mvital

To begin with, we will help you create the database that we will use to authenticate off of. Keep in mind, this is a very simple tutorial and there are many other ways for you to do this. Obviously, you'll need MySQL up and running on your machine and know a bit about how to use it. If you don't know how to use MySQL yet, poke around on the net and look for an introduction. I'm sure there is one somewhere.

So, now that we have it up and running and ready to go, get to the mysql> prompt, get into the databse that you want to use (use <database>) and type in the following:

CREATE TABLE user (
name VARCHAR (20),
password VARCHAR (20),
ID INT NOT NULL AUTO_INCREMENT,
PRIMARY KEY (ID));

This will create a table with a name field for the username and a password field, well, for the password. Right now, we will not worry with encrypting the password or anything. It will just be plain text in there, viewable to anyone that can view the database. You can change this later very easily if you want, just encrypt it somehow.

Now, on to more important matters - how do I get the user's input? Easy. Just whip up a little form that will do the work for you. Here's a sample example for you: (this one includes a table around the form to make it look nice)

<form method=post action="<?echo $PHP_SELF?>">
<table cellpadding=2 cellspacing=0 border=0>
<td>Username:</td><td><input type="text" name="username" size=10></td><tr>
<td>Password:</td><td><input type="password" name="password" size=10></td><tr>
<td>&nbsp;</td><td><input type="submit" name="submit" value="Log In"></td>
</table></form>

This form has spots for a username and a password with text boxes for both of them. The last form item is the "submit" button. This allows the user to send off the information when they have completed the form. Now, you'll notice that not only does that button have a name of "submit" but that the form also references the same page with the <?echo $PHP_SELF ?>. This allows you to do the authentication on the same page as the form, reducing the number of pages required on the site.

Next, we come to the actual script for the authentication. It's relatively simple, especially if you have any experience with pulling information from a MySQL database.

Here's some sample code for you to work with:
if ($submit) {
$db=mysql_connect("localhost","user") or die ("cant connect");
mysql_select_db("database",$db) or die ("cant change");
$result=mysql_query("select * from users where name='$username'",$db) or die ("cant do it");
while ($row=mysql_fetch_array($result)) {
if ($row["password"]==$password) {
printf("Successfully Logged In!<a href=\"default.php?\"'>Click Here</a>");
}
}
}

Now, let's take a look at this script. The first few lines are what you use to tell the PHP what connection, database and table to look in. The first line makes the connection to the MySQL database and assigns that connection to $db. The next line chooses the database on the server using that connection. And the third line is the part that actually does the query. It looks for all of the records that have the value for $username in their "name" field from the form.

The next section takes those results and checks them against the user input. It gets the "password" field for the record selected and checks it against the user input. If they match, the link will take them to a valid logged in page.

It's that easy! I hope that this tutorial has provided you with a bit of an idea on how to create a user validation form, and again, I know that it is not the most comprehensive, but it is simply an introduction to the idea behind authenticating from a database.

:surmunity: