Here is simple guide to create login page. About design, you can create one as you like using html. This is simple design that i created to demonstrate how login page works. You can use just two text-boxes and submit button, that is all.
Make sure that your text-boxes and submit button are inside the "Form" which uses method field and action field as shown below.
<Form name="Form1" method="post" action="login.php"> ...When you hit login or submit button, all data which are inside this form will be thrown to login.php.
And they won't appear in address bar. Because method is post.
Now the main part of login page that accepts username and password as key words to check whether user exists or not. If user exists then show corresponding page or give an error.
$link = mysql_connect('host_name', 'user_name', 'pass') or die (mysql_error());
Attempts to open a connection to a MySql server. If fails immediately terminates entire source code that written below this code and gives error messege. If successfully opens then returns Mysql link identifier.In this case host_name would be the server name, in which MySQL server is running on.
user_name and pass should be privileged user's identification.
You will find more detailed explanation here:
mysql_connect[^]
mysql_select_db("db_name", $link);Selects database based on your specified link identifier. Every subsequent call to mysql_query() will be made on the active (selected) database
You will find more detailed explanation here:
mysql_select_db[^]
$q_user = mysql_query("select * from users where uname='".$_POST['username']."' and password= password('".$_POST['pass']."') limit 1") or die(mysql_error());
Based on username and password, it returns a row on success. If either username or password doesn't match then it returns empty row. In this case "users" is the table which stores data related to users.uname and pass are fields that stores user's name and password.
$_POST - way of receiving data from html form. If form sent data through post method then data will be received in this way. If form sent data through get method then receiver will be $_GET
Be careful, every single comma or dot could cause you big trouble.
You will find more detailed explanation here:
if(mysql_num_rows($q_user) > 0) { $_SESSION['user_logged_in'] = mysql_result($q_user,"user_id"); header("Location: admin.php"); }else header("Location: index.php?errmsg=0");If user doesn't exist then $q_user should be 0, if this is the case we don't allow him to enter admin page or whatever it is. We just redirect him to index page with error message. As you can see last line of code takes care of it.
If user do exist then we create a session, named "user_logged_in" which will be useful later and redirect him into admin page.
user_id - one of fields of users table. It could be any field that exists in your table.
You will find more detailed explanation here:
mysql_result[^]
Put them together :
$link = mysql_connect('host_name', 'user_name', 'pass') or die (mysql_error()); mysql_select_db("db_name", $link); $q_user = mysql_query("select * from users where username='".$_POST['username']."' and password= password('".$_POST['pass']."') limit 1") or die(mysql_error()); if(mysql_num_rows($q_user) > 0) { $_SESSION['user_logged_in'] = mysql_result($q_user,"user_id"); header("Location: admin.php"); }else header("Location: index.php?errmsg=0");
Good luck.
Dido: Tnk you very much
ReplyDelete@Dido, welcome
ReplyDelete