How To Login With A Username Via Form Using PHP Sessions

This topic has 6 replies, 1 voice, and was last updated 7 years, 8 months ago by Adan.

How to Login with a username via form using PHP sessions

RenaldoL25 Member November 29, 2016 at 3:21 pm

Basically, I’m really struggling with my code right now.

I need to login with a username via a form using PHP sessions, which will then be shown on the page after you login.

#11238
Amit Member November 29, 2016 at 3:22 pm

I don’t really have any atm as I’ve been trying loads of different stuff.

Here’s what I’m basing it around on the first page:

I also have a form on the same page, and then I need to print the username on another page

#11239
Adan Member November 29, 2016 at 3:22 pm

“Login” usually means there’s a password (or rather, one-way-encoded password, like a hash) that get’s compared to user provided password (or rather, the userpass gets to be encoded using the same algorithm, and then compared).

So:
– HTML form sends data to the server
– PHP gets the data as POST
– you get the username and search if there is actually a user with that name,
– if not – error out with “no username or password wrong” – usually you don’t want to giveaway that the provided username is valid
– if so – you extract (from database?) some basic details, amongst that there’s encoded pass *
– you encode provided password using the same algorithm used at registration
– you compare the two and if their different you error out
– if pwd is valid, you set some session variables and show success page

on whatever other page you just start session and see if your session variables are set – if so, the user was logged in. Of course then you can add validation, maybe the user had different IP, browser/special cookie last request? If so, it’s possible (but not surely!) that it’s a session hijack taking place. But you can read about that on your own. Wink

*) this is actually usually the point were you either get some valid data back, or not, and you know if username is valid. I’ve split it to steps for clarity.

#11240
Gallard Member November 29, 2016 at 3:23 pm
So, I don’t usually provide source code as I prefer to let others do the studying themselves but just provide tips.

I assume you have your HTML code setup, if not, please learn HTML before proceeding to PHP.

Then, one you have your form pointing to the php script you can do:
```
some_other_page.php:
```
Please note this code is untried and untested, so I have no idea if this actually works (been a long time since I did non-OOP PHP).

Hope this helps and use it as a basis for growing your knowledge.
#11241
SapnaVishwas Member November 29, 2016 at 3:25 pm
on top of the page :
```
session_start();
```
then you can read out the username on the same page via :
```
$username=$_POST['username'];
```
and assign it to a session variable :
```
$_SESSION['username']=$username;
```
or read it directly into the session variable :
```
$_SESSION['username']=$_POST['username'];
```
Then, for the entire validity for the session you can pull up the username via :
```
echo $_SESSION['username']; 
```
#11242
Abhey Member November 29, 2016 at 3:25 pm
And when the user logout. you can use following code to destroy or unset the value of the session.
```
session_destroy();
```
#11243

Adan Member November 29, 2016 at 3:26 pm

Have you got this straighten out yet if not here is a small solution to your question:

";
      foreach($message as $key=>$error){
         echo "".$error."";
      }
      echo "
";
   }
   
   //Lets test the login and log user in if the have the correct info otherwise forward them to login form
   //LOGIN:
   if(isset($_POST['login'])){
      $username=$_POST['username'];
      $password=$_POST['password'];
      if(empty($username)){$message[].="username is required to login";}
      if(empty($password)){$message[].="Password is required to login";}
      /*
         FAIL SAFE IN OLDER BROWSERS: if the page is used in newer browsers that support html5, the two above code would never appear because if used the html to rquire fields. In older browser, however, user can submit form without enetering data.
      */
      if($username !==BASIC_USER AND $password !==BASIC_PASS){$message[].="Invalid username or password";
      }else{

      $_SESSION['username']=$username; // successfully logged in.
      }
   }
   
   //We will user a $_GET veriable to logout user.
   //LOGOUT:
   
   if(isset($_GET['logout']) AND $_GET['logout']=="t"){
      unset($_SESSION['username']);
      session_destroy();
      header("location: ?=login");
   }
   
?>




 Saamon's entry






   
       Hello , Welcome to this securecd area of my page
      
       Here is other cool stuff you can do here
       Logout - Yep you can do that too.
      
      
   

   



   
   


    Username:

    

    Password:

#11244

Viewing 6 reply threads

You must be logged in to reply to this topic.

How to Login with a username via form using PHP sessions

Code with C: Your Ultimate Hub for Programming Tutorials, Projects, and Source Codes” is much more than just a website – it’s a vibrant, buzzing hive of coding knowledge and creativity.

Quick Link

Top Categories