Winn

Authentication is important when building a web application, you don’t want others seeing information that does not belong to them. When you build an app that has “accounts” this is the login to your account. Just like going to Google and logging in to your account, it holds all your changes and settings.

To follow this we will need PHP and MySQL, you may find and install PHP and MySQL just by simply doing a search for them on Google, AOL, MSN or Yahoo. Once installed and working you may start on the next area of the tutorial. Note; this tutorial is assuming you know basic PHP, HTML, and MySQL.

First let’s start with your MySQL database and create a table called (admins). Then create 3 columns and name them as follows; ‘id’ -> (int, key), ‘user’ -> (text), ‘password’ -> (text). Once done add a row with a user and password, such as; (Mike) and the password is (1234).

Let’s move on to the PHP document and start the form fields. Below I am building a login form, this has two fields. One is the username field which is text, next we have the password field and the type is password.
[html]

[/html]
Great, now we have our form so if you view it online you will see two fields and one login button. You may format the look as you like but when you’re done let’s move on.

Now let’s do the validation of the fields and then check is the user is in the database. Let’s start by opening PHP, then we will do a (if isset) we will check for the var ($_POST['submit']). After that we need to check to see if the user left the fields blank. To do so we will use the PHP built in function empty(), just place the empty in an if statement and spit out an error stopping the query from checking the user. Take a look below, I am just checking if the form was submit. If yes, I am checking if the fields where empty, if the fields or field was empty I am stopping the query with the var $error.
[php]
if( isset($_POST['submit']) ) {
if( empty($_POST['username']) ) {
$error[] = “User is empty”;
}
if( empty($_POST['password']) ) {
$error[] = “Password is empty”;
}
if( empty($error) ) {
THE MySQL QUERY
print “Error!”;
}
[/php]

Now we can start the query to your MySQL database, let’s include the database connection (in this case I am using my db_class found here, it has everything you need to connect to your database). Ok, let’s make the call to the database and see if the user and password matches the ones submitted. Make a query asking for the user that matches the data submitted, by asking if user = $_POST[‘username’] and if password = $_POST[‘password’]. Then let’s count the number of rows returned, if we come back with 0 then we know the data submitted was wrong so let’s spit out an error. Or if the count returns more than 0 we know the data submitted was correct and we should now let them login to the account.
[php]
if( empty($error) ) {
include('/db_class.php');
$select_user = "SELECT * FROM account WHERE user='$_POST['username']' AND password='$_POST['password']'";
if( $run = mysql_query($select_user) ) {
$num_acc = mysql_num_rows($run);
if( $num_acc < 1 ) {
$showerror = "Sorry No account here!";
}else{
header("location: /account.php");
}
[/php]
It’s all up to you on how the errors come out, but be sure to let the user know if an error exists so they can try again or get help. If you need help with this tutorial contact me and I can help! Greg [at] winn [dot] ws, thanks for reading!