Check a username and password against a database record
dalean123
Posted by dalean123
Last Updated: February 14, 2015

<?php
session_start(); //Start your session as the first thing on this page
  //Before you start ensure that output buffering is turned on in the PHP  .ini file
  //Set up database connection using mysql
  define("DB_SERVER", "localhost"); //Your server name
  define("DB_USER", "root"); //Your username
  define("DB_PASS", ""); //Your password
  define("DB_NAME", "test"); //Your database
  
  $connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
  
  if(mysqli_connect_errno()){ //If there was an error while connecting to the database then the script will stop executing and an error will be issued
    die("Database connection failed: ") .
    mysqli_connect_error() . 
    
    "(" . mysqli_connect_errno . ")";
  }
  
  //If connection was successful, then the script will continue its processing
  
  //declare some variables that will be needed in the script
  $errors = array();
  $message = "";
  $username = "";
  $password = "";
  if($_SERVER["REQUEST_METHOD"] == "POST"){
    if(isset($_POST["submit"])){
      $username = trim($_POST["username"]);
      $password = trim($_POST["password"]);
      
      $required = array("username", "password");
      
      function sanitize($username, $password){
        $errors = array(); //Local $errors variable(array)
        if($username === ""){
          $errors["username"] = "Username cannot be blank";
          
        } else{
            if(strlen($username) < 6 || strlen($username) > 25){
            $errors["username"] = "Username must be between 6 and 20 characters";
          }
        }
        if($password === ""){
           $errors["password"] = "Password cannot be blank";
        }else{
            if(strlen($password) < 6 ||strlen($password) > 25){
            $errors["password"] = "Password must be between 6 and 20 characters";
          }
        }
        return $errors;
      } //function delimiter
      
      $errors = sanitize($username, $password);

      if(count($errors) !== 0){
        $message .= "<ul>"; //Opening unorder list tag
        foreach($errors as $field => $value){
          
          $message .= "<li>{$value}</li>";
        }
        $message .= "</ul>"; //Closing unordered list tag

      }else{
        $query = "SELECT * FROM users WHERE username = '$username' LIMIT 1";
        $result = mysqli_query($connection, $query);
        $row = mysqli_num_rows($result);
        if($row === 1){
          $user = mysqli_fetch_assoc($result);
          if($user["username"] == $username && $user["password"] === $password){
            $_SESSION["user"] = $user["username"];
            header("Location: home.php"); //Redirect your user to where ever
          }else{
            $message = "Username and Password does not match";
          }
        }else{
          $message = "That user does not exist";
        }
      }
      
    }
  }
?>
<!DOCTYPE html>
<html>
<head>
  <title>Simple Login page with PHP</title>
  <meta charset="utf-8" />
</head>
<body>
  <h1>Login page with PHP</h1>
  <?php if(isset($message)) { echo $message; } ?>
  <form action="login.php" method = "POST">
    <table>
      <tr>
        <th><label for ="username"></label></th>
        <td><input type = "text" name = "username" id = "username" value = "<?php echo $username; ?>" /></td>
      </tr>
      <tr>
        <th><label for ="password"></label></th>
        <td><input type = "password" name = "password" id = "password" /></td>
      </tr>
      <tr>
        <td><input type = "submit" name = "submit" value = "Login" /></td>
      </tr>
    </table>
  </form>
  <?php mysqli_close($connection); ?>
</body>
</html>
Default Image

mark123 For your queries use prepared statements or stored procedures to protect against security vulnerabilities.

gideonna it's very nice