Subscribe to
the Possibilities Ezine

Subscription Terms of Service
Privacy Policy

Most Recent
Software Additions

Go Short URL

Create short URLs with your own control panel, on your own server, and all your short URLs will have your own domain name.

Secure View and Remove

Remove the data from your secure server safely, without compromising your customer's trust.

Survey Lite

Provides an opportunity for your visitors to give you feedback on the subjects you want to hear about.

Attention Ticker

Scrolling text banner is perfect for special offers... news feeds... syndication to other sites ...

Simple and Effective PHP Log-In Page

While putting the finishing touches on PayPal e-commerce software for our own products, I realized it would need a log-in page.

My intent had been to put the software's control panel/dashboard into a password protected directory. But that wasn't going to work this time, I realized.

A quick to implement log-in page was needed.

Because the e-commerce software was built with it, PHP was used for the entire system. Here is how it was done.

First, a PHP log-in page was designed.

The Log-In Page

The username and password are embedded in the PHP page in a way that makes it invisible to the browser. This eliminates any need for external files.

A cookie name, the number of hours the cookie shall last, and the URL of the dashboard software are also specified in the PHP code.

Here is the complete log-in PHP page:

<?php // This must be the first line of this file. $cookieName = "myCookie"; // must be identical in both files. $username = "myUN"; $password = "myPW"; $hoursCookieExists = 36; $dashboardURL = "http://example.com/dashboard.php"; if( isset($_POST['pw']) and $_POST['pw'] == $password and isset($_POST['un']) and $_POST['un'] == $username ) { $cval = $hoursCookieExists > 0 ? (time() + ($hoursCookieExists * 60 * 60)) : ''; setcookie($cookieName,'good',$cval); header("Location: $dashboardURL"); exit; } ?> <html> <head> <title>Login</title> </head> <body style="margin:200px;"> <form method="POST" action="<?php echo($_SERVER['PHP_SELF']) ?>"> <table border="0" cellpadding="0" cellspacing="5"><tr> <td>Username:</td><td><input type="text" name="un" size="22"></td> </tr><tr> <td>Password:</td><td><input type="password" name="pw" size="22"></td> </tr><tr> <td> </td><td><input type="submit"></td> </tr> </table> </form> </body> </html>

When the log-in form is submitted with the correct username and password, a cookie is set and the browser is redirected to the URL of the control panel/dashboard page. Both username and password are case sensitive.

The Control Panel/Dashboard Page

Eighteen lines of log-in verification code are put at the top of the file — the file in the URL in the browser's address bar when the control panel/dashboard is loaded. For this system, the control panel/dashboard must be a PHP page.

Here is an example dashboard web page with the eighteen lines of log-in verification code:

<?php // This must be the first line of this file. $cookieName = "myCookie"; // must be identical in both files. $loginPageURL = "http://example.com/login.php"; $logoutThankYouPageURL = "http://example.com/index.html"; if( ! ( isset($_COOKIE[$cookieName]) and $_COOKIE[$cookieName] == 'good' ) ) { header("Location: $loginPageURL"); exit; } elseif( isset($_GET['logoutnow']) ) { setcookie($cookieName,'0'); header("Location: $logoutThankYouPageURL"); exit; } ?> <html> <body style="margin:200px"> <h1> Dashboard! </h1> <p> <a href="<?php echo($_SERVER['PHP_SELF']) ?>?logoutnow=yes">Log out</a> </p> </body> </html>

The cookie name must be specified in the control panel/dashboard page file identical to the cookie name in the log-in page file. Otherwise, the cookie will never authenticate.

When the log-in cookie is set, the value is set to be the word, "good". When logged out, the value is set as "0". To authenticate, the value must be "good".

In addition to the cookie name, the log-in page URL and the log out "thank you" page URL (where the browser is redirected to upon log-out) are also specified in the dashboard PHP file.

When a browser loads the control panel/dashboard, the PHP authenticates the cookie. If it does not authenticate, the browser is redirected to the log-in page.

When the "Log-out" link is clicked, the browser is redirected to the log-out "thank you" page URL. A logged out cookie will be discarded completely when the browser is exited.

The Complete PHP Log-In System

Less than 3 dozen lines of PHP code are required for this PHP log-in page system.

About half of them are used on the log-in page. The other half on the control panel/dashboard page, the page that requires authentication before access is allowed.

The two work together by using the same cookie name for authentication.

No external files are required for the system to work, username and password being hard coded into the PHP itself. To change the username or the password requires access to your server and the permissions sufficient to modify files.

Question: Did you find this article interesting and understandable? How can it be improved? Your response is anonymous. When done typing, click anywhere outside the box. [more info]

Type your response here. Thank you.

Powered by "Real Time Reader Feedback" from WebSite's Secret.

Will Bontrager
©2008 Bontrager Connection, LLC

Please note: Articles on this website are presented "as is". However -

If you have a question about a CGI script, HTML, CSS, PHP, or JavaScript
Ask one of our Experts and you'll have your answer!
Click here for details.

© 1998-2001 William and Mari Bontrager
© 2001-2008 Bontrager Connection, LLC