m
    1. Finding a subject in the database
      9m 48s
    2. Refactoring the page selection
      10m 52s
    3. Creating a new subject form
      6m 55s
    4. Processing form values and adding subjects
      11m 20s
    5. Passing data in the session
      9m 16s
    6. Validating form values
      9m 40s
    7. Creating an edit subject form
      8m 30s
    8. Using single-page submission
      7m 44s
    9. Deleting a subject
      9m 44s
    10. Cleaning up
      10m 37s
    11. Assignment: Pages CRUD
      4m 30s
    12. Assignment results: Pages CRUD
      6m 10s
  19. 39m 26s
    1. The public appearance
      8m 52s
    2. Using a context for conditional code
      11m 37s
    3. Adding a default subject behavior
      6m 9s
    4. The public content area
      5m 51s
    5. Protecting page visibility
      6m 57s
  20. 1h 3m
    1. User authentication overview
      4m 3s
    2. Admin CRUD
      8m 41s
    3. Encrypting passwords
      7m 26s
    4. Salting passwords
      5m 42s
    5. Adding password encryption to CMS
      11m 54s
    6. New PHP password functions
      3m 13s
    7. Creating a login system
      11m 28s
    8. Checking for authorization
      5m 48s
    9. Creating a logout page
      5m 40s
  21. 2m 4s
    1. Next steps
      2m 4s

Start learning today

Get unlimited access to all courses for just $25/month.

Become a member
Sometimes @lynda teaches me how to use a program and sometimes Lynda.com changes my life forever. @JosefShutter
@lynda lynda.com is an absolute life saver when it comes to learning todays software. Definitely recommend it! #higherlearning @Michael_Caraway
@lynda The best thing online! Your database of courses is great! To the mark and very helpful. Thanks! @ru22more
Got to create something yesterday I never thought I could do. #thanks @lynda @Ngventurella
I really do love @lynda as a learning platform. Never stop learning and developing, it’s probably our greatest gift as a species! @soundslikedavid
@lynda just subscribed to lynda.com all I can say its brilliant join now trust me @ButchSamurai
@lynda is an awesome resource. The membership is priceless if you take advantage of it. @diabetic_techie
One of the best decision I made this year. Buy a 1yr subscription to @lynda @cybercaptive
guys lynda.com (@lynda) is the best. So far I’ve learned Java, principles of OO programming, and now learning about MS project @lucasmitchell
Signed back up to @lynda dot com. I’ve missed it!! Proper geeking out right now! #timetolearn #geek @JayGodbold
Share a link to this course

What are exercise files?

Exercise files are the same files the author uses in the course. Save time by downloading the author's files instead of setting up your own files, and learn by following along with the instructor.

Can I take this course without the exercise files?

Yes! If you decide you would like the exercise files later, you can upgrade to a premium account any time.

Become a member Download sample files See plans and pricing

Please wait... please wait ...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ .

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed PHP with MySQL Essential Training.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member ?

Become a member to like this course.

Join today and get unlimited access to the entire library of video courses.

Get started

Already a member?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferences from the dropdown menu.

Continue to classic layout Stay on new layout
Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Learn more, save more. Upgrade today!

Get our Annual Premium Membership at our best savings yet.

Upgrade to our Annual Premium Membership today and get even more value from your lynda.com subscription:

“In a way, I feel like you are rooting for me. Like you are really invested in my experience, and want me to get as much out of these courses as possible this is the best place to start on your journey to learning new material.”— Nadine H.

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.