When you start the program, you will be faced with a login screen. Now I know that a login script is not strictly necessary, but for those of you who work in a company or for those of you who are security conscious and want to know who issued an invoice when, this might be useful.  So I will run through the creation and function of the login script.

The first thing we need to do is create a table. Here is the script: 

CREATE TABLE `users` (
  `uid` int(11) NOT NULL auto_increment,
  `uname` varchar(10) NOT NULL default '',
  `upass` varchar(6) NOT NULL default '',
  `fname` varchar(100) NOT NULL default '',
  `lname` varchar(100) NOT NULL default '',
  `level` enum('admin','normal') NOT NULL default 'normal',
  `ploggedin` datetime NOT NULL default '0000-00-00 00:00:00',
  PRIMARY KEY  (`uid`)
)

The table fields are pretty much self explanatory:

Uid - user ID generates a unique number for every user

Uname - Shows user name

Upass - The user password

Fname - Stores the actual name of the user

Lname - Stores the actual surname  of the user

Level - Shows which privileges a user is assigned

Ploggedin - Stores the date the user logged in previously.

It is a very general way of recording user data. You can of course add more user data as you see fit. Additional information that you might want to add can be an email/home address, home/mobile phone numbers, and so on. This is the table that we will use to log a user in and out of the system.

Open up your favorite text editor, create a new PHP document and save it as login.php. Add the following code:

Code 1. Login Script

<?PHP
ob_start();
session_start();
include "connect.php";
if(isset($_POST['Submit'])){
//transfer to shorter var
$n=$_POST['uname'];
$p=$_POST['upass'];
$query="select * from users where uname='$n'  and upass='$p' ";
$result=mysql_query($query);
$num=mysql_num_rows($result);
if($num<1 ){
$act = "Login failed! Either your password or username did not match";
}else{
$row = mysql_fetch_assoc($result);
//put in session vars
$mytime=time();
$mytime=date("H:i:s A",$mytime);
$_SESSION['time'] = $mytime;
$_SESSION['status'] = 'logged';
$_SESSION['username'] = $n;
$_SESSION['u_id']=$row['uid'];
//goto next page
header("location:main.php");
exit;
}
}
?>

What is going on in this script? Well, let's walk through the code. The first line is 'ob_start().' This function prevents the 'Headers already sent' error from occurring by turning output buffering on. No output is sent when buffering is turned on except for headers. As you will see lower down in the script I call the 'header' function.

Then we start the session by calling the 'session_start()' function. This function will enable us to use session variables that will be used throughout the program. The next step is to check whether the form has been submitted:

if(isset($_POST['Submit'])){

If so, we take the submitted username and password and run a query based on those values:

$n=$_POST['uname'];
$p=$_POST['upass'];
$query="select * from users where uname='$n'  and upass='$p' ";
$result=mysql_query($query);
$num=mysql_num_rows($result);

The total number of rows returned is stored in the $num variable. If no rows are returned, then it means that no records matching that username and password were found, in which case the user is returned to the login page with a error message:

if($num<1 ){
$act = "Login failed! Either your password or username did not
match";

Otherwise, if there is a matching record, we retrieve it, store the username and user ID in session variables and then send the user through to the main page of the program:

$_SESSION['time'] = $mytime;
$_SESSION['status'] = 'logged';
$_SESSION['username'] = $n;
$_SESSION['u_id']=$row['uid'];
header("location:main.php");
exit;
}

That's all there is to the login script. To finish off the login script, create a new PHP document, save it as logout.php and add the following code:

Code2 Logout.php

<?
ob_start();
session_start();
include "connect.php";
$query = "UPDATE users SET ploggedin = '".$datemod."' WHERE uid =
'".$_SESSION['u_id']."'";
mysql_query($query);
session_unset();
session_destroy();
header( "Location:login.php" );
exit();
?>

Basically this code enables the user to log out of the system. You need to call session_start() whenever you are going to use session variables. Session_unset and session_destroy are used to delete or destroy the session that the user was logged into. And the header call is used to send the user back to the login page:

session_unset();
session_destroy();
header( "Location:login.php" );
exit();

Before all this is done the users table is updated. This is because we need to record the time and date that the user logged out of the system:

$query = "UPDATE users SET ploggedin = '".$datemod."' WHERE uid = '".$_SESSION['u_id']."'";
mysql_query($query);

The $datemod variable is created in the 'connect.php' file, which is included in the script. It is basically a variable that stores the current date and time.

This is what the connect script looks like:

Code3Connect.php

<?
$db="bills";
$host="localhost";
$uname="";
$pw="";
mysql_pconnect($host) or die(" Unable to connect to SQL server");
mysql_select_db($db) or die( "Unable to select database");
global $datemod;
// Set the current date/time before updating the DB
$datemod = date("y/m/d : H:i:s", Time());
?>

That's all there is to the login system!

Conclusion

As always, a login script will help you to keep track of when a user logged in and what that user was doing. For example when a user creates a new invoice, his or her name is recorded in the invoice table. The script can be further improved by adding password recovery and user registration, as well as other features. Next we will be looking at invoice management.