PHP Login Script with Session

In this tutorial, let us see how we can implement authentication using a standard login form with session handling. Most of the website will have login script to provide user authentication. I will present you an example PHP code to implement authentication using a login script. With authentication, we can protect our website by filtering genuine users.

There are different ways to implement authentication and the most popular way is to using the login form and authenticate based on a username and respective password. Recently authentication using dynamically generated OTP is also becoming a norm and we will see about it in a coming tutorial.

In this tutorial, we are storing authentication credentials in a database. We will show a login form to enter login credentials. We compare the entered data against the user database. If match found, then the user is considered as authenticated. We use PHP session to preserve the logged-in state of the authenticated users. In previous tutorials, we have already seen about login via form submit and also via AJAX call.

PHP Login Sessions

We let the user submit their login credentials on a form and compare it with the user’s database. If a match is found, then we authenticate the user and store their logged in status by using the $_SESSION “super global”. For example, $_SESSION[“member_id”], $_SESSION[“display_name”]. This logged-in status will be preserved until the user logout. Once the user clicked the logout link, we clear his session by using PHP unset().

User Login Interface

First, we need to create login interface to allow the user to submit authentication information. It shows the username and password input fields in a form. On submitting this form, we post the values to PHP. The HTML and CSS code is as follows.

<form action="" method="post" id="frmLogin">
	<div class="error-message"><?php if(isset($message)) { echo $message; } ?></div>	
	<div class="field-group">
		<div><label for="login">Username</label></div>
		<div><input name="user_name" type="text" class="input-field"></div>
	</div>
	<div class="field-group">
		<div><label for="password">Password</label></div>
		<div><input name="password" type="password" class="input-field"> </div>
	</div>
	<div class="field-group">
		<div><input type="submit" name="login" value="Login" class="form-submit-button"></span></div>
	</div>       
</form>

and the styles are,

#frmLogin { 
	padding: 20px 60px;
	background: #B6E0FF;
	color: #555;
	display: inline-block;
	border-radius: 4px; 
}
.field-group { 
	margin:15px 0px; 
}
.input-field {
	padding: 8px;width: 200px;
	border: #A3C3E7 1px solid;
	border-radius: 4px; 
}
.form-submit-button {
	background: #65C370;
	border: 0;
	padding: 8px 20px;
	border-radius: 4px;
	color: #FFF;
	text-transform: uppercase; 
}
.member-dashboard {
	padding: 40px;
	background: #D2EDD5;
	color: #555;
	border-radius: 4px;
	display: inline-block;
	text-align:center; 
}
.logout-button {
	color: #09F;
	text-decoration: none;
	background: none;
	border: none;
	padding: 0px;
	cursor: pointer;
}
.error-message {
	text-align:center;
	color:#FF0000;
}
.demo-content label{
	width:auto;
}

PHP Login Script

We receive login form data in a PHP page as the post requests. In this script, we generate a SELECT query to validate user data with the database. If the user is authenticated successfully, then we add user logged-in status in a session and show a success message with the logout option to the user. The PHP login script is,

<?php
session_start();
$conn = mysqli_connect("localhost","root","","phppot_examples");
	
$message="";
if(!empty($_POST["login"])) {
	$result = mysqli_query($conn,"SELECT * FROM users WHERE user_name='" . $_POST["user_name"] . "' and password = '". $_POST["password"]."'");
	$row  = mysqli_fetch_array($result);
	if(is_array($row)) {
	$_SESSION["user_id"] = $row['user_id'];
	} else {
	$message = "Invalid Username or Password!";
	}
}
?>

We can add this code on the same page above the HTML content or we can save it as an individual PHP file like login.php and add it to form action.

The code to show success message to the user is in the else part and the code is,

<?php 
} else { 
$result = mysqlI_query($conn,"SELECT * FROM users WHERE user_id='" . $_SESSION["phppot_demopage_459_user_id"] . "'");
$row  = mysqli_fetch_array($result);
?>
<form action="" method="post" id="frmLogout">
<div class="member-dashboard">Welcome <?php echo ucwords($row['display_name']); ?>, You have successfully logged in!<br>
Click to <input type="submit" name="logout" value="Logout" class="logout-button">.</div>
</form>
</div>
</div>
<?php } ?>

The “welcome message” will be displayed with the logged in user by their name and a link to logout to clear user login session.

And the code to logout is,

<?php
if(!empty($_POST["logout"])) {
	$_SESSION["user_id"] = "";
	session_destroy();
}
?>

Download

This PHP code tutorial was published on July 22, 2013.

↑ Back to Top