Introduction
To begin with, you should understand what sessions are, and the problem which they solve. Basically, with PHP, or any other programming language, you can't carry information between pages, without the use of forms (or indeed, cookies, but thats another story). Sessions can store temporary information on the users computer which can then be transferred throughout the website, for the entire time the user is on it - this, naturally creates a lot of possibillities such as a login system, exactly what this tutorial will be covering.

Before We Begin
It is mandatory for this tutorial that you have some knowledge of MySQL, PHP and (obviously) basic HTML - if you don't, feel free to read the tutorial as you may understand some parts and be able to pick up some ideas.

Background Information
This tutorial assumes that the user is already registered and that their password and username is stored inside a database. The files which we will be creating for this script are login.html and dologin.php. The latter of these is the file which will process the login request.

login.html
This is the code for the login.html file, this file is really just a basic HTML form, but I will explain any difficulties below it.
<form action="dologin.php" method="post">
<b>Username:</b> <input type="text" size="30" name="login_username">
<br/><b>Password:</b> <input type="password" size="30" name="login_password">
<br/><br/>
<input type="submit" value="Login">
</form>
I'm sure you understand that, however i'll highlight a couple of points.
Firstly, the action variable in the form tag is where the user is directed to when they click the submit button, the method variable is how the data is stored as it is transmitted to this page, you don't really need to concern yourself with that though.
Secondly, the type variable of the input tag can be many different things, the one's which have used here are text(a plain text input bar), password(a plain text input bar which hides the characters you type) and submit(a button which directs the user to dologin.php).

dologin.php
This is the code for the dologin.php file, again, i'll explain it afterwards.
<?php
session_start();

$conn = mysql_connect("localhost","username","password");
mysql_select_db("dbname",$conn);

if(!$_POST[login_username] || !$_POST[login_password]){
echo "You Did Not Fill Out All Fields Required";
}else{
$check_details = mysql_query("SELECT user_id FROM users WHERE username = '$_POST[login_username]' AND password = '$_POST[login_password]'",$conn);

if(mysql_num_rows($check_details) == 0){
echo "Username And Password Do Not Match Our Records";
}else{

$_SESSION[logged_in] = "yes";
echo "Username And Password Match, You Are Now Logged In";

}
}
?>
The first line is vastly important, this tells the browser that there will be sessions used in the document, and without it in place on the top line, errors are very likely to occur.

Lines 3 & 4 connect to the database through usual means.

Line 6 checks that both fields of the form on the previous page were filled out by using the $_POST superglobal plus the names of the input boxes. The "!" at the beginning basically says "If this variable is not set".

Line 7 returns an error message saying the fields were not adequately filled in.

Line 9 is perhaps the most important, what it does is check the database for a row where both the username and password match those which were entered in the form, again using the $_POST superglobal.

Line 11 then processes this data in a way. The mysql_num_rows() function counts the number of rows which the query $check_details found. It then says that if this query found zero rows, return an error message saying that the details entered do not match those which are in the database.

Then, in line 15, the session variable is finally set, this variable can then be used throughout the site to see if the user is logged in or not.

Using The Variable
Now that this session variable is set, you can using something along the following lines to print or show information only to users who are logged in.

<?php

session_start();

if($_SESSION[logged_in){
// User Is Logged In
echo "Welcome To The Members Only Area!";
}else{
// User Is Not Logged In
echo "Please Login To Access This Area!";
}

And there you have it, how to set up a very basic login system for your website!

- Boag