Simple PHP Login Script Tutorial

On this tutorial i’ll show you how to make a simple login portal using PHP for a client area of your website.

First of all you need to make a basic HTML form with a field for the username and a field for the password, these must be named ‘user’ and ‘pass’ respectively. Have this form point to your password protected page and paste the code below above the starting <html> tag of the page.

The script uses an array to specify valid usernames and passwords, so there is no need to set up a database.
Don’t forget to wrap the script below in <?php and ?>
[sourcecode language=”php”]//Start session

//Define the users and passwords.
$users = array(
array(“username2″,”password2″) //Remember to take the comma off the last entry.

//Define the log in page if login failed.
$exitpage = “login.htm”;

//Then we retrieve the posted values for user and password.
$user = $_POST[‘user’];
$pass = $_POST[‘pass’];

//Loop through our defined users
foreach($users as $values){
if($user == $values[0] && $pass == $values[1]){
//If user and pass match any of the defined users
$_SESSION[‘loggedin’] = true;

//If the session variable is not true, exit to exit page.
header(“Location: $exitpage”);
If you would like to make multiple pages password protected, use the script below at the top of the page above the <html> tag:
[sourcecode language=”php”]session_start();
//Put your log in page url in below
header(“Location: loginpage.php”);

You can download the source files below to see everything working together: (2.21 KB)

13 thoughts on “Simple PHP Login Script Tutorial”

  1. Hi there,
    I’ve been scanning all over for a simple PHP script to create a simple login area, and you seem to have it covered. Nice one. Trouble is, I just can’t get your code to work. I’m a numpty starter with no real PHP experience (a huge book to read though). I can re-direct a failed login to a new html page saying click login again, but I can’t seem to get a login to go to my secure page (in your examples ‘clientarea.php’). Am I missing something? All my script is at
    By the way your CSS anti-spam idea is genius! I may well try to get that to work too. Cheers! Martin :)

  2. Hi Martin, thanks for downloading! Ive made a slight amend to one of the files in the pack, should have sorted your problem!

  3. Hi Ben, i don’t want to sound too cheeky but is there any chance you would be able to expand this script to include some sort of logout button to clear the cookies?

    It’s no major thing but I feel it would be a nice addition to the script,

  4. Hi Ben, Im trying to add a client side to my photography website. What im after is a way for the customers to log in to see their private galleries. Is it possible to use this script to do just that? I would need the login to point to multiple pages as I have about 10 private galleries so far.

    Im a PHP newb so any help would be great!

  5. hi Ben.

    just used your login on a web site for the Citizens Advice Bureau in Liverpool.

    am no expert but it seems to work very well.

    i will tidy up the page and add recognition asap

    many thanks on behalf of all us newbies :)

    ps. agree with the cookies comment. W7 wants to do it all haha

  6. Nice one ! This is probably the smallest login script i’ve ever seen. If you want to see an extended version of your script (!) with a mySQL database check my script (it’s free and open source) at

  7. Pls Ben, is there any way u can help teach me in form of a video or an online class to attend for the perfection of knowing PHP well. Am a Novice.

  8. Nice one!

    I have modified it to include CSRF protection as well a MD5 password hash sent with MD5 JavaScript so that the password do not travel unencrypted when they leave the computer.
    The passwords are now stored as MD5 hashes on the landing page. :-)

  9. Hi Ben!

    Great script…but I have a couple questions…

    [1] Can the script be set-up to re-direct to a custom URL based on log-in name…for example…
    username – toughguy
    Upon successful log-in would re-direct to
    Where only username “toughguy” has access to said page.

    [2] Is there a way with the “loggedin” cookie to retain other variables such as username, email address, real name, etc. to deliver custom content across multiple pages on the same site? For example, pre-filling in submission form fields with user data.

    [3] Is there a way to create a “super user” or administrator log-in rights to view the custom user pages?

    Thanks much for the help!

  10. HockeyCoachBen, thanks for your comment.

    It sounds like you need something a lot more complex & most probably database driven to achieve what you’re looking for. Maybe try the script that Christian has mentioned above.

    Best of Luck!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>