Introduction
One of the most popular uses of PHP is to secure acess to various portions of a website based on a user's login name and password. This is a failry simple thing to do and in this tutorial I will show you how to construct a PHP login form using the functions in php login form script.
Main
The first step to building a simple user authentication system is to create the table in your database that stores the login information. In this script we use one mysql table called"'logins", and the login name and password fields are stored in a hashed (md5) and encrypted state for security reasons. The function that issues the SQL command to create this table looks like this:
function MakeTableLogins($database, $host, $db_user, $db_pass) {//create the logins table
$linkID = mysql_connect($host, $db_user, $db_pass);
mysql_select_db($database, $linkID);
mysql_query("create table logins (user char(32), pasword char(32))", $linkID);
}
This should be called by passing the name of the database, database server host and the username password for that database server.
We only use one way encryption because our script never needs to know the actual plaintext of the username or password, its only must decide if the supplied information matches the information from the table. This is done by performing the same hash/encrypt routine on the inputted data and then comparing those values to the database. The function this script uses to return the encrypted data looks like this:
function Encrypt($string) {//hash then encrypt a string
$crypted = crypt(md5($string), md5($string));
return $crypted;
}
The next thing our script will have to be able to do is to add the requried users records to the table. We cannot do this by hand because the data is encrypted so there is a function that handles this also:
function AddUser($database, $host, $db_user, $db_pass, $username, $password) { //add user to table logins
$linkID = mysql_connect($host, $db_user, $db_pass);
mysql_select_db($database, $linkID);
$password = encrypt($password);
$username = encrypt($username);
mysql_query("insert into logins values ('$username', '$password')", $linkID);
}
The next and final piece to our script is the actual login function. This function is passed arguments of the database login information, and the username and password the user supplied. The function returns true if the user information matches the data in the table exactly and false if they do no match.
function Login($database, $host, $db_user, $db_pass, $user, $password) { //attempt to login false if invalid true if correct
$auth = false;
$user = Encrypt($user);
$linkID = mysql_connect($host, $db_user, $db_pass);
mysql_select_db("$database", $linkID);
$result = mysql_query("select password from logins where user = '$user'", $linkID);
$pass = mysql_fetch_row($result);
mysql_close($linkID);
if ($pass[0] === (Encrypt($password))) {
$auth = true;
}
return $auth;
}
References
This article is taken from:
http://www.stargeek.com/php_login_tutorial.php