facebook google plus twitter
Webucator's Free PHP Tutorial

Lesson: Authentication with PHP and SQL

Welcome to our free PHP tutorial. This tutorial is based on Webucator's Introduction to PHP Training course.

In this lesson, you will learn the basic concept of authentication with PHP.

Lesson Goals

  • Authenticate users with a login form.

A Database-less Login Form

Below is a simple login form that uses a hard-coded username and password.

Code Sample:

Authentication/Demos/SimpleLogin.php
<!DOCTYPE HTML>
<html>
<head>
<meta charset="UTF-8">
<title>Login Page</title>
</head>
<body>
<?php
	require 'Includes/Header.php';

	$email = '';
	if (array_key_exists('LoggingIn',$_POST))
	{
		$email = $_POST['Email'];
		$pw = $_POST['Password'];
		if ($email == 'jwayne@northwind.com' && $pw == 'cowboy')
		{
			echo '<div align="center">Success</div>';
		}
		else
		{
			echo '<div align="center">Login Failed</div>';
			unset($_POST['LoggingIn']);
		}
	}

	if (!array_key_exists('LoggingIn',$_POST))
	{
?>

<div align="center">

	<h2>Log in</h2>
	<form method="post" action="SimpleLogin.php">
	<input type="hidden" name="LoggingIn" value="true">
		<table>
		<tr>
			<td>Email:</td>
			<td><input type="text" name="Email"
					value="<?php echo $email?>" size="25"></td>
		</tr>
		<tr>
			<td>Password:</td>
			<td>
			<input type="password" name="Password" size="10">
			</td>
		</tr>
		<tr>
			<td align="right" colspan="2">
			<input type="submit" value="Log in">
			</td>
		</tr>
		</table>
	</form>
</div>
<?php
	}
	require 'Includes/Footer.php';
?>
</body>
</html>

This page contains an HTML login form, which submits to itself (i.e, the action points to the same page). A hidden field, LoggingIn, is passed to the server when the user submits the form. The script checks to see if LoggingIn exists in the $_POST array. If it does, it processes the form input:

$email = $_POST['Email'];
$pw = $_POST['Password'];
if ($email == 'jwayne@northwind.com' && $pw == 'cowboy')
{
	echo '<div align="center">Success</div>';
}
else
{
	echo '<div align="center">Login Failed</div>';
	unset($_POST['LoggingIn']);
}

This code simply checks to see if the user's email and password match the hard-coded values (jwayne@northwind.com and cowboy). If they do, it outputs a "success" message. If they don't, it outputs a "failed" message and removes LoggingIn from the $_POST array, so that the form will be displayed again.

Authenticating Users

Duration: 25 to 35 minutes.

In this exercise, you will use mysqli to authenticate users.

  1. Open Authentication/Exercises/index.php in your editor. This file has been created for you and contains the underlying logic of the authentication application. You will see that it includes several of the scripts we saw in earlier exercises. Most of these are exactly the same, but a small change has been made to the pwEntry() function in Authentication/Exercises/Includes/fnFormPresentation.php. It now takes a fifth parameter: $repeat. When $repeat is set to true (default), the user will be asked to repeat her password (used for registration forms). When $repeat is set to false, she'll just get a single password field (used for login forms).
  2. Your job is to finish Authentication/Exercises/Includes/LoginForm.php and Authentication/Exercises/Includes/Login.php, which are currently both nearly empty. You may find it helpful to refer to ManagingData/Demos/Includes/EmployeeForm.php when creating LoginForm.php and to ManagingData/Demos/Includes/ProcessEmployee.php when creating Login.php.

Code Sample:

Authentication/Exercises/index.php
<?php
	require 'Includes/fnFormPresentation.php';
	require 'Includes/fnStrings.php';
	$errors = array();
	$dbEntries = array(	'Email'=>'',
						'Password'=>'');
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="UTF-8">
<title>Northwind Home Page</title>
</head>
<body>
<?php
	$msg='';
	require 'Includes/Header.php';
	if (array_key_exists('LoggingIn',$_POST))
	{
		require 'Includes/Login.php';
	}
	if (!array_key_exists('LoggingIn',$_POST))
	{
		require 'Includes/LoginForm.php';
	}
	if (strlen($msg) > 0)
	{
		echo "<div align='center'>$msg</div>";
	}
	require 'Includes/Footer.php';
?>
</body>
</html>

Solution:

Authentication/Solutions/Includes/LoginForm.php
<h1 align="center">Log in</h1>
<form method="post" action="index.php">
<input type="hidden" name="LoggingIn" value="true">
<table align="center">
	<?php
		echo textEntry('Email','Email',$dbEntries,$errors,25);
		echo pwEntry('Password','Password',$errors,10,false);
	?>
	<tr>
		<td colspan="2" align="right">
			<input type="submit" value="Login">
		</td>
	</tr>
</table>
</form>

Solution:

Authentication/Solutions/Includes/Login.php
<?php
	$dbEntries = $_POST;
	foreach ($dbEntries as &$entry)
	{
		$entry = dbString($entry);
	}

	@$db = new mysqli('localhost','root','pwdpwd','Northwind');
	if (mysqli_connect_errno())
	{
		echo 'Cannot connect to database: ' . mysqli_connect_error();
	}
	else
	{
		$query = "SELECT EmployeeID, FirstName, LastName
					FROM Employees
					WHERE Email = '" . $dbEntries['Email'] .
					"' AND Password = '" . $dbEntries['Password'] . "'";
		$result = $db->query($query);

		if ($result->num_rows)
		{
			$row = $result->fetch_assoc();
			$msg = 'Logged in as ' .
				$row['FirstName'] . ' ' . $row['LastName'];
		}
		else
		{
			$msg = 'Login Failed';
			unset($_POST['LoggingIn']);
			$dbEntries = $_POST;
		}
	}
?>