Introduction:
In this section, I will guide you how to create a login.php file which is used for user sign in the site. This file is not much different from the signup.php file. So, it will not be so difficult for you to understand if you have already read the previous sections.
login.php:
<?php require_once 'header.php'; echo "<div class='main'><h3>Please enter your details to log in</h3>"; $error = $user = $pass = ""; if (isset($_POST['user']) && isset($_POST['pass'])) { $user = sanitizeString($_POST['user']); $pass = sanitizeString($_POST['pass']); $salt1 = "qm&h*"; $salt2 = "pg!@"; $token = hash('ripemd128', "$salt1$pass$salt2"); $token = substr($token, 0,16); if ($user == "" || $pass == "") $error = "<span class='error'>Not all fields were entered</span><br><br>"; else { $result = queryMySQL("SELECT * FROM members WHERE user='$user'"); if ($result->num_rows == 0) { $error = "<span class='error'>Username/Password invalid</span><br><br>"; } else { $row = $result->fetch_array(MYSQLI_NUM); $result->close(); if ($token == $row[1]) { $_SESSION['user'] = $user; $_SESSION['pass'] = $pass; die("You are now logged in. Please <a href='members.php?view=$user'>" . "click here</a> to continue.<br><br>"); } else $error = "<span class='error'>Username/Password invalid</span><br><br>"; } } } echo <<<_END <form method='post' action='login.php'>$error <span class='fieldname'>Username</span><input type='text' maxlength='16' name='user' value='$user'><br> <span class='fieldname'>Password</span><input type='password' maxlength='16' name='pass' value='$pass'> _END; ?> <br> <span class='fieldname'> </span> <input type='submit' value='Login'> </form><br></div> </body> </html>
Like the sign-up page, it features a simple HTML form and some basic error checking, as well as using sanitizeString before querying the MySQL database.
The main thing to note here is that, upon successful verification of the username and password, the session variables user and pass are given the username and password values. As long as the current session remains active, these variables will be accessible by all the programs in the project, allowing them to automatically provide access to logged-in users.
One thing we need to consider is that we repeated hashing the password as the same way we did in the signup.php file and checked to see whether hashed password ($token with fixed length:16) is matched with the value which was stored in the database or not. If it is matched we start the new sessions with username and password that the user has just typed to login the site. Otherwise an error message will be displayed "Username/Password invalid" as below:
Fig 1. Failed login.
You may be interested in the use of the die function upon successfully logging in. This is there because it combines an echo and an exit command in one, thus saving a line of code. For styling, this (and most of the files) applies the class main to indent the content from the left-hand edge.
When you successfully login the site, it should look like Figure 2.
Fig. 2. Successful login.
Conclusion:
In this section, I helped you build the login.php file used for user to login the site. In the next section I will help you to create the profile.php file. I hope that you can find some useful information in this section.
* Ref: