Outdated: This post stores and compares passwords in plaintext, which is insecure. Modern PHP provides password_hash() and password_verify() for secure password handling. Any production login system should also include CSRF protection and rate limiting.

This PHP login script example is a very simple login system which you can use as a base for your future projects. You should note that it needs to be secured before using on a live system. Some things to do before using it: md5 the password and compare against a md5 encrypted version of the submitted form password, set cookie which can be then checked at the admin.php page if login was successful.

<?php $user = "user"; $pass = "pass"; $access = false; // deny access by default if($_REQUEST['username']==$user and $_REQUEST['password']==$pass) // checks if username and password are correct { $access = true; } else // username or password are wrong { $error = true; } if($error===true){ echo " Login Error "; } if($access === true){ header("Location: ./admin.php"); die(); // login successful // redirect to real page } $thispage = htmlentities($_SERVER['PHP_SELF'], ENT_QUOTES); ?> <form action="" method="POST">

If you don’t like request based logins, you may also use PHP’s HTTP authentication.