0

I am learning MySQL and PHP and I trying to build a simple login webpage and connect with MySQL. I have built the page with HTML and CSS, also I downloaded PHP and installed MySQL, I am getting confused about how to combine those things and when I input my password and username it will go to successful page.

I am not seeking an answer but need some suggestions for the next step.

James Z
  • 12,209
  • 10
  • 24
  • 44
Dongming Guo
  • 13
  • 3
  • What about the good old "Hello World!"? :D Try go for small steps first if you really want to learn. So my advice. Try it without a DB first. Just make a HTML-Form and check the submitted values for values you directly save in your PHP-File. Step by step, if you need help at a certain step, just ask :) – SirPilan Mar 29 '19 at 17:51
  • Hi really appreciate your suggestion. I mean I did some tutorial for MySQL and PHP I am just confused how to start and I don't really know how to work with MAMP but After few days I checked the document and then I made it. Thanks, I post the question only for the suggestion, not the answer. – Dongming Guo Apr 02 '19 at 14:30

1 Answers1

0

PLEASE NOTE - the way my SQL queries are written here are open to SQL injection (see here to get the changes you would need to make)

So to start. You want to create a database table to store your users, a form to create users, and some code to query the data into the database.

i would start with a form like this:

<form method="post" class="mt-3">
<input type="hidden" name="do" value="create" />
                <div class="form-group">
                    <label for="itemName">First Name</label>
                    <input type="text" class="form-control" name="firstName">
                </div>
                <div class="form-group">
                    <label for="serialNumber">Last Name</label>
                    <input type="text" class="form-control" name="lastName">
                </div>
                <div class="form-group">
                    <label for="serialNumber">Username</label>
                    <input type="text" class="form-control" name="userName">
                </div>
                <div class="form-group">
                    <label for="serialNumber">Password</label>
                    <input type="password" class="form-control" name="passWord">
                </div>
                <a id="create-member" class="btn btn-success text-white">Submit</a>
            </form>

then you want some code that will take the values you have in that form and turn them into a query to add that info into your table.

if(isset($_POST['do'])) && $_POST['do'] == 'create' 
{
    $firstName = $_POST['firstName'];
    $lastName = $_POST['lastName'];
    $username = $_POST['userName'];
    $password = password_hash($_POST['passWord'], PASSWORD_BCRYPT);

        $sql = "INSERT INTO members (first_name, last_name, username, password) VALUES ('".$firstName."', '".$lastName."', '".$username."', '".$password."')";
        mysqli_query($conn, $sql); //$conn is set in my header file and included into every page.
}

That is pretty much the process for creating a user and adding it to your table, obviously you'll have to break it down and change values to what you have in your table etc.

Next it's the case of verifying a login.

first, a login form:

<form method="post">
        <input type="hidden" name="do" value="login" />
        <div class="form-group">
            <label for="usename">Username</label>
            <input type="text" class="form-control" id="username" name="username">
        </div>
        <div class="form-group">
            <label for="password">Password</label>
            <input type="password" class="form-control" id="password" name="password">
        </div>
        <button type="submit" class="btn btn-primary">Login</button>
    </form>

and then an authentication query to follow, this will take the info in the login page, hash the password you entered and then compare it with the one in your database.

if (isset($_POST['do']) && $_POST['do'] == 'login')
{
        $username = $_POST['username'];
        $password = $_POST['password'];

        $sql = "SELECT id, first_name, last_name, password FROM members WHERE username= '$username'";
        $query = mysqli_query($conn, $sql) or die(mysqli_error($conn));

        if($query->num_rows == 0)
        {
            echo "Username or password incorrect";
        }else{
            $data = mysqli_fetch_array($query);
            if(!password_verify($password, $data['password']))
            {
                echo "Username or password incorrect";
            }else{
            session_regenerate_id();
            $_SESSION['loggedin'] = true;
            $_SESSION['username'] = $_POST['username'];
            $_SESSION['member_id'] = $data['id'];
            $_SESSION['first_name'] = $data['first_name'];
            $_SESSION['last_name'] = $data['last_name'];


            }
        }
    }
}
?>

don't be scared about the $_SESSION variables at the bottom, i just set all user data as that so it's easier to access it on other pages, then i just follow with a header to my index.php page. In my header i also check to see that $_SESSION['loggedin'] is set to true and if not it redirects them to the login page (also be care to take into account the user might be on the login page, you dont want a redirect error)

This is my first detailed answer on this site so i hope it helps you :)

Sam.92
  • 96
  • 10
  • Hi man, sorry for so long to response to you, After a bit long time for tutorial and practice finally I made it . and really appreciate – Dongming Guo Apr 02 '19 at 14:27