After toying around with many scripts, I have finally gotten a login script to work. (Note this code was taken from several different websites and modified to work for myself and my students). So here are the directions to create a login/password page to protect your webpages.
1. You need to create a table in a database that includes the columns: username and password. This is the first step and I am assuming you have done this.
2. Create a form in html. Here is my form code. I call this page “login.html”
<html>
<body>
<form action=”login.php” method=”post”>
<p>username
<input type=”text” name=”username” id=”username”>
</p>
<p>password
<input type=”password” name=”password” id=”password”>
</p>
<p>
<input type=”submit”>
</p>
</form>
</body>
</html>
3. Next I create a login script that tests if the login is correct or not. If correct, it logs the user in. I call this page “login.php”. Please note that the 4 words in ALL caps need to be changed to match your information.
<?php
mysql_connect(“SERVERPATHUSUALLYLOCALHOST”, “YOURUSERNAME”,
“YOURPASSWORD”);
mysql_select_db(“YOURDATABASENAME”);
$myusername=$_POST[‘username’];
$mypassword=$_POST[‘password’];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$mysql = “SELECT * FROM members WHERE username=’$myusername’ and password=’$mypassword’ “;
$result = mysql_query($mysql) or die(“cannot execute query”);
$count = mysql_num_rows($result);
if($count==1)
{
session_register(‘username’);
header(“location:home.php”); // put your home page neme here
}
else
echo “login fail – please click here to <a href=\”login.html\”>login</a>”;
?>
4. Next I create a welcome page once they have logged in. I call this “home.php”
<?php
session_start();
if(!$_SESSION[‘username’]) {
header(“location:login.php”);
}
?>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml”>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=UTF-8″ />
<title>Untitled Document</title>
</head>
<body>
<p>congrats you have logged in</p>
<p><a href=”test.php”>Check out test page both logged in and out</a></p>
<p><a href=”logout.php”>logout </a></p>
</body>
</html>
5. I then create a test page so you can play around with this once uploaded online. I call this “test.php”
<?php
session_start();
if(!$_SESSION[‘username’]) {
header(“location:login.php”);
}
?>
<?php
echo “you logged in as “.$username;
?>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml”>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=UTF-8″ />
<title>Untitled Document</title>
</head>
<body>
<p> </p>
<p> </p>
<p> </p>
<p>This is a test page so that you can see what happens on pages when users are logged in or out.</p>
<p> </p>
<p><a href=”logout.php”>logout</a></p>
</body>
</html>
6. Finally I create a logout page. This logs the user out. I call this “logout.php”
<?php
session_start();
session_destroy();
echo “successfuly logout”;
?>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml”>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=UTF-8″ />
<title>Untitled Document</title>
</head>
<body>
<p>you have logged out</p>
<p> </p>
<p> <a href=”loginform.html”>log back in </a></p>
<p>visit <a href=”test.php”>test </a>page – you should not have access now and should be redirected to login screen.</p>
</body>
</html>
7. Now for every page on your site that you want to be pass protected, put this script at the very top. This script will check if the user is logged in. If logged in they can access the page. Otherwise they will be directed to the login/register page:
<?php
session_start();
if(!$_SESSION[‘username’]) {
header(“location:login.php”);
}
?>
8. You will probably need to create a form that lets people register but that is for another tutorial.