How to make a simple login system with PHP

原文网址：http://www.webgeekly.com/tutorials/php/how-to-make-a-login-system-with-php/

So you’ve started learning PHP and want to learn how to create a login system? It’s much easier than you think. Using PHP Sessions, we can easily keep track of who’s logged in and redirect unauthorized users away from private pages.

There are two pages I will be using for this example: A login page, and a protected page. The tutorial below is an extremely simply example that can help you get started with a basic authentication system.

How can we track logged in Users?

It is surprisingly very simple to track logged in users. PHP Sessions are variables that are stored in the website’s memory for as long as your browser session is open. That means that as you browse various pages, you can access the PHP Sessions variables which do not lose their value when you leave each page.

Here’s how Sessions work:

<?php

    session_start();
    // You must use session_start()
    // at the top of each page
    // This gives your page access
    // to your session variables

    $_SESSION['loggedin'] = 1;
    // This piece of code creates a
    // session variable called 'loggedin'

    echo $_SESSION['loggedin'];
    // This piece of code gets the contents
    // of the 'loggedin' session variable

?>

As you can see, sessions are pretty easy to use. Now here’s the basics of how a login system works:
Our login page shall have the following logic:

if loggedin, set session(loggedin) = 1
else set session(loggedout) = 0

While the protected will have the following:

if session(loggedin) showpage
else redirect2homepage

If you understand this basic logic, you can move to the next section.

Setting up login.php

Your login page will contain the login form as well as the PHP code which logs you in or keeps you logs out.
Here we go!

<?php 

session_start();

if ($_GET['login']) {
     // Only load the code below if the GET
     // variable 'login' is set. You will
     // set this when you submit the form

     if ($_POST['username'] == 'USERNAME'
         && $_POST['password'] == 'PASSWORD') {
         // Load code below if both username
         // and password submitted are correct

         $_SESSION['loggedin'] = 1;
          // Set session variable

         header("Location: protected.php");
         exit;
         // Redirect to a protected page

     } else echo "Wrong details";
     // Otherwise, echo the error message

}

?>
Log in:
<form action="?login=1" method="post">
Username: <input type="text" name="username" />
Password: <input type="password" name="password" />
<input type="submit" />
</form>

That is the most basic form of a login page. The form at the bottom will accept a username and a password and post the form to the same page. By posting the form to ?login=1, you will be posting to the same page with the login parameter in your URL. Your page will therefore load login.php?login=1. This parameter will tell the PHP code that you are trying to log in and run the code which autheticates you.

The PHP code itself is pretty self explanatory. If the username and password match, then the session is set. In reality, you would probably try to match a user saved in your database. However, this should be enough for you to get used to the basics.

Now that login.php is complete, what’s next? Once the script finds a match, it will redirect to the protected page using the header function.

Creating protected.php

This is extremely easy to set up:

<?php

    session_start();
    // Call this function so your page
    // can access session variables

    if ($_SESSION['loggedin'] != 1) {
        // If the 'loggedin' session variable
        // is not equal to 1, then you must
        // not let the user see the page.
        // So, we'll redirect them to the
        // login page (login.php).

        header("Location: login.php");
        exit;
    }

?>

Protected content goes here...

And that’s it… really. It really is that simple to set up a simple authentication system. Of course, as always, there are many different ways to achieve the same thing. The tutorial above should serve as a simple lesson on where to start from.

In a real web application, there are quite a few other things to think about. Matching users from a database, SQL Injection, outputting errors and notices as well as providing different levels of access according to the user logged in. Even so, the script above shows the core logic of any login system and should be a good starting point for anybody who’s just discovering web development.