Home/ Questions/Q 6071851
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T10:05:40+00:00

I am trying to create a php log in form. I want to just

  • 0

I am trying to create a php log in form. I want to just make a few adjustments but when i’ve tinkered with it, it stops working…

If you can’t see from the code, I’m trying to create a (mock) log in form that asks for a username and password.

  • I want any blank textbox to show a red message to the right of the textbox. (i have the red error message, but I can’t get it to the left of the box)

  • I want a sticky form that keeps either field if its filled in (again, I think I have this set up but don’t think its working all the way)

  • I would like a person who enters the username: user and the password: abc123 to see a welcome message. If you don’t use that username/password combo I want a message that says that they are not authorized. (This is what i really don’t know how to do)

  • I want this all in a redux (also think i have that working but not 100% sure)

Any help would be greatly apprecaited!!

And here is my code:

<?php

define('TITLE', 'LOG IN');

// CSS
print '<style type="text/css" media="screen">
.error { color: red; }
    </style>';

    // Checking
    if ( isset($_POST['submitted']) ) {

$problem = FALSE;

// Each value

if (empty($_POST['email'])) {
    $problem = TRUE;
    print '<p class="error">Please enter the username!</p>';
}

if (empty($_POST['password1'])) {
    $problem = TRUE;
    print '<p class="error">Please enter the password!</p>';
}


if (!$problem) { //No problem

    // Printing the log in message
    print '<p>Thank you for logging in!</p>';

    $_POST = array();

} else {

    print '<p class="error">No entry!</p>';

       }

    }

    ?>
    <form action="login.php" method="post">

    <p>"Username": <input type="text" name="username" size="20" value="<?php if (isset($_POST['username'])) { print htmlspecialchars($_POST['username']); } ?>" /></p>
    <p>Password: <input type="password" name="password1" size="20" /></p>
    <p><input type="submit" name="submit" value="Log in" /></p>
    <input type="hidden" name="submitted" value="true" />
    </form>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Ok, here is a simple login that is not meant for real world usage. Please read the comments included in the code to see what I have to say about each. Doing logins is quite tricky for a number of reasons, so this example is not meant to demonstrate a real world working codebase, but a very simple username/password check.

    The security issues associated with a more sophisticated use are perhaps beyond this answer, but the below code is the way I would interpret what you have posted above, without getting to detailed (to the point of possibly making it hard to understand the simplest steps occurring).

    Let me know if you have any questions. To see the form in action, check:

    http://jfcoder.com/test/simplelogin.php

    Also, I use PHP’s HEREDOC syntax instead of quoted strings for simplicity. To read more about this sometimes handy form, see

    http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.heredoc.

    <html>
<head>
<style type="text/css">
.error {
    color: red;
}
</style>
</head>
<body>
<?php 

// Note, in most cases you will set a SESSION variable
// of $_SESSION['loggedin'], which would require you to
// use session_start() before you access any session
// variables.

// Note, this defaults to false.
$loggedin = false;

// If I get an error, I will put it in this variable.
$error = '';

// If the username is provided, run the code. Otherwise,
// act as if the login form was not submitted. This makes
// a hidden `submitted` value superfluous, and guarantees
// your users at least provide a username.
if ($_POST['username']) {
    // NOTE!!! In mose cases, you're querying a database
    // for a username/password match. In PHP, this often 
    // means a MySQL query. DO NOT USE THE BELOW IF YOU
    // ARE DOING SO!!! This will allow what's called a
    // SQL injection. You MUST wash your data with something
    // like mysql_real_escape_string() for the $_POST
    // values (NEVER trust submitted data, always validate
    // and escape as necessary), or use the PHP PDO library.
    // In this example, though, I use a switch to check the
    // values for exact matches, which means I do not need 
    // to escape (and mysql_real_escape_string() requires
    // a database connection to use).
    $username = $_POST['username'];
    $password = $_POST['password'];

    // Here, I check if the username and password match.
    // This is, of course, hardcoded, but to match your 
    // attempt, I chose to keep the form, although you
    // rarely see this in use in the real world.    
    switch ($username) {
        // My one case. For each additional user, you
        // would need to add a new entry with password
        // check. And I set my error text according to
        // the result of the code.
        case 'user':
            if ($password === 'abc123') {
                $loggedin = true;
            } else {
                $error = 'Username/Password did not match.';
            }
            break;
        default:
            // Note, I don't give a descriptive error
            // here. If someone reports this error, I
            // know what may have gone wrong, but the
            // user is not told the username does not
            // exist.
            $error = 'Unknown error. Try again.';
    }
}

// I will only show the welcome message if the user has
// successfully logged in.
if ($loggedin === true) {
    echo <<<HTML
<h1>Welcome!</h1>
<p>Thank you for logging in $username</p>
HTML;
} else {
    // If an error text is set, display that error.
    if ($error != '') {
        $error = "<h4>Login error</h4><p class='error'>$error</p>";
    }
    // Here's my form, only shown if the user has not
    // successfully logged in (note, this is only a one-
    // time check when the POST data is submitted; I
    // would need to use sessions to "remember" the requestor
    // had logged in across page accesses.
    echo <<<FORM
<h1>Login Form</h1>
<form action="simplelogin.php" method="POST">
$error
<p><label>Username: <input type="text" name="username"/></label></p>
<p><label>Password: <input type="password" name="password"/></label></p>
<p><input type="submit" value="Login"/> <input type="reset"/></p>
</form>
FORM;
}

?>
</body>
</html>
    • 0