Creating a Very Simple 1 Username/Password Login in PHP

Creating a very simple 1 username/password login in php

Your code could look more like:

<?php
session_start();
$errorMsg = "";
$validUser = $_SESSION["login"] === true;
if(isset($_POST["sub"])) {
  $validUser = $_POST["username"] == "admin" && $_POST["password"] == "password";
  if(!$validUser) $errorMsg = "Invalid username or password.";
  else $_SESSION["login"] = true;
}
if($validUser) {
   header("Location: /login-success.php"); die();
}
?>
<!DOCTYPE html>
<html>
<head>
  <meta http-equiv="content-type" content="text/html;charset=utf-8" />
  <title>Login</title>
</head>
<body>
  <form name="input" action="" method="post">
    <label for="username">Username:</label><input type="text" value="<?= $_POST["username"] ?>" id="username" name="username" />
    <label for="password">Password:</label><input type="password" value="" id="password" name="password" />
    <div class="error"><?= $errorMsg ?></div>
    <input type="submit" value="Home" name="sub" />
  </form>
</body>
</html>

Now, when the page is redirected based on the header('LOCATION:wherever.php), put session_start() at the top of the page and test to make sure $_SESSION['login'] === true. Remember that == would be true if $_SESSION['login'] == 1 as well.
Of course, this is a bad idea for security reasons, but my example may teach you a different way of using PHP.

How to create a very simple username - password login in PHP?

1, You're missing session_start() in index.php. Add it and you should be able to see 'Hello world'

2, Replace your line with "Access granted!" with a redirect:

header('Location: index.php');
exit;

3, You can definitely store credentials in a cookie, but you should always hash and salt the password. Here is a good article about password hashing.

PHP Session using only a single PASSWORD field (no username)?

HTML:

<form action='login.php' method="post">
  Password: <input type="password" name="password">
</form>

Login.php

<?php
// this password may come from any source.
// it's a variable for the sake of simplicity

$password = 'verySecretStuff';

if($_POST['password'] == $password){
  //handle login
}else{
  // handle no login
}
?>

Creating a basic user login

Your main problem is the incorrect operator =! in index.php -- the correct use is != for "does not equal". See more: http://php.net/manual/en/language.operators.comparison.php

You can clean up your login.php file a bit:

login.php

session_start();
$redirect = false;
if($_SESSION['login'] == true) {
    $redirect = true;
} elseif (
    isset($_POST['username']) && 
    $_POST['username'] == 'username' && 
    $_POST['pass'] == 'password'
){
    $_SESSION['login'] = true;
    $redirect = true;
}
if ($redirect) {
    header("location:http://www.mydomain.com/index.php");
    die();
}

Your login form is fine, except where you use : for properties. All HTML element properties are name="value" -- note the equal sign. So your form:

<form action="login.php" method="post">

You have it correct in your logout form.

One of your goals is to reduce the amount of code you use. So if you're going to do the same thing many times, you should try to isolate that piece of code as a class, a function, or simply in another file that you include. To that end, you could put your check for login in a separate file:

security.php

session_start();
if(!isset($_SESSION['login']) || $_SESSION['login'] !== true) {
    header('location:http://www.mydomain.com/login.php');
    die();
}

... then use require_once to pull that in on any page where you require the user to be logged in:

index.php

require_once('security.php');
// the rest of your index.php code here

Documentation

• PHP comparison operators: http://php.net/manual/en/language.operators.comparison.php
• require_once - http://php.net/manual/en/function.require-once.php
• Some basic tips for code reuse - http://www.techrepublic.com/article/10-tips-for-php-scripts-reuse-code-with-the-include-and-require-functions/5077715

How to create a simple login in php using mySQL

First of all, don't use the mysql_ function. They are deprecated and are removed in PHP7. Use PDO or mysqli instead.
Use a hash for the passwords. It's not safe to store them in DB like that. Have a look at password_hash()

Also escape the values, because you are vulnerable for mysql injections now. Escape them with mysql_real_escape_string(). However, this is still deprecated so better use mysqli_real_escape_string(), but to use this you have to use mysqli_ functions for everything :)

You are forgetting to get the num_rows :)

$sql = "SELECT * FROM `users` WHERE `Username` = '$username' AND `Password` = '$password'";
$result = mysql_query($sql);
$num_rows = mysql_num_rows($result);

if($num_rows != 1) {
    echo "Invalid login";   
} else {
    header("Location:main.php");
}

Simple and efficient Login mechanism using PHP and database

This is how it should be done with more modern standards:

$db = new PDO('mysql:host='.$database_host.';dbname='.$database_name.';charset=utf8', $database_user, $database_password);

$stmt = $db->prepare("SELECT id FROM users WHERE username=? AND password=?");
$stmt->execute([$_POST['username'], $_POST['password']]);

$user = $stmt->fetch(); // Or fetchColumn() to get just the id

if($user) { 
    // Login
} else {
    // The user doesn't exist or the password is wrong
}

---

Related Topics