PHP tutorials, PhotoShop Tutorials, CSS, Javascripts, Web Designs for Webmasters

A lot of websites use cookies for logins, Ill teach you how to create the following:
1. Create a register page
2. Create a login page
3. Create a protection file

First things first, we need a mySQL table.

CREATE TABLE `users2` (
`user_id` INT( 11 ) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`username` TEXT NOT NULL ,
`password` TEXT NOT NULL ,
`email` VARCHAR( 100 ) NOT NULL
) TYPE = MYISAM ;

Now, we need a file to have people register on our site,

Create a file called register.php:

<?

$sqlhost = "localhost";
$sqluser = "user";
$sqlpass = "pass";
$sqldb = "forgedtu_forged";

$conn = mysql_connect($sqlhost, $sqluser, $sqlpass);
$sdb = mysql_select_db($sqldb);

switch($_GET['mode']){
default:

?>
<form action="register.php?mode=register" method="POST">
<input type="text" name="username"> :: Username<br>
<input type="password" name="password"> :: Password<br>
<input type="text" name="email"> :: Email<br>
<input type="submit" value="Register">
</form>
<?
break;

case "register";

$query = "SELECT * FROM users2 WHERE username='$username'";
$result = mysql_query($query);
if(mysql_num_rows($result) < 1){
$password = md5($password);
$query = "INSERT INTO users2 VALUES('NULL','$username','$password','$email')";
$result = mysql_query($query);

if(mysql_affected_rows() > 0){
echo "Account created, you may not <a href=\"login.html\">Login</a>";
}
else {
echo mysql_error();
}
}
else {
echo "Username already taken";
}

break;
}
?>

This file will have 2 parts defined by a switch, default part is the HTML form. "register" part is the PHP script to add the user.
It checks to see if the username isn't already taken, and if it isn't, register's the user.

Now we need to have a HTML login page.
create a file called login.html:

<html>

<head>
<title>Login</title>
</head>

<body>
<form action="login2.php" method="POST">
<input type="text" name="username"> :: Username<br>
<input type="password" name="password"> :: Password<br>
<input type="submit" value="Login">
</form>

</body>
</html>

This is just basic HTML, shouldn't need any explaining.
When they submit that form, it will submit the values to the page "login2.php"
Create a file called login2.php:

<?
session_start();

$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysql_query($query);

if(mysql_num_rows($result) > 0){
$cookieValue = mt_rand() ."_$username";
setcookie("login",$cookieValue,time()+3600);
session_register("login");
$_SESSION['login'] = $cookieValue;
header("Location: /");
}
else {
print "Username or password are incorrect";
}

?>

What this does is check to see if the supplied information is ok, if it is. Create a session and set a cookie.
The session and cookie will work together in our next file...

Create a file called sessions.php:

<?

session_start();

if(isset($_COOKIE['login']) && isset($_SESSION['login'])){
if($_COOKIE['login'] == $_SESSION['login']){
$logged = true;
}
else {
$logged = false;
}
}
else {
$logged = false;
}

if(!$logged){
header("Location: login.html");
}

?>

What this does is check to see if the session on the server and the cookie are set. If they aren't, not logged in.

To protect pages with this protection, simply require the file before ANY code.

<?require("sessions.php");?>

Put that on line 1 of your files that you want protected, they also must be a .php file.