Joe2Torials.com

Admin Section

Have you ever wanted to add your own admin section to your website that only you can get to, well with this script now you can. All you need is PHP and MySQL.

First thing your going to need to do is create your database, call it 'login'. Next thing is to go into PHPMyAdmin and add the following query to your database:

CREATE TABLE login (
ID int NOT NULL AUTO_INCREMENT,
user varchar(30),
pass varchar(30),
INDEX (ID)
);

Done that? good, next thing we need to do is create our login form. The one I used was:

<form method="post" name="login" action="process.php">
<p>Username : <input type="text" name="username" /></p>
<p>Password : <input type="password" name="password" /></p>
<p><input type="submit" name="submit" value="Submit" /></p>
</form>
<?php
if (isset($_GET['error'])) {
  echo 'Invalid login data supplied. Please try again.';
}
?>

Now, in this code you can see that when the submit button gets pressed it takes us to our process.php page, this is for processing the login and making sure that the user actually exists. The code at the bottom of this script:

<?php
if (isset($_GET['error'])) {
  echo 'Invalid login data supplied. Please try again.';
}
?>

Just means, if there is an error write on the page 'Invalid login data supplied. Please try again.. on the page. The next part of the code is process.php.

process.php

<?php
session_start();

$dbHost = ""; // Database Connection Details - host
$dbUser = ""; // Database Connection Details - username
$dbPass = ""; // Database Connection Details - password
$dbname = ""; // Database Connection Details - database name

$username = $_POST['username'];
// Stores our inputted data in these variable names

$password = $_POST['password'];
// Stores our inputted data in these variable names

$db = mysql_connect($dbHost,$dbUser,$dbPass); // Connection Code
mysql_select_db($dbname,$db);                 // Connects to database

$query = "SELECT user, pass FROM login WHERE user = '$username'
AND pass = '$password'";
$result = mysql_query($query, $db);
if(mysql_num_rows($result)) {
   $_SESSION['loggedin'] = 1;
   header('Location: http://www.domain.com/admin.php');
   exit(); }
else {
   header('Location: http://www.domain.com/form.php?error=1');
   exit(); }
?>

Something you may not have seen before is session_start();. Here we are using sessions, this is the code to declare that we are doing so. The code that you may already know, have got php comments next to them, the rest I will explain.

$query = "SELECT user, pass FROM login WHERE user = '$username' AND pass = '$password'";
$result = mysql_query($query, $db);

Select the fields 'user' and 'pass' from the table 'login' and give the data inside the user field the variable name $username and the password field the variable name $password. The second line of the code is the whole query which we are giving a variable name $result.

if(mysql_num_rows($result)) {
   $_SESSION['loggedin'] = 1;
   header('Location: http://www.domain.com/admin.php');
   exit(); }
else {
   header('Location: http://www.domain.com/form.php?error=1');
   exit(); }
?>

Here we have, the if/else statement, if our variables from the form match the data inside the database then forward you to http://www.domain.com/admin.php. If they do not match then go back to our login form with an error.

Still with me? good, now lets move onto our admin section.

<?php
session_start();

if(!isset($_SESSION['loggedin'])) {
   header('Location: http://www.domain.com/form.php?error=1');
   exit();
}
?>
Welcome to the admin section. <a href="logout.php">Log out</a>.<br />

You remember those sessions I was telling you about, this is where they come into play, the code we have in basic english translates to:

<?php
declare that we are using sessions

if(we are not logged in forward the user to) {
   this URL('Location: http://www.domain.com/form.php?error=1');
   exit();
}
?>
If we are logged in we will be able to see our content which is displayed here.

Easy huh? The next part would be our logout script, which is very simple. Sessions are stored in the users browser and stay there until they logout or close the browser window, so all we need to do on the logout script is destroy these variables.

<?php
session_start();
// declare that we are using sessions

session_unset();
// unset our sessions

session_destroy();
// now destory them and remove them from the users browser

header('Location: http://www.domain.com/');
// forward you to a page of your choice

exit(); // exit
?>