Thursday, 17 October 2013

PHP Simple Sign-in Tutorial



This tutorial is about simple sign-in php code for beginners. You can also protect pages from unauthorized persons.
  1. You will learn to make one database table, one form , checking php page, user session page, config page and secret page.
  2. First create a simple form using below code or you can use your own sign in form.
    • <form  method="post" action="CheckLogin.php">
      <input type="email" name="inputEmail"  id="inputEmail" placeholder="Email">
      <input type="password" name="inputPassword" id="inputPassword" placeholder="Password" maxlength="15" minlength="6"  >
      <button type="submit" >Sign in</button>
      </form>
  3. Now you will run below SQL Code to make a simple table in your database.
    • CREATE TABLE IF NOT EXISTS `members` (
      `id` int(4) NOT NULL AUTO_INCREMENT,
      `name` varchar(65) NOT NULL DEFAULT '',
      `email` varchar(65) NOT NULL DEFAULT '',
      `password` varchar(65) NOT NULL DEFAULT '',
      `Type` varchar(10) NOT NULL,
      PRIMARY KEY (`id`)
      ) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
  4. Now its time to connect to the database, so we will make database connection file config.php
    • <?php
      $con = mysql_connect("localhost","root","yourpaswword");
      if (!$con)
      {
      die('Could not connect: ' . mysql_error());
      }
      mysql_select_db("YourDbName", $con);
      ?>
  5. Now when form submitted it will go to CheckLogin.php page and here is code for page.
    • <?php
      // Start Session because we will save some values to session varaible.
      session_start();
      ob_start();
      // include config file for php connection
       include("config.php");
      // memebers table name
      $tbl_name="members";
      // Define $myusername and $mypassword
      $myusername=$_POST['inputEmail']; 
      $mypassword=$_POST['inputPassword']; 
      // To protect MySQL injection
      $myusername = stripslashes($myusername);
      $mypassword = stripslashes($mypassword);
      $myusername = mysql_real_escape_string($myusername);
      $mypassword = mysql_real_escape_string($mypassword);
      below query will check username and password exists in system or not
      $sql="SELECT * FROM $tbl_name WHERE email='$myusername' AND password='$mypassword'";
      $result=mysql_query($sql);
      // Mysql_num_row is used for counting table records
      $count=mysql_num_rows($result);
      // If result matched $myusername and $mypassword, table record must be equal to 1  
      if($count==1)
      {
       $sql2=mysql_query("SELECT Type,email,name FROM $tbl_name WHERE email='$myusername'");
       $row=mysql_fetch_row($sql2);
       $_SESSION[type]=$row[0];
       $_SESSION[myusername]=$row[1];
       $_SESSION[name]=$row[2];
      //Depending on type of user we will redirect to various pages  
       if($row[0] == 'abc')  { header( "location:http://localhost/abc.php");  }
       else if($row[0] == 'xyz')  { header( "location:http://localhost/xyz.php");  }
       else if($row[0] == 'Admin')  { header( "location:http://localhost/admin.php");  }
       else    {   header( "location:http://localhost/index.php");  }
      }
      else
      {
       header("location:http://localhost/index.php");
      }
      ob_end_flush();
      ?>
  6. Now on user pages like abc.php, xyz.php or admin.php your will write below lines on top of the page to make them protected.
    • <?php
      include('UserSession_xyz.php');
      ?>
  7. Below is code for UserSession_xyz.php. you will also make other pages for other users.
    • <?php
      session_start();
      if($_SESSION[type]!='xyz'){
      header('location:index.php');
      exit();
      }
      include('config.php');
      ?>
Above tutorial is very useful for making websites pages secure and make user Sing-In System. You can also use some features of this tutorials. For more information please visit Website: Crewow