in a nutshell:
login.php
<?php
session_start();
function hhb_tohtml($str)
{
return htmlentities($str, ENT_QUOTES | ENT_HTML401 | ENT_SUBSTITUTE | ENT_DISALLOWED, 'UTF-8', true);
}
$accounts=array(
//username =>password
'smith'=>'smell',
'admin'=>'password',
'guest'=>'guestpass'
);
if(array_key_exists('submit',$_POST)){
if(!array_key_exists('username',$_POST)){
$username="";
} else
{
$username=$_POST['username'];
}
if(!array_key_exists('password',$_POST)){
$password='';
}else {
$password=$_POST['password'];
}
if(!array_key_exists($username,$accounts)){
die('This username does not exist.');
}
if($accounts[$username]!==$password){
die('wrong password!');
}
$_SESSION['logged_in']=true;
$_SESSION['username']=$username;
die('you have logged in as: '.hhb_tohtml($username));
}
?>
<!DOCTYPE html>
<html>
<head><title></title></head>
<body>
<form action="?" method="post">
Username: <input type="text" name="username" /><br>
Password: <input type="password" name="password" /><br>
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>
and in other places, like controlpanel.php:
session_start();
if(!isset($_SESSION['logged_in'])){die('you need to login first!');}
the session id will be stored in a cookie, thanks to session_start(), and the server will remember whether or not this session id is logged in.
7
solved Setting up a log-in for a website using PHP [closed]