Sun Jun 07 2020
How to Use PHP to Submit and Process Your Login Form
A login form is an essential part of any website that requires user authentication. In PHP, you can create a secure and functional login form to authenticate users and protect sensitive information. In this article, I’ll guide you through the steps to creating a login form using HTML and how you can handle form submission and processing in PHP.
Step 1: Set Up the Login Form
First, create a login form with fields for the username and password using HTML. You can also style this form with CSS to make it look visually appealing.
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="text" name="username" placeholder="Username" />
<input type="password" name="password" placeholder="Password" />
<input type="submit" value="Login" />
</form>
Step 2: Handle Form Submission in PHP
Next, I need to create the PHP script to handle the form submission and authenticate the user.
<?php
if(isset($_POST['username']) && isset($_POST['password'])) {
/* Associative Array with md5 encrypted password */
$loginfo = array("geek12" => md5("1234"), "abc4" => md5("abcd"), "jcb84" => md5("msk53"));
/* Trim whitespace from the beginning and end */
/* Compare with regular expression */
if((trim($_POST['username']) == '') || (ereg ('[^a-zA-Z0-9]', $_POST['username'])))
echo "Invalid username...Usernames only contain letters and digits.";
else {
if((trim ($_POST['password']) == '') || (ereg ('[^[:alnum:][:punct:][:space:]]', $_POST['password'])))
echo "Invalid password...Passwords only contain letters, digits, punctuation and spaces.";
else {
/* Checking username exist or not */
if(isset($loginfo[$_POST['username']])) {
/* Checking password associated with matched username */
if($loginfo[$_POST['username']] == md5($_POST['password'])) {
/* Set session */
session_start();
$_SESSION["user_id"] = $_POST['username'];
echo "Authenticated!";
}
else
echo "Password didn't match!";
}
else
echo "Username didn't match!";
}
}
}
?>
Conclusion
Building a secure login form with PHP requires careful handling of user input, password hashing, and session management. Best way is to sanitize inputs using prepared statements first, and then hashing passwords. As this guide demonstrates the basics of using PHP to submit a login form, it's essential to adopt more advanced security measures for production, such as SSL certificates, user input validation, and comprehensive error handling.
File Name: login-form.php
<!DOCTYPE html>
<html>
<head>
<title>Login Form</title>
</head>
<body>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="text" name="username" placeholder="Username" />
<input type="password" name="password" placeholder="Password" />
<input type="submit" value="Login" />
</form>
<?php
if(isset($_POST['username']) && isset($_POST['password'])) {
/* Associative Array with md5 encrypted password */
$loginfo = array("geek12" => md5("1234"), "abc4" => md5("abcd"), "jcb84" => md5("msk53"));
/* Trim whitespace from the beginning and end */
/* Compare with regular expression */
if((trim($_POST['username']) == '') || (ereg ('[^a-zA-Z0-9]', $_POST['username'])))
echo "Invalid username...Usernames only contain letters and digits.";
else {
if((trim ($_POST['password']) == '') || (ereg ('[^[:alnum:][:punct:][:space:]]', $_POST['password'])))
echo "Invalid password...Passwords only contain letters, digits, punctuation and spaces.";
else {
/* Checking username exist or not */
if(isset($loginfo[$_POST['username']])) {
/* Checking password associated with matched username */
if($loginfo[$_POST['username']] == md5($_POST['password'])) {
/* Set session */
session_start();
$_SESSION["user_id"] = $_POST['username'];
echo "Authenticated!";
}
else
echo "Password didn't match!";
}
else
echo "Username didn't match!";
}
}
}
?>
</body>
</html>
/* Output */
/*
Input:
username = geek12
password = 1234
Authenticated!
*/