Login scripts created with PHP don't have to be extremely complex. In fact, I find the simpler the better in this regard. Our main goal is to create a basic, secure area for administrators to log into in order to add and edit content, so it doesn't have to be overly difficult.

One could use a MySQL database table for this but if we want to keep things as simple as possible all we have to do is create a few variables and store them within our login verification script. Which, as you will see, is stored all in one file along with the HTML form.

Create HTML Login Form

<!DOCTYPE html> <head> <title>Admin Login</title> <link rel="stylesheet" href="style.css" type="text/css" media="screen" /> </head> <div id="login"> <h1 class="logintitle">Admin Login</h1> <form name="login" action="" method="post"> <div class="label">Username: <input type="text" name="username" value="" /></div> <div class="label">Password: <input type="password" name="password" value="" /></div> <div class="submit"><input type="submit" name="submit" value="Log In" /></div> </form> </div> </body> </html>
The first step involves creating a simple HTML login form. Notice that our name= attributes will match the variables we use in the isset function in the next image. This is important for getting the script to work correctly. Also, using type="password" instead of type="text" will create a hidden password which is shown only by dots. This ensures a bit more security within the login script.

<?php // First, we start a session.// session_start(); // Check that both the username and password fields have been set.// if(isset($_POST["username"]) && isset($_POST["password"])) { //Define the variables that were passed through the HTML form.// $username = $_POST["username"]; $password = $_POST["password"]; $uname = "lgadmin"; //For a bit of added security we create a backward password. Seen below.// $pword = "6102-nimdagl"; //PHP conditional statements check for correct information.// //The first function reverses the password enter into the password field.// $password = strrev($password); //Check the entered information with our login variables.// if($username === $uname && $password === $pword) { $_SESSION['username']=$_POST['username']; header("Location: index.php"); } // If the login details are wrong user is redirected back to the login page.// else { header("Location: login.php"); } } ?>
Marked in orange within our code, we can see the steps needed to create the login verification script.

1. Start a session that will be carried over into the secure area


2. Check that our login variables have been set.


3. Define the variables that were passed through the HTML form.


4. Create our login credentials, making the password backward for a bit of extra security.


5. Before comparing our login variables with the ones entered into the login form we reverse the password that was entered in order to match the correct one.


6. Finally, verify the login information. The if statement tells the script what to do if the login details are correct. If the details are incorrect the else statement redirects the user back to the login page.

<?php include('header.php'); ?> <div class="cleardiv"></div> <?php include('headmenu.php'); ?> <div class="maintextdiv">This is the Admin Panel Index page, where we could have editing boxes of all the things we have created for our PHP driven script.</div> <?php include('footer.php'); ?> </div> </body> </html>
The image above is the index page file we will be logging into. Notice the header.php includes file. That is very important for passing the username's session into the secure area.

<?php session_start(); if (!isset($_SESSION['username']) || !$_SESSION['username']) { header("Location: login.php"); } ?> <!DOCTYPE html> <html lang="en"> <head> <title>This Is My Admin Panel Index</title> <link rel="stylesheet" href="style.css" type="text/css" media="screen" /> <meta name="description" content="" /> </head> <body> <div class="wrapper"> <div class="header"> <div class="logo"><img src="../logo.png"></div> <h1 class="title">Admin Panel Index Page</h1> </div>
The header.php file must contain the PHP statement at the top of the page in order for the username session to be set correctly. By creating this session we can gather all the information we need on this particular user and help them with, for instance, creating and editing content in a secure administration area.

<?php session_start(); session_destroy(); header ('Location: login.php'); ?>
Lastly, we have the logout.php file, which contains session_start() at the beginning, as this must be passed on every page within the secured area, and then session_destroy(), which stops the session and redirects the user back to the login page.

As you can see, this script is quite basic. Regardless of it's simplicity, however, it is pretty secure. I've used similar scripts for sites that get a lot of traffic and have never had a problem with hacking. That being said though, it is usually good advice to make administration areas accessible only to certain IP addresses. Which is something we can get into at a later date.

This script can be configured to work for secure customer areas, as well as for administration purposes. The possibilities are endless.

I hope you got something out of this tutorial and enjoyed it. It would be great to hear some feedback from folks on it. Either via comments on YouTube or here at PHP-Scripting.com.