Simple Login System PHP | No MySql
Welcome to our first tutorial on PHP. In this tutorial I'll be teaching you How to make a simple login system using PHP without MySql. This tutorial is easy to follow and it will teach you step by step.
Overview
Our login system will consist of three different files :-
1. main_login.php
2. check_login.php
3. login_success.php
2. check_login.php
3. login_success.php
Steps
1. Create XML file to store username and password2. Create file main_login.php.
3. Create file checklogin.php.
4. Create file login_success.php.
5. Create file logout.php
Step 1 : Creating XML file
As we are not using MySQL that's why we are using XML to store username and passwords. So lets create 'abc.xml' and write down some code in it.<?xml version='1.0' encoding='UTF-8' ?>
<user>
<password>asdfghjkl</password>
</user>
We are not storing username in XML because we'll be using name of the file as our username like in our 'abc.xml'. 'ABC' is username while password is stored inside abc.xml .We will be using PHP's inbuilt function to process this xml.
Step 2 : Creating Login Form
First we will be creating file named 'main_login.php'. Which will be keeping our HTML form markup.
<form action='checklogin.php' method='post'>
<div>
<label>Username :</label>
<input type='text' name='user' required>
</div>
<div>
<label>Password</label>
<input type='password' name='password' required>
</div>
<button type='submit'>Login</button>
</form>
Step 3 : Processing Login Form Data
Here we'll be creating file named 'checklogin.php'. Which will contain some PHP that will be processing data received from html form.
<?php
if(!empty($_POST['user']) and !empty($_POST['password'])){//Checks that data received from form is not empty
$user=$_POST['user'];
$pass=$_POST['password'];
if(is_file("$user.xml")){//Checks file related to username exists or not
$xml=simplexml_load_file("$user.xml"); //Converts XML file into simple object
if($xml->password==$pass){ //Matches password from file and form
session_start(); //Starts session
$_SESSION['user']=$user; //Sets user into S_SESSION global array
header("location:login_success.php"); // redirects login_success.php
}else{echo'wrong username or pass';}
}else{echo'wrong username';}
}else{
header('location:main_login.php');// Redirects to form page if username or password is empty
}
?>
Step 4 : Checking Logging
Viewer will not able to see this page if he/she is not logged in. Now we will create file named "login_success.php" with following code.
<?php
session_start();
if(!empty($_SESSION['user'])){
session_start();
if(!empty($_SESSION['user'])){
echo"logged in";
}else{
session_destroy();//Destroys current session
header('location:main_login.php');
exit();//Stops all code from being executed
}
?>
}else{
session_destroy();//Destroys current session
header('location:main_login.php');
exit();//Stops all code from being executed
}
?>
Tips
- Instead of storing password directly it is recommended to store password as hash(encrypted) string. Like : storing $2y$10$ZHyXqkCGFrMJ.BJLKQxnGup3//NJZys.dJXmVecWBtK1NUCT/Df1W instead of asdfghjkl and validate using password_verify() function. Read More.
- session_start() must before any html tags.
- To destroy session use session_destroy(); function.
