Home

Creating a simple PHP login without a database

Created November 9, 2011

So, what if you want to create a simple PHP script without having to create a new database for a simple admin log-in to gain access to a certain page. Well, in this post I will run you through a 1 page php file that will allow you to have a log-in page, logged in page, and a log out page.

Okay, so here is the simple code that creates this page:

session_start();

// ***************************************** //
// **********	DECLARE VARIABLES  ********** //
// ***************************************** //

$username = 'username';
$password = 'password';

$random1 = 'secret_key1';
$random2 = 'secret_key2';

$hash = md5($random1.$pass.$random2); 

$self = $_SERVER['REQUEST_URI'];


// ************************************ //
// **********	USER LOGOUT  ********** //
// ************************************ //

if(isset($_GET['logout']))
{
	unset($_SESSION['login']);
}


// *********************************************** //
// **********	USER IS LOGGED IN	********** //
// *********************************************** //

if (isset($_SESSION['login']) && $_SESSION['login'] == $hash) {

	?>
			
		<p>Hello <?php echo $username; ?>, you have successfully logged in!</p>
		<a href="?logout=true">Logout?</a>
			
	<?php
}


// *********************************************** //
// **********	FORM HAS BEEN SUBMITTED	********** //
// *********************************************** //

else if (isset($_POST['submit'])) {

	if ($_POST['username'] == $username &#038;& $_POST['password'] == $password){
	
		//IF USERNAME AND PASSWORD ARE CORRECT SET THE LOG-IN SESSION
		$_SESSION["login"] = $hash;
		header("Location: $_SERVER[PHP_SELF]");
		
	} else {
		
		// DISPLAY FORM WITH ERROR
		display_login_form();
		echo '<p>Username or password is invalid</p>';
		
	}
}	
	
	
// *********************************************** //
// **********	SHOW THE LOG-IN FORM	********** //
// *********************************************** //

else { 

	display_login_form();

}


function display_login_form(){ ?>

	<form action="<?php echo $self; ?>" method='post'>
	<label for="username">username</label>
	<input type="text" name="username" id="username">
	<label for="password">password</label>
	<input type="password" name="password" id="password">
	<input type="submit" name="submit" value="submit">
	</form>	

<?php } ?>

You can simply copy and paste the code above, or you can download the file here: Simple PHP Login DOWNLOAD.

Okay, here is the simple breakdown:

session_start();

// ***************************************** //
// **********	DECLARE VARIABLES  ********** //
// ***************************************** //

$username = 'username';
$password = 'password';

$random1 = 'secret_key1';
$random2 = 'secret_key2';

$hash = md5($random1.$pass.$random2); 

$self = $_SERVER['REQUEST_URI'];

In the lines of code above we have to let the PHP file know that we are going to be using Sessions, so we have to call 'session_start()'. Then we declare the variables, which are listed below:

Next is simple enough and doesn't need much explanation:

// ****************************************** //
// **********	USER LOGOUT  ********** //
// **************************************** //

if(isset($_GET['logout']))
{
	unset($_SESSION['login']);
}

</pre><p>Above we check if the user has specified they want to logout, this will be set when the user navigates to the page: index.php?logout=true, if the '?logout' is set, then we will unset the 'login' session. Which means the user will be logged out. Next we will want to check if the user is currently logged in:</p>
<pre lang="PHP">

// *********************************************** //
// **********	USER IS LOGGED IN	********** //
// *********************************************** //

if (isset($_SESSION['login']) &#038;& $_SESSION['login'] == $hash) {

	?>
			
		<p>Hello <?php echo $username; ?>, you have successfully logged in!</p>
		<a href="?logout=true">Logout?</a>
			
	<?php
}

Above, if the 'login' session is set and the session equals the $hash variable (encrypted string of random1, random2, and password) then we know the user is logged in, and we can display anything we want when the user is logged in. In this simple example we just let the user know they are logged in and give them a link to logout, which is as we stated above the current page with '?logout' set, hence the href="?logout=true".

Next, we need to support the condition if the user has submitted the log-in form:

// *********************************************** //
// **********	FORM HAS BEEN SUBMITTED	********** //
// *********************************************** //

else if (isset($_POST['submit'])) {

	if ($_POST['username'] == $username &#038;& $_POST['password'] == $password){
	
		//IF USERNAME AND PASSWORD ARE CORRECT SET THE LOG-IN SESSION
		$_SESSION["login"] = $hash;
		header("Location: $_SERVER[PHP_SELF]");
		
	} else {
		
		// DISPLAY FORM WITH ERROR
		display_login_form();
		echo '<p>Username or password is invalid</p>';
		
	}
}

In the code above, we detect if the form has been submitted, if it has we check that the posted 'username' and 'password' are equal to the username and password variables. If they are equal to the username and password, we want to set the 'login' session equal to the $hash variable, and re-direct the user to the current page (refresh the page), and this time the user will be logged-in because the 'login' session is equal to the $hash variable. If the username and password are not correct, we will just want to display the login form again and display an error message ('Username or password is invalid').

And lastly, if none of the other conditions are met, such as the user submitting the form, or already being logged in, the only other thing to do is to display the form:

// *********************************************** //
// **********	SHOW THE LOG-IN FORM	********** //
// *********************************************** //

else { 

	display_login_form();

}


function display_login_form(){ ?>

	<form action="<?php echo $self; ?>" method='post'>
	<label for="username">username</label>
	<input type="text" name="username" id="username">
	<label for="password">password</label>
	<input type="password" name="password" id="password">
	<input type="submit" name="submit" value="submit">
	</form>	

<?php } ?>

And there you go. It's really not that complicated, just go through each step of the process and I'm sure you'll find that the code is very easy to understand. On the other hand if you still have trouble understanding some of the basic fundamentals of the code above, I would recommend you checkout the W3Schools Learn PHP Page W3Schools Learn PHP Page and they will teach all you need to know about PHP.

Additionally, if you have any questions about the code or just want to say Hi, please leave a comment below ;)