I want to make a single login for just 1 user without storing in a database but I can't seem to get this to work.
My code: login.php
<html> <head> <title>Login</title> </head> <h3>Add entry</h3> <p> Add another Article</p> <form action="trylog.php" method = "post"> <label for="username">Username</label> <input type="username" id="usename" name="username"><br /><br /> <label for="password">Password:</label> <input type="text" id="password" name="password"><br /><br /> <button type = "submit">Login</button> </form> </html>
trylog.php
<html> <title>Login</title> <body> <?php $usr = "admin"; $psw = "password"; $username = '$_POST[username]'; $password = '$_POST[password]'; //$usr == $username && $psw == $password session_start(); if ($_SESSION['login']==true || ($_POST['username']=="admin" && $_POST['password']=="password")) { echo "password accepted"; $_SESSION['login']=true; }else { echo "incorrect login"; } ?> <form name="input" action="adminportal.php" method="get"> <input type="submit" value="Home"> </form> </body> </html>
Your code could look more like:
<?php session_start(); $errorMsg = ""; $validUser = $_SESSION["login"] === true; if(isset($_POST["sub"])) { $validUser = $_POST["username"] == "admin" && $_POST["password"] == "password"; if(!$validUser) $errorMsg = "Invalid username or password."; else $_SESSION["login"] = true; } if($validUser) { header("Location: /login-success.php"); die(); } ?> <!DOCTYPE html> <html> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <title>Login</title> </head> <body> <form name="input" action="" method="post"> <label for="username">Username:</label><input type="text" value="<?= $_POST["username"] ?>" id="username" name="username" /> <label for="password">Password:</label><input type="password" value="" id="password" name="password" /> <div class="error"><?= $errorMsg ?></div> <input type="submit" value="Home" name="sub" /> </form> </body> </html>
Now, when the page is redirected based on the header('LOCATION:wherever.php)
, put session_start()
at the top of the page and test to make sure $_SESSION['login'] === true
. Remember that ==
would be true if $_SESSION['login'] == 1
as well. Of course, this is a bad idea for security reasons, but my example may teach you a different way of using PHP.
Here is a simple php script for login and a page that can only be accessed by logged in users.
login.php
<?php session_start(); echo isset($_SESSION['login']); if(isset($_SESSION['login'])) { header('LOCATION:admin.php'); die(); } ?> <!DOCTYPE html> <html> <head> <meta http-equiv='content-type' content='text/html;charset=utf-8' /> <title>Login</title> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"> </head> <body> <div class="container"> <h3 class="text-center">Login</h3> <?php if(isset($_POST['submit'])){ $username = $_POST['username']; $password = $_POST['password']; if($username === 'admin' && $password === 'password'){ $_SESSION['login'] = true; header('LOCATION:admin.php'); die(); } { echo "<div class='alert alert-danger'>Username and Password do not match.</div>"; } } ?> <form action="" method="post"> <div class="form-group"> <label for="username">Username:</label> <input type="text" class="form-control" id="username" name="username" required> </div> <div class="form-group"> <label for="pwd">Password:</label> <input type="password" class="form-control" id="pwd" name="password" required> </div> <button type="submit" name="submit" class="btn btn-default">Login</button> </form> </div> </body> </html>
admin.php ( only logged in users can access it )
<?php session_start(); if(!isset($_SESSION['login'])) { header('LOCATION:login.php'); die(); } ?> <html> <head> <title>Admin Page</title> </head> <body> This is admin page view able only by logged in users. </body> </html>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With