How to Build a PHP Login Form Using Sessions

DISCLAIMER: This post may contain “affiliate” links to products and services I recommend. I’ll receive a small commission if you decide to purchase one of these products or services. I only recommend products I genuinely believe will help you in running your freelance business.

First: should you use sessions or cookies?

That’s the first big question I see. In most cases, you should use sessions. There are some exceptions, but it’s usually very specific cases and at the far end of “complex” if/when you do it. Why? Session data is stored on the server and therefore is, in general, safer to work with.

Whereas, cookies are stored in the browser…

And, it’s the Wild West out there, partna!

Okay, that outta the way… let’s get into how to do this.

I just went through all this in recording my latest course, How to Create a Login Script, and always do a bunch of research to make sure I’m up to date on the latest and greatest in whatever topic.

So, the basic idea is this:

User submits login form
Password is verified
Create a session variable
Check session variable on every page load
Destroy session on logout

Okay, let’s look at some code.

Login Form

Nothing special here, really. A simple form that includes username and password fields. Action parameter is left blank assuming this form submits to itself. Of course, change that if you have a processing script at a different URL that you want to use.

<form action="" method="post">
    <input type="text" name="username" placeholder="Enter your username" required>
    <input type="password" name="password" placeholder="Enter your password" required>
    <input type="submit" value="Submit">
</form>

Process Login

Here, we do a couple things. First, we look for and grab the user data from the database based on the username submitted. Then, we verify the password submitted against the password hash stored in our database using password_verify(). Finally, we create the user session if the password is correct. It’s this session variable we’ll check on each page load going forward.

<?php
// Always start this first
session_start();

if ( ! empty( $_POST ) ) {
    if ( isset( $_POST['username'] ) && isset( $_POST['password'] ) ) {
        // Getting submitted user data from database
        $con = new mysqli($db_host, $db_user, $db_pass, $db_name);
        $stmt = $con->prepare("SELECT * FROM users WHERE username = ?");
        $stmt->bind_param('s', $_POST['username']);
        $stmt->execute();
        $result = $stmt->get_result();
    	$user = $result->fetch_object();
    		
    	// Verify user password and set $_SESSION
    	if ( password_verify( $_POST['password'], $user->password ) ) {
    		$_SESSION['user_id'] = $user->ID;
    	}
    }
}
?>

Page

Any pages you want to “protect”, you’d want to check for the required $_SESSION variable. This is a simple example of how to do that.

<?php
// You'd put this code at the top of any "protected" page you create

// Always start this first
session_start();

if ( isset( $_SESSION['user_id'] ) ) {
    // Grab user data from the database using the user_id
    // Let them access the "logged in only" pages
} else {
    // Redirect them to the login page
    header("Location: http://www.yourdomain.com/login.php");
}
?>

Logout

Logout is pretty straight-forward. We just destroy the session, so now the $_SESSION variable won’t exist and users will be directed to log in again. Keep in mind, this also happens whenever the browser is closed because we’re using sessions.

<?php
// Always start this first
session_start();

// Destroying the session clears the $_SESSION variable, thus "logging" the user
// out. This also happens automatically when the browser is closed
session_destroy();
?>

So, that’s the basic nuts and bolts of creating a login system using PHP sessions. If you want to keep going with this tutorial, you can on my free tutorial site here: https://johnsfreetuts.com/logintut/

Later,

John

Yes, IT degrees are still dumb in 2020

The WORST freelancing advice

Two Words That Radically Changed My Freelance Business

The Den of Thieves Conspiring Against Your Freelance Success

How to Seduce Potential Clients Into Hiring You

The Next Time a Freelance Client Bitches About Your Rate

Do you want more freelance clients?

I’ll show you what I learned over the last 15 years to grind out (from absolute scratch) a backlog of new clients wanting to hire you. Who your best client prospect are, what services you should be offering them, where to find them and more. Just enter your email address in the box below and let’s get started:

JOHN MORRIS

I’m a 15-year veteran of freelance web development. I’ve worked with bestselling authors and average Joe’s next door. These days, I focus on helping other freelancers build their freelance business and their lifestyles.

This Post Has 8 Comments

James Alford
2 Nov 2018 Reply

Your material looks great. I’m really keen to take your online tutorial, but the reviews for skillshare are generally terrible… I’ll wait and hope you can offer your material through a more reputable service.
1. John Morris
  2 Nov 2018 Reply
  
  All my stuff is on Patreon, as well: http://johnmorrisonline.com/patreon
John obed
15 Feb 2019 Reply

Very good tutorial sir, but i tried this method and it just keeps redirecting me to the same login page even after i post correct username and password….
Vincent Mossman
25 Feb 2019 Reply

John,

Make sure you have whatever page you want users to go to in the field.
Crimson
10 Mar 2019 Reply

Thanks for sharing this! Really helped a lot! Simple and straight forward!
saulbejarano
20 Mar 2019 Reply

I keep receiving a Uncaught Error: Call to a member function bind_param() on boolean using PHP7
Robert
23 Mar 2019 Reply

Iearned alot
Awal Khan
16 Sep 2019 Reply

Truly helpful material

Do you want more freelance clients?

Enter your email below to get started building your system for consistently bringing in new freelance clients:

WHAT OTHERS ARE SAYING

Bradley Smith

John and I have worked together on numerous projects. John is very quick and efficient and was a pleasure to work with.

Thabo Motsoahae

John is one of the best instructors I have come across, I learned a lot from his online tutorials.

Daniel Mohlendick

On the Freelancing on Upwork course: “This is by far the best course i have watched on Skillshare!! Thank you so much.”

Bob Patterson

Not only is John a very talented programmer and developer, he is also an excellent communicator. He has a talent for taking complex subjects and communicating them in terms that anyone can understand. This is a rare combination. This ability has enabled me to take my skills and knowledge to the next level. Thank you John for for all that you do.

Ray Edwards

I recommend John every chance I get. If every person I worked with were as committed to excellence, punctuality, value, and unquestionable integrity… the world would be a better place. Highest recommendation.

Xan Barksdale

Very professional worker who is extremely knowledgable in WordPress and Wishlist Member. I would definitely hire again.

Sukh Plaha

John is a fantastic and patient tutor, who is not just able to share knowledge and communicate it very effectively – but able to support one in applying it. However, I believe that John has a very rare ability to go further than just imparting knowledge and showing one how to apply it. He is able to innately provoke one’s curiosity when explaining and demonstrating concepts, to the extent that one can explore and unravel their own learning journey. Thanks very much John!

John Morris

Developer. Freelancer. Teacher

How to Build a PHP Login Form Using Sessions

Login Form

Process Login

Page

Logout

You might also like

Yes, IT degrees are still dumb in 2020

The WORST freelancing advice

Two Words That Radically Changed My Freelance Business

The Den of Thieves Conspiring Against Your Freelance Success

How to Seduce Potential Clients Into Hiring You

The Next Time a Freelance Client Bitches About Your Rate

Do you want more freelance clients?

JOHN MORRIS

This Post Has 8 Comments

James Alford

John Morris

John obed

Vincent Mossman

Crimson

saulbejarano

Robert

Awal Khan

Leave a Reply Cancel reply

Do you want more freelance clients?

POPULAR TOPICS

WHAT OTHERS ARE SAYING

Bradley Smith

Thabo Motsoahae

Daniel Mohlendick

Bob Patterson

Ray Edwards

Xan Barksdale

Sukh Plaha

Navigation

Do you want more clients?