In this section, I will guide you how to create a login.php file which is used for user sign in the site. This file is not much different from the signup.php file. So, it will not be so difficult for you to understand if you have already read the previous sections.


  require_once 'header.php';
  echo "<div class='main'><h3>Please enter your details to log in</h3>";
  $error = $user = $pass = "";

  if (isset($_POST['user']) && isset($_POST['pass']))
         $user = sanitizeString($_POST['user']);
         $pass = sanitizeString($_POST['pass']);
         $salt1    = "qm&h*";
         $salt2    = "pg!@";
         $token    = hash('ripemd128', "$salt1$pass$salt2");
         $token    = substr($token, 0,16);

    if ($user == "" || $pass == "")
       $error = "<span class='error'>Not all fields were entered</span><br><br>";

      $result = queryMySQL("SELECT * FROM members WHERE user='$user'");

      if ($result->num_rows == 0)
        $error = "<span class='error'>Username/Password
         $row = $result->fetch_array(MYSQLI_NUM);
        if ($token == $row[1]) {
        $_SESSION['user'] = $user;
        $_SESSION['pass'] = $pass;

        die("You are now logged in. Please <a href='members.php?view=$user'>" .
            "click here</a> to continue.<br><br>"); 
        else  $error = "<span class='error'>Username/Password
  echo <<<_END
    <form method='post' action='login.php'>$error
    <span class='fieldname'>Username</span><input type='text'
      maxlength='16' name='user' value='$user'><br>
    <span class='fieldname'>Password</span><input type='password'
      maxlength='16' name='pass' value='$pass'>
    <span class='fieldname'>&nbsp;</span>
    <input type='submit' value='Login'>

  Like the sign-up page, it features a simple HTML form and some basic error checking, as well as using  sanitizeString  before querying the MySQL database.

  The main thing to note here is that, upon successful verification of the username and password, the session variables user and pass are given the username and password values. As long as the current session remains active, these variables will be accessible by all the programs in the project, allowing them to automatically provide access to logged-in users.

  One thing we need to consider is that we repeated hashing the password as the same way we did in the signup.php file and checked to see whether hashed password ($token with fixed length:16) is matched with the value which was stored in the database or not. If it is matched we start the new sessions with username and password that the user has just typed to login the site. Otherwise an error message will be displayed “Username/Password invalid” as below:

failed login window

Fig 1. Failed login.

 You may be interested in the use of the die function upon successfully logging in. This is there because it combines an echo and an exit command in one, thus saving a line of code. For styling, this (and most of the files) applies the class main to indent the content from the left-hand edge.

  When you successfully login the site, it should look like Figure 2.

Fig. 2. Successful login.


     In this section, I helped you build the login.php file used for user to login the site. In the next section I will help you to create the profile.php file. I hope that you can find some useful information in this section.

 * Ref:


close slider

    BusinessE-commerce/ Online storeNon-profitPersonal websiteI'm not sureOther

    Create a new websiteOverhaul of my websiteMinor changes to my websiteOther

    Help customer find my business onlineSell my product or service and take payments onlineSell my product or service, taking payments offlineProvide information to the publicOther

    ASAPIn the next few weeksIn the next monthIn the next 2-3 monthsI'm not sureOther

    I'm not sureLess than 1 monthUp to 3 monthsUp to 6 monthsOther

    Pin It on Pinterest