Want to create a website where people need to register to see the content? I will show you how you can create a simple registration page, Login page and how to restrict people to pages unless they are logged in.

For this you will need a web server that can handle PHP and MySQL.

Firstly you will need to find an editor you are comfortable using. I would recommend the free Aptana Studio tool (link open’s in a new page/tab). You can just as easily use notepad that comes with your computer.

In this tutorial you will be creating 4 files:

• index.php
• register.php
• members.php
• logout.php

We will firstly cover “index.php”. This is the first page people will see when then come to a website, so it best used as the login page (advanced users would be able to put this all into one file – but I will cover that in a later tutorial).

In PHP the first thing you need to remember is PHP Code is surrounded by the tags shown below:

<?php  ?>

The first part of the tag “<?php” tells the system that it needs to interpret the following lines as PHP and not HTML. You then use “?>” to tell it to resume looking for HTML code. You can break in and out of PHP when ever you need to. It does not need to only be done once per page.

<?
// Check if session exists - if not - start one
if (!isset($_SESSION)) {
session_start();
}
// Check if we are coming back to the page after user has submitted the form
if ( 'POST' == $_SERVER['REQUEST_METHOD'] )
{
//User has tried to login - so lets pull the information from the form fields
if(isset($_POST['username'])) $username=$_POST['username'];
if(isset($_POST['password'])) $password=$_POST['password'];
/*Now we have the information from the form, we will need to excrypt the
password field - so it should match the information stored in the database */
$password = md5($password); //encrypt with MD5
/* Now we will need to connect to the database and select from the database
where the username field matches the database field */
$dbhost = 'localhost'; //enter your correct server
$dbuser = 'database_user_name'; //enter your correct username
$dbpass = 'database_password'; //enter your correct password
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');
$dbname = 'database_name'; //enter your correct database name
mysql_select_db($dbname);
$sql = "select * from users where username='$username' and password='$password'";
$result = mysql_query($sql);
if (mysql_num_rows($result)!= 1) {
$error = "Login failed - Did you enter the correct details";
}else {
$_SESSION['username'] = "$username";  // set session username
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; //set session IP
// any other data needed to navigate the site or
// to authenticate the user can be added here
// could redirect to a member page or include a page with member information
header("Location: members.php"); /* Redirect browser */
/* Make sure that code below does not get executed when we redirect. */
exit;
}
}
mysql_close();
?>

Above you can see the full code for the log in page. I have added comments to help you understand what each section is doing.

<?
// Check if we are coming back to the page after user has submitted the form
if ( 'POST' == $_SERVER['REQUEST_METHOD'] )
{
  if(isset($_POST['username'])) $username=$_POST['username'];
  if(isset($_POST['password'])) $password=$_POST['password'];
  $password = md5($password); //encrypt with MD5

  $dbhost = 'localhost'; //enter your correct server
  $dbuser = 'database_username'; //enter your correct username
  $dbpass = 'database_password'; //enter your correct password
  $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die                          ('Error connecting to mysql');
  $dbname = 'database_name'; //entet your correct database name
  $dbtable = 'database_table_name';
  mysql_select_db($dbname);
  $sqlquery = "INSERT INTO $dbtable VALUES('','$username','$password','1')";

  $results = mysql_query($sqlquery);
  mysql_close();
  if ($results = "1") {
    header("Location: index.php"); /* Redirect browser */
    /* Make sure that code below does not get executed when we redirect. */
   exit;
  }
}

?>

Above you can see the full code for the registration page. Again – I have commented in the code where you need to make changes and what each line of PHP code does. The HTML code is very basic – only serving as a sample.

<?
 session_start();
 session_destroy(); // This will remove any and all session information from the users system, logging them out.
 header("Location: index.php"); // This will send them back to the log in index page.
 exit; // Don't run any code below this (keeps things clean).
?>

This is the log-out information. I have put it as a separate page, but this can be put into an include that is called when a user does an “on-click” event.

Finally this is the membership page – it ensures the sessions are correctly set and that they have a valid log in session.

<?
session_start();
// Check that users are logged in. If they are not we will send them back to the login page.
 if (!isset($_SESSION['username'])){
    header("Location: index.php"); /* Redirect browser */
    /* Make sure that code below does not get executed when we redirect. */
    exit;
   }
 else { // all the below will only show if the user is logged in.
?>
<?
}
?>