Need to create a Login Form

laflair13 · November 3, 2010, 3:46am

Hey all,

I am trying to put a login form on the front pages (index, contact us, about us) of my site. I want the members to put in username and pass, and when they click submit, it takes them to the /members/ area of the site.

Right now this is how I have the form.

<form method="POST" action="login.php">
<input type="text" name="username">
<input type="password" name="password">
<input type="submit" value="Login">
</form>

I have this, but the members area consist of several pages and not just on location.

if ($_SESSION['authorized'] != true) 
{
    header("Location: login_form.php");	
    exit;
}

Finally, I am going to create a login.php page that has this in it.

$select_user = 
	mysql_query('select * from users where username = "' . 
		$_POST['username'] . '" and password = "' . 
		md5($_POST['password'] . '"'));

if (mysql_num_rows($select_user) != 0) 
{
    session_start();
    session_register('authorized');
    $_SESSION['authorized'] = true;

    header("Location: protected_content.php");
    exit;
} 
else 
{
    header("Location: login_form.php");
    exit;	
}

So My questions are, How can I make it so they can access the entire /members/ area (directory)

and what would I put in the database ‘members’ when I create it. All members are going to use the same username and pass. So there is only need for 1 query for username and 1 for password.

I appreciate anyone help in advance.

LSC_Rob · November 4, 2010, 5:48am

Firstly, before putting this code into production, you will need to read up on SQL injections. http://en.wikipedia.org/wiki/SQL_injection

Now, once you’ve set the session key ‘authorised’ to true, they can access any page in which you check for auth=true. Just link to those pages as you would any other.

All members are going to use the same username and pass.

If this is the case, why bother with a database at all? Just a simple ‘if($user == “user1” AND $pass = “pass123”)’ would suffice.

Unless I’ve totally misread what you meant there…

jwilson122 · November 5, 2010, 7:42pm

your script is prone to SQL injection. You can either create a custom security function, or just stick

mysql_real_escape_string($_POST['username']);

like that For your question though, just do what you did for redirecting to the login page


if ($_SESSION['authorized'] == true) 
{
    echo 'This is the members area! Welcome!!';
}
else
{
   echo 'You need to login to view this page.';
}

Good luck.

Topic		Replies	Views
Create new user form nor redirecting PHP	3	185	February 26, 2010
Very basic login script help PHP	7	680	June 12, 2010
Login Form PHP	4	813	March 3, 2011
Im having problems creating a login script that lets me access a members area PHP	5	978	June 8, 2016
PHP login. Is this secure enough? PHP mysql	20	3615	July 2, 2018

Need to create a Login Form

Related topics