1: SeIIing up Ihe MySCL IcL|e:

We shall use a MySQL table like this for storing administrator information:
id user_name user_pass
1 admin admin
2 swashata swashata
asically we shall encrypt the password inside the table. Just for the demonstration I have showed the
passwords above.
Now create a Database and inside it create a table login_admin with the following MySQL query
command:
?

CREATETABLElogin_admin
(
id INTNJTNULLAUTJ_INCREMENT,
user_name VARCHAR(100),
user_pass VARCHAR(200),
PRIMARYKEY(id)
)
Now insert the two user information inside the table with the following command:
?

INSERTINTJlogin_admin (user_name, user_pass)

VALUES
(
`swashata', SHA(`swashata')
)

INSERTINTJlogin_admin (user_name, user_pass)

VALUES
(
`admin', SHA(`admin')
)
Now your MySQL table is ready for use!
2: SeIIing up Ihe ccnfig.php fi|e:
As mentioned before, it just contains all the necessary MySQL Database connection information. Here
is the code for this file:
?

php
/
Contains all the basic Configuration

dbHost = Host of your MySQL DataBase Server... Usually it is localhost

dbUser = Username of your DataBase
dbPass = Password of your DataBase
dbName = Name of your DataBase
/
$dbHost= 'localhost';
$dbUser= 'Data Base User Name';
$dbPass= 'Data Base Password';
$dbName= 'Data Base Name';
$dbC= mysqli_connect($dbHost, $dbUser, $dbPass, $dbName)
ordie('Error Connecting to MySQL DataBase');

Just save this file with the above codes.

3: Ccce Lehinc Ihe |cgin.php Fi|e:
It shows up the login form and moves it to check_login for further processing!








01
02
03
04
03
06
07
08
09
10
11
12
13
14
13
16
17
18
19
20
21
!uCC1?L hLml u8LlC //W3C//u1u xP1ML 10 1ranslLlonal//Ln hLLp//wwww3org/18/xhLml1/u1u/xhLml1LranslLlonaldLd
hLml xmlnshLLp//wwww3org/1999/xhLml xmllangen langen
head
LlLleLogln uemo/LlLle
/head
body
?php
$logln_form LCu
form namelogln ldlogln meLhodCS1 acLloncheck_loglnphp
plabel forusernamelease LnLer username /labellnpuL LypeLexL slze100 nameusername ldusername valueLnLer username here //p
plabel forpasswordlease LnLer assword /labellnpuL Lypepassword slze40 namepassword ldpassword valueabracadabra //p
plnpuL LypesubmlL namesubmlL ldsubmlL valueSubmlL/ lnpuL LypereseL namereseL ldreseL valuereseL//p
/form
LCu
$msg $_CL1msg //CL1 Lhe message
lf($msg!) echo p$msg/p //lf message ls seL echo lL
echo h1lease enLer your Logln lnformaLlon/h1
echo $logln_form
?
/body
/hLml
%he msg variable is used to show any message to the user using GE% method.
4: Ccce 8ehinc Ihe check_|cgin.php fi|e:

php
define(DJC_RJJT,dirname(__FILE__)); // To properly get the config.php file
$username= $_PJST'username',; //Set UserName
$password= $_PJST'password',; //Set Password
$msg='';
if(isset($username, $password)) ,
ob_start();
include(DJC_RJJT.'/config.php'); //Initiate the MySQL connection
// To protect MySQL injection (more detail about MySQL injection)
$myusername= stripslashes($username);
$mypassword= stripslashes($password);
$myusername= mysqli_real_escape_string($dbC, $myusername);
$mypassword= mysqli_real_escape_string($dbC, $mypassword);
$sql="SELECT FRJM login_admin WHERE user_name='$myusername' and
user_pass=SHA('$mypassword')";
$result=mysqli_query($dbC, $sql);
// Mysql_num_row is counting table row
$count=mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1),
// Register $myusername, $mypassword and redirect to file "admin.php"
session_register("admin");
session_register("password");
$_SESSIJN'name',= $myusername;
header("location:admin.php");
,
else,
$msg= "Wrong Username or Password. Please retry";
header("location:login.phpmsg=$msg");
,
ob_end_flush();
,
else,
header("location:login.phpmsg=Please enter some username and password");
,

As you can see it registers _SESSION['name'] superglobal variable along with session_register and
then redirects to admin.php. Now lets see what the admin.php file has to protect it from unauthorized
use! Also note that if username and password do not match, then it redirects back to
the 4355 file with an error $ms.




5: Ccce Lehinc ccmin.php fi|e:
?







8
9








8
9

<.php
sessionstait(); Stait the session
uefine(ABNIN,SESSI0N|namej); uet the usei name fiom the pieviously iegisteieu supei global vaiiable
if(!sessionisiegisteieu(aumin)){ If session not iegisteieu
heauei(location:login.php); Reuiiect to login.php page
}
else Continue to cuiient page
heauei( Content-Type: texthtml; chaiset=utf-8 );
.>
<!B0CTYPE html P0BLIC -WCBTB XBTNL . TiansitionalEN http:www.w.oigTRxhtmlBTBxhtml-tiansitional.utu>
<html xmlns=http:www.w.oig999xhtml xml:lang=en lang=en>
<heau>
<title>Welcome To Aumin Page Bemonstiation<title>
<heau>
<bouy>
<h>Welcome To Aumin Page <.php echo ABNIN *Echo the useiname * .><h>
<p><a hief=logout.php>Logout<a><p> <!-- A link foi the logout page -->
<p>Put Aumin Contents<p>
<bouy>
<html>


I have put comments every where! So you will be able to easily understand the code! asically, here
you need to be creative to put the admin contents properly! What ever it is, it will only be shown to
authorized users. Also we have set a constant DMIN to fetch the username from the super global
variable $_SESSION['3ame'] and we can echo it where ever we want!
: Lcgging cuI wiIh |cgcuI.php
It is used to destroy the current session. It is very simple!
?

php
session_start(); //Start the current session
session_destroy(); //Destroy it! So we are logged out now
header("location:login.phpmsg=Successfully Logged out"); // Move back to login.php with a
logout message

Save the file with the above code and you are done!