How to Create Login Page in PHP/MySQL using PDO Query

Submitted by argie on Saturday, November 23, 2013 - 17:46.
Yesterday I posted a tutorial on how to create a registration page using PHP/MySQL with PDO Query. To make some follow up with my registration page tutorial, I decided to create another tutorial on how to create a login page using PHP/MySQL with PDO Query Also. in this tutorial you will also learn how to use php server side validation and how to add filter in PDO Query. Username: admin Password: admin To start this tutorial let’s follow the steps bellow.

Creating Our Database

First we are going to create our database which stores our data. To create a database: 1. Open phpmyadmin 2. Then create database and name it as "pdo_ret". 3. After creating a database name, click the SQL and paste the following code. 
  1. CREATE TABLE IF NOT EXISTS `users` (
  2.   `id` int(11) NOT NULL AUTO_INCREMENT,
  3.   `username` varchar(100) NOT NULL,
  4.   `password` varchar(100) NOT NULL,
  5.   PRIMARY KEY (`id`)
  6. ) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;

Creating Our Form

Next step is to create a form and save it as index.php. This file include the login form and the script that display the error generated by the server. 
  1. <?php
  2. session_start();
  3. ?>
  4. <?php
  5. if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
  6. 	echo '<ul style="padding:0; color:red;">';
  7. 	foreach($_SESSION['ERRMSG_ARR'] as $msg) {
  8. 		echo '<li>',$msg,'</li>'; 
  9. 	}
  10. 	echo '</ul>';
  11. 	unset($_SESSION['ERRMSG_ARR']);
  12. }
  13. ?>
  14. <form action="reg.php" method="POST">
  15. Username<br>
  16. <input type="text" name="uname" /><br>
  17. Password<br>
  18. <input type="password" name="pword" /><br>
  19. <input type="submit" value="Login" />
  20. </form>

Writing Our Login Script

Next step is to create our login script that validates our input data and save it as "reg.php". 
  1. <?php
  2. session_start();
  3. $errmsg_arr = array();
  4. $errflag = false;
  5. // configuration
  6. $dbhost 	= "localhost";
  7. $dbname		= "pdo_ret";
  8. $dbuser		= "root";
  9. $dbpass		= "";
  10.  
  11. // database connection
  12. $conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
  13.  
  14. // new data
  15.  
  16. $user = $_POST['uname'];
  17. $password = $_POST['pword'];
  18.  
  19. if($user == '') {
  20. 	$errmsg_arr[] = 'You must enter your Username';
  21. 	$errflag = true;
  22. }
  23. if($password == '') {
  24. 	$errmsg_arr[] = 'You must enter your Password';
  25. 	$errflag = true;
  26. }
  27.  
  28. // query
  29. $result = $conn->prepare("SELECT * FROM users WHERE username= :hjhjhjh AND password= :asas");
  30. $result->bindParam(':hjhjhjh', $user);
  31. $result->bindParam(':asas', $password);
  32. $result->execute();
  33. $rows = $result->fetch(PDO::FETCH_NUM);
  34. if($rows > 0) {
  35. header("location: home.php");
  36. }
  37. else{
  38. 	$errmsg_arr[] = 'Username and Password are not found';
  39. 	$errflag = true;
  40. }
  41. if($errflag) {
  42. 	$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
  43. 	session_write_close();
  44. 	header("location: index.php");
  45. 	exit();
  46. }
  47.  
  48. ?>

Creating Our Home page

Next step is to create a homepage and save it as "home.php". This is the landing page after you successfully login to our system. 
  1. <div style="text-align:center;margin-top:50px;font-family:arial;font-size:20px;">
  2. 	Congrats!<br>
  3. 	You've Benn Successfully Entered<br>
  4. 	In The<br>
  5. 	System<br>
  6. </div>
That’s all you have already created your login page with server side validation and PDO query. Hope this code will help you, see you guys in my next tutorial.

Tags

Comments

Submitted bydd (not verified)on Tue, 01/14/2014 - 02:46

$result->bindParam(':hjhjhjh', $user); $result->bindParam(':asas', $password); Why dud you have :hjhjhjh and :asas? Wouldn't it just be the value of whatever is entered by the user for their username and password??
Submitted byRaz3rt (not verified)on Thu, 01/30/2014 - 21:47

It is much safer for injection to prepare the select query and bind the variables You can also write it this way (its like you prefer) $result = $conn->prepare("SELECT * FROM users WHERE username= ? AND password= ?"); $result->bindParam(1, $user); $result->bindParam(2, $password); $result->execute(); Where 1 stands for the first question mark and 2 for the second question mark. Hope this helped!
Submitted bychristelle (not verified)on Wed, 05/28/2014 - 23:32

I used all you files but when I click on the submit button nothing happens
Submitted byRyanb58 (not verified)on Tue, 06/24/2014 - 05:26

Nice post, helped me explain to a friend the logic behind a membership based website. Thank you.
Submitted byJoe Koder (not verified)on Sat, 11/22/2014 - 06:44

The error checks should come before you make the query. The way you have it, a query is run before you even check if a username and password was entered.
Submitted byXAVIJUNIOR (not verified)on Mon, 01/25/2016 - 22:21

THANK YOU VERY VERY MUCH !! YOU SAVE MY LIFE WITH YOU LAST SCRIPT //QUERY I SEARCHED THE SOLUTION DURING 4HOURS AND NOW YOU SAVE ME !! THANKS A LOT !

Add new comment

About text formats