Creating the Login Form:
The first thing we need to do is create a form that a user can fill out in order to log into the website. Here is a simple example of a login form:

<form name=”login” action=”login.php” method=”post”>
Username: <input type=”text” name=”username” size=”30″ maxlength=”255″ /><br/>
Password: <input type=”password” name=”password” size=”30″ maxlength=”255″ /><br/>
<input type=”submit” value=”Login” />

Now that the form is created, we need to make login.php which will check the login info and set the cookie if it’s valid.

Creating the login.php file:
The login.php file will check to see that the username and password that have been entered into the form are valid. If they are, we will set a cookie with their information. This script assumes you are storing your passwords in the database using MD5. Here is what login.php will look like:


//include the database connection here...

//convert username to uppercase... make it non-case sensitive.
//then use the MD5 algorithm on the password
$username = strtoupper($_POST['username']);
$password = md5($_POST['password']);

//query to run to database.  also converts username to uppercase.
//counts how many times the username and password match (will either be 0 or 1)
$query = "select * FROM users WHERE
UPPER(username) = '$username' AND
password = '$password'";

$result = mysql_query($query);
$count = mysql_num_rows($result);

if ($count > 0)
//the username and password match.  we can now store the userid and password in the cookie.
//we can use this for subsequent pages to figure out who the user is.
$result = mysql_fetch_array($result);
$userId = $result['userid'];

//set the cookie
setcookie("userId", $userId, time()+60*60*24*30);
setcookie("userPass", $password, time()+60*60*24*30);

//let them know they're logged in now.
echo 'You are now logged in!';
//something wasn't right, so we can't log them in.
echo 'Either your username or password were not correct.  Try again.';

That’s bascially all there is to it. Now you can use the cookie data on other pages to check and see if they’re logged in. It would be wise to also include a php file that verifies the cookie data (eg: checks the userid with the password against the one in the database so someone isn’t spoofing a cookie).