This step-by-step tutorial teaches how to create a simple PHP login form using PHP. You can learn more about how to process input in our PHP tutorial. This tutorial demonstrates how to create a login page with MySQL Data base. Before enter into the code part, You would need special privileges to create or insert data in mysql.
here’s an example PHP script for a login page with input validation and checking
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 |
<?php // Start session session_start(); // Define variables and set to empty values $emailErr = $passwordErr = ""; $email = $password = ""; // Function to sanitize input data function sanitize_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } // If form is submitted if ($_SERVER["REQUEST_METHOD"] == "POST") { // Validate email input if (empty($_POST["email"])) { $emailErr = "Email is required"; } else { $email = sanitize_input($_POST["email"]); // Check if email is valid if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $emailErr = "Invalid email format"; } } // Validate password input if (empty($_POST["password"])) { $passwordErr = "Password is required"; } else { $password = sanitize_input($_POST["password"]); } // If no errors, check login credentials if ($emailErr == "" && $passwordErr == "") { // Connect to database (replace placeholders with actual values) $servername = "localhost"; $username = "username"; $password = "password"; $dbname = "myDB"; $conn = mysqli_connect($servername, $username, $password, $dbname); // Check connection if (!$conn) { die("Connection failed: " . mysqli_connect_error()); } // Prepare and bind statement to select data from database $stmt = $conn->prepare("SELECT * FROM users WHERE email = ?"); $stmt->bind_param("s", $email); // Execute statement $stmt->execute(); // Get result $result = $stmt->get_result(); // Check if email exists in database if ($result->num_rows == 1) { // Email exists, check password $row = $result->fetch_assoc(); if (password_verify($password, $row["password"])) { // Password is correct, login successful $_SESSION["user_id"] = $row["id"]; header("Location: dashboard.php"); exit(); } else { // Password is incorrect, display error message $passwordErr = "Incorrect password"; } } else { // Email does not exist, display error message $emailErr = "Email not found"; } // Close statement and connection $stmt->close(); mysqli_close($conn); } } ?> <!-- Display login form with error messages (if any) --> <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> <label for="email">Email:</label> <input type="text" id="email" name="email" value="<?php echo $email;?>"> <span class="error"><?php echo $emailErr;?></span> <br><br> <label for="password">Password:</label> <input type="password" id="password" name="password"> <span class="error"><?php echo $passwordErr;?></span> <br><br> <input type="submit" value="Login"> </form> |
In this script, we first define variables for the email and password inputs, and then use a similar input validation function to sanitize and check the input values for correctness.
If the input validation passes, we then connect to the database and execute a prepared
