This activity demonstrates a functional login and logout system using PHP sessions.
A session allows the website to remember if a user is logged in across multiple pages.
Use the test credentials below, then try opening the Members Only page while logged in and logged out.
Test Account — Username: admin | Password: admin123
When a user logs in successfully, PHP stores their identity in a session:
// 1. Start the session
session_start();
// 2. Check credentials against the database
$stmt = $conn->prepare("SELECT * FROM pimentel_users WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
$user = $stmt->get_result()->fetch_assoc();
// 3. Verify password and save to session
if ($user && password_verify($password, $user["password"])) {
$_SESSION["user_id"] = $user["id"];
$_SESSION["fullname"] = $user["fullname"];
header("Location: /members-only.php");
}
Protecting a Page
Any page that requires login checks the session at the top:
// At the top of members-only.php
session_start();
if (!isset($_SESSION["user_id"])) {
// Not logged in — redirect to login
header("Location: /login.php");
exit;
}
// Logged in — show the protected content
echo "Welcome, " . $_SESSION["fullname"];