We are going to create a simple login system using PHP code on our pages, and a MySQL database to store our users' information. We will track the users who are logged in with cookies.

我们将使用页面上PHP代码创建一个简单的登录系统，并使用一个MySQL数据库来存储我们的用户信息。 我们将跟踪使用cookie登录的用户。

数据库 ( The Database )

Before we can create a login script, we first need to create a database to store users. For the purpose of this tutorial we will simply need the fields "username" and "password", however, you can create as many fields as you wish.

在创建登录脚本之前，我们首先需要创建一个数据库来存储用户。 就本教程而言，我们只需要字段“用户名”和“密码”，但是，您可以根据需要创建任意多个字段。

CREATE TABLE users (ID MEDIUMINT NOT NULL AUTO_INCREMENT PRIMARY KEY, username VARCHAR(60), password VARCHAR(60))

This will create a database called users with 3 fields: ID, username, and password.

这将创建一个名为users的数据库，其中包含3个字段：ID，用户名和密码。

注册页面1 ( Registration Page 1 )

<?php
// Connects to your Database
mysql_connect("your.hostaddress.com", "username", "password") or die(mysql_error());
mysql_select_db("Database_Name") or die(mysql_error());
//This code runs if the form has been submitted
if (isset($_POST['submit'])) {
//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {
die('You did not complete all of the required fields');
}
// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'")
or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the name exists it gives an error
if ($check2 != 0) {
die('Sorry, the username '.$_POST['username'].' is already in use.');
}
//
this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
die('Your passwords did not match. ');
}
// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
}
// now we insert it into the database
$insert = "INSERT INTO users (username, password)
VALUES ('".$_POST['username']."', '".$_POST['pass']."')";
$add_member = mysql_query($insert);
?>
<h1>Registered</h1>
<p>Thank you, you have registered - you may now login</a>.</p>

注册页面2 ( Registration Page 2 )

<?php
}
else
{
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0">
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="10">
</td></tr>
<tr><td>Confirm Password:</td><td>
<input type="password" name="pass2" maxlength="10">
</td></tr>
<tr><th colspan=2><input type="submit" name="submit"
value="Register"></th></tr> </table>
</form>
<?php
}
?>

The full code can be found on GitHub: https://github.com/Goatella/Simple-PHP-Login

完整的代码可以在GitHub上找到： https : //github.com/Goatella/Simple-PHP-Login

If the form has not been submitted, they are shown the registration form, which collects the username and password.Basically what this does is check to see if the form has been submitted. If it has been submitted it checks to make sure that the data is all OK (passwords match, ​the username isn't in use) as documented in the code. If everything is OK it adds the user to the database, if not it returns the appropriate error.

如果尚未提交表单，则会向他们显示注册表单，该表单收集用户名和密码，基本上是检查表单是否已提交。 如果已提交，则检查以确保代码中记录的数据都正常(密码匹配，用户名未使用)。 如果一切正常，则将用户添加到数据库，否则，将返回相应的错误。

登录页面1 ( The Login Page 1 )

<?php
// Connects to your Database
mysql_connect("your.hostaddress.com", "username", "password") or die(mysql_error());
mysql_select_db("Database_Name") or die(mysql_error());
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))
//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: members.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}

登录页面2 ( The Login Page 2 )

else
{
// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
//then redirect them to the members area
header("Location: members.php");
}
}
}
else
{
// if they are not logged in
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
?>

This script first checks to see if the login information is contained in a cookie on the user's computer. If it is, it tries to log them in. If this is successful they are redirected to the members' area.​

该脚本首先检查用户计算机上的cookie中是否包含登录信息。 如果是，它将尝试登录它们。如果成功，则将它们重定向到成员区域。

If there is no cookie, it allows them to log in. If the form has been submitted, it checks it against the database and if it was successful sets a cookie and takes them to the members' area. If it has not been submitted, it shows them the login form.

如果没有cookie，则允许他们登录。如果已提交表单，它将对照数据库进行检查，如果成功，则设置cookie并将其带到成员区域。 如果尚未提交，则会显示登录表单。

会员专区 ( Members Area )

<?php
// Connects to your Database
mysql_connect("your.hostaddress.com", "username", "password") or die(mysql_error());
mysql_select_db("Database_Name") or die(mysql_error());
//checks cookies to make sure they are logged in
if(isset($_COOKIE['ID_my_site']))
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
//if the cookie has the wrong password, they are taken to the login page
if ($pass != $info['password'])
{ header("Location: login.php");
}
//otherwise they are shown the admin area
else
{
echo "Admin Area<p>";
echo "Your Content<p>";
echo "<a href=logout.php>Logout</a>";
}
}
}
else
//if the cookie does not exist, they are taken to the login screen
{
header("Location: login.php");
}
?>

This code checks our cookies to make sure the user is logged in, the same way the login page did. If they are logged in, they are shown the members area. If they are not logged in they are redirected to the login page.

此代码检查我们的cookie，以确保用户已登录，就像登录页面一样。 如果他们已登录，则会显示在成员区域。 如果未登录，它们将被重定向到登录页面。

登出页面 ( Logout Page )

<?php
$past = time() - 100;
//this makes the time in the past to destroy the cookie
setcookie(ID_my_site, gone, $past);
setcookie(Key_my_site, gone, $past);
header("Location: login.php");
?>

All our logout page does is destroy the cookie, and then direct them back to the login page. We destroy the cookie by setting the expiration to some time in the past.

我们注销页面的全部工作就是销毁cookie，然后将其引导回登录页面。 我们通过将过期设置为过去的某个时间来销毁cookie。