HTTP is a stateless protocol. Session is required to maintain the state.
session_start();
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<h1 align="center">LOGIN</h1>
<form method="post">
<table align="center" cellspacing="10">
<tr>
<td><b>User ID</b></td>
<td><input name="uid" type="text"></td>
</tr>
<tr>
<td><b>Password</b></td>
<td><input name="pwd" type="password"></td>
</tr>
<tr>
<td colspan="2" align="center">
<input name="submit" type="Submit" value="Login">
<input type="reset">
</td>
</tr>
</table>
</form>
<?php
if (isset($_POST['submit'])) {
$_SESSION['uid'] = $_POST["uid"];
$_SESSION['pwd'] = $_POST["pwd"];
header("Location:welcome.php");
}
?>
</body>
</html>
welcome.php
<?php
session_start();
?>
<html>
<head>
<title>Welcome</title>
</head>
<body>
<form action="logout.php" method="post" align="right">
<input type="submit" value="Logout">
</form>
<?php
//Access login details
$uid=$_SESSION['uid'];
$pass=$_SESSION['pwd'];
//Connection establishment
$conn=mysql_connect('localhost:3306','root','admin');
if(!$conn){
die("Connection Failed".mysql_error());
}
//Selecting database
$selectdb=mysql_select_db("onlineBookStore");
if(!$selectdb){
die("Database not found".mysql_error());
}
//Executing query
$q="select * from reg;";
$retrecs=mysql_query($q);
//Retrieving records from register table and compare with login details
while ($rec=mysql_fetch_array($retrecs,MYSQL_ASSOC)) {
if ($rec["username"]==$uid && $rec["password"]==$pass) {
$flag=1;
break;
}
}
mysql_close($conn);
//Welcome message for valid details
if($flag==1){
echo "Welcome ".$uid;
}
//Warning message for invalid login details and redirect to login page
else{
echo '<script>alert("Invalid User ID/Password."); window.location.href="login.php";</script>';
}
?>
</body>
</html>
logout.php
<?php
session_start();
session_unset();
session_destroy();
header("Location: login.php");
die();
?>
Every user will have his own session which will be created after his successful login to the website. When the user logs out his session should get invalidated.
login.php
<?phpsession_start();
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<h1 align="center">LOGIN</h1>
<form method="post">
<table align="center" cellspacing="10">
<tr>
<td><b>User ID</b></td>
<td><input name="uid" type="text"></td>
</tr>
<tr>
<td><b>Password</b></td>
<td><input name="pwd" type="password"></td>
</tr>
<tr>
<td colspan="2" align="center">
<input name="submit" type="Submit" value="Login">
<input type="reset">
</td>
</tr>
</table>
</form>
<?php
if (isset($_POST['submit'])) {
$_SESSION['uid'] = $_POST["uid"];
$_SESSION['pwd'] = $_POST["pwd"];
header("Location:welcome.php");
}
?>
</body>
</html>
welcome.php
<?php
session_start();
?>
<html>
<head>
<title>Welcome</title>
</head>
<body>
<form action="logout.php" method="post" align="right">
<input type="submit" value="Logout">
</form>
<?php
//Access login details
$uid=$_SESSION['uid'];
$pass=$_SESSION['pwd'];
//Connection establishment
$conn=mysql_connect('localhost:3306','root','admin');
if(!$conn){
die("Connection Failed".mysql_error());
}
//Selecting database
$selectdb=mysql_select_db("onlineBookStore");
if(!$selectdb){
die("Database not found".mysql_error());
}
//Executing query
$q="select * from reg;";
$retrecs=mysql_query($q);
//Retrieving records from register table and compare with login details
while ($rec=mysql_fetch_array($retrecs,MYSQL_ASSOC)) {
if ($rec["username"]==$uid && $rec["password"]==$pass) {
$flag=1;
break;
}
}
mysql_close($conn);
//Welcome message for valid details
if($flag==1){
echo "Welcome ".$uid;
}
//Warning message for invalid login details and redirect to login page
else{
echo '<script>alert("Invalid User ID/Password."); window.location.href="login.php";</script>';
}
?>
</body>
</html>
logout.php
<?php
session_start();
session_unset();
session_destroy();
header("Location: login.php");
die();
?>
