Simple Authorization via Database in PHP
Let's implement the simplest authorization based on a database, for now without registration. Instead of registering users, we will simply enter their logins and passwords into a table in the database:
| id | login | password |
|---|---|---|
| 1 | user | 12345 |
| 2 | admin | 123 |
Now let's create a form where the login and password will be entered:
<form action="" method="POST">
<input name="login">
<input name="password" type="password">
<input type="submit">
</form>
Now let's write the code that will check if the form has been submitted and, if so, check if there is a user in the database with that login and password:
<?php
if (!empty($_POST['password']) and !empty($_POST['login'])) {
$login = $_POST['login'];
$password = $_POST['password'];
$query = "SELECT * FROM users WHERE login='$login' AND password='$password'";
$res = mysqli_query($link, $query);
$user = mysqli_fetch_assoc($res);
if (!empty($user)) {
// user is authorized
} else {
// incorrect login or password
}
}
?>
Implement the authorization described above. Make it so that if the user has passed authorization, a message is displayed, and if not, then a message that the entered login or password is incorrect.
Modify the code so that in case of successful authorization, the form for entering the password and login is not displayed on the screen.
Modify the code so that in case of successful
authorization, a redirect to the page
index.php occurs.
Modify the code so that on the page
index.php a message about
successful authorization is displayed. Solve the task using
flash messages in sessions.
