Grow your CSS skills. Land your dream job.

Last updated on:

Login Function

These functions will log in a user based on a username and password being matched in a MySQL database.

// function to escape data and strip tags
function safestrip($string){
       $string = strip_tags($string);
       $string = mysql_real_escape_string($string);
       return $string;

//function to show any messages
function messages() {
   $message = '';
   if($_SESSION['success'] != '') {
       $message = '<span class="success" id="message">'.$_SESSION['success'].'</span>';
       $_SESSION['success'] = '';
   if($_SESSION['error'] != '') {
       $message = '<span class="error" id="message">'.$_SESSION['error'].'</span>';
       $_SESSION['error'] = '';
   return $message;

// log user in function
function login($username, $password){

 //call safestrip function
 $user = safestrip($username);
 $pass = safestrip($password);

 //convert password to md5
 $pass = md5($pass);

  // check if the user id and password combination exist in database
  $sql = mysql_query("SELECT * FROM table WHERE username = '$user' AND password = '$pass'")or die(mysql_error());

  //if match is equal to 1 there is a match
  if (mysql_num_rows($sql) == 1) {

                          //set session
                          $_SESSION['authorized'] = true;

                          // reload the page
                         $_SESSION['success'] = 'Login Successful';
                         header('Location: ./index.php');

   } else {
               // login failed save error to a session
               $_SESSION['error'] = 'Sorry, wrong username or password';


Values would be captured from a form and then passed to the main function:

login($username, $password);

All pages involved would have the messages function somewhere so proper use feedback is given:



  1. kneep
    Permalink to comment#

    // log user in function
    function login($username, $password){

    //call safestrip function
    $user = safestrip($user);
    $pass = safestrip($pass);

    first you use the full $username and $password variables, then you use short version of them…this will not work this way

  2. Permalink to comment#

    Thanks Chris,

    i find your site very informative and a lot of good stuff that i learn from you

  3. Tom

    Hey Chris

    Love the site – quick question about this snippet.

    I had some issues with this, the sql query wouldn’t grab my username and or password until i moved…

    //convert password to md5
    $pass = md5($pass);

    below the query snippet

    im new to md5 function and im not sure if what i did was correct but its the only way it seems to be running correctly.

    • Dyllon
      Permalink to comment#

      That just means your passwords in your database aren’t hashed.

      md5 gives your string of text an irreversible 32 character hash code.

      would come out to be:

      it’s very useful for if anyone should get into your database, they won’t know the passwords of all of the users.

    • @Dyllon
      Rainbow tables – MD5 is regarded as one of the worst encryption methods currently used.
      I’d recommend crypt()

      Here’s a function I’ve used for years (and no-one else has even come close to cracking it!)

      function mtgCrypt($pass) {
          return crypt($pass, '$6$rounds=5000$aZXCeqsdGEADfubAFSDBUIegdvbuiEG8432$');

      Change the “aZXCeqsdGEADfubAFSDBUIegdvbuiEG8432″ to whatever you want – as long as it does NOT dynamically change (for example, using rand() functions to generate a string) – it’s gotta stay the same ;)

  4. Permalink to comment#

    If you don’t initialize the sessions calling a session_start() your session variables will always get by the false option…

  5. Permalink to comment#

    Hey, I was curious, If i was to use this, Do i need to paste it on every page that has to have a log in?
    How do i make multiple pages where you need to log in from?
    Email me your answer please. Thank you.

    • Sankar
      Permalink to comment#

      Hi all,

      I too searching for the same .. Why can’t you guys create a code for full login modules and post here. So that most of the people can use it.
      Waiting for response. Atleast via E-mail.


  6. ND
    Permalink to comment#

    Hello Chris,

    can I use this Login-function in WordPress too ?
    Which modifications should I use if required ?
    Is there an Video or Artikel about enduser-login, registration with wordpress ?



  7. I would steer clear from using MD5 hashes as it is no longer considered secure.

Leave a Comment

Posting Code

Markdown is supported in the comment area, so you can write inline code in backticks like `this` or multiline blocks of code in in triple backtick fences like this:

<div>Example code</div>

You don't need to escape code in backticks, Markdown does that for you. If anything screws up, contact us and we can fix it up for you.

*May or may not contain any actual "CSS" or "Tricks".