Authentication with PHP and SQL

Authentication with PHP and SQL

In this lesson of the PHP tutorial, you will learn… 

  1. To authenticate users with a login form.

A Database-less Login Form

Below is a simple login form that uses a hard-coded username and password.

Code Sample: Authentication/Demos/SimpleLogin.php

<html>
<head>
<title>Login Page</title>
</head>
<body>
<?php
 require 'Includes/Header.php';

 $msg='';
 $Email = '';
 if (array_key_exists('LoggingIn',$_POST))
 {
  $Email = $_POST['Email'];
  $PW = $_POST['Password'];
  if ($Email == 'jwayne@northwind.com' && $PW == 'cowboy')
  {
   echo '<div align="center">Success</div>';
  }
  else
  {
   echo '<div align="center">Login Failed</div>';
   unset($_POST['LoggingIn']);
  }
 }

 if (!array_key_exists('LoggingIn',$_POST))
 {
?>

<div align="center">

 <h2>Log in</h2>
 <form method="post" action="SimpleLogin.php">
 <input type="hidden" name="LoggingIn" value="true">
  <table>
  <tr>
   <td>Email:</td>
   <td><input type="text" name="Email"
     value="<?php echo $Email?>" size="25"></td>
  </tr>
  <tr>
   <td>Password:</td>
   <td>
   <input type="password" name="Password" size="10">
   </td>
  </tr>
  <tr>
   <td align="right" colspan="2">
   <input type="submit" value="Log in">
   </td>
  </tr>
  </table>
 </form>
</div>
<?php
 }
 require 'Includes/Footer.php';
?>
</body>
</html>
Code Explanation

This page contains an HTML login form, which submits to itself (i.e, the action points to the same page). A hidden field, LoggingIn, is passed to the server when the user submits the form. The script checks to see if LoggingIn exists in the $_POST array. If it does, it processes the form input:

$Email = $_POST['Email'];
$PW = $_POST['Password'];
if ($Email == 'jwayne@northwind.com' && $PW == 'cowboy')
{
 echo '<div align="center">Success</div>';
}
else
{
 echo '<div align="center">Login Failed</div>';
 unset($_POST['LoggingIn']);
}

This code simply checks to see if the user’s email and password match the hard-coded values (jwayne@northwind.com and cowboy). If they do, it outputs a “success” message. If they don’t, it outputs a “failed” message and removes LoggingIn from the $_POST array, so that the form will be displayed again.

Exercise: Authenticating Users

Duration: 25 to 35 minutes.

In this exercise, you will use mysqli or PEAR DB to authenticate users.

  1. Open Authentication/Exercises/index.php in your editor. This file has been created for you and contains the underlying logic of the authentication application. You will see that it includes several of the scripts we saw in earlier exercises. Most of these are exactly the same, but a small change has been made to the pwEntry() function in Authentication/Exercises/Includes/fnFormPresentation.php. It now takes a fifth parameter: $Repeat. When $Repeat is set to true (default), the user will be asked to repeat her password (used for registration forms). When $Repeat is set to false, she’ll just get a single password field (used for login forms).
  2. Your job is to finish Authentication/Exercises/Includes/LoginForm.php and Authentication/Exercises/Includes/Login.php, which are currently both nearly empty. You may find it helpful to refer to ManagingData/Demos/Includes/EmployeeForm.php when creating LoginForm.php and to ManagingData/Demos/Includes/ProcessEmployee.php when creating Login.php.

Code Sample: Authentication/Exercises/index.php

<?php
 require 'Includes/fnFormPresentation.php';
 require 'Includes/fnStrings.php';
 $Errors = array();
 $DbEntries = array( 'Email'=>'',
      'Password'=>'');
?>
<html>
<head>
<title>Northwind Home Page</title>
</head>
<body>
<?php
 $msg='';
 require 'Includes/Header.php';
 if (array_key_exists('LoggingIn',$_POST))
 {
  require 'Includes/Login.php';
 }
 if (!array_key_exists('LoggingIn',$_POST))
 {
  require 'Includes/LoginForm.php';
 }
 if (strlen($msg) > 0)
 {
  echo "<div align='center'>$msg</div>";
 }
 require 'Includes/Footer.php';
?>
</body>
</html>

Authentication with PHP and SQL Conclusion

In this lesson of the PHP tutorial, you have learned how to authenticate users. Unfortunately, as it is currently written, only the index page itself is protected. To protect the whole site in this manner, we would have to force the user to log in to every page. That might frustrate our visitors a bit, so we’ll learn how to allow users to log in to the whole site later in the course.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s