This is a short tutorial on how to create a simple(with simplicity comes a lot of security issues) Login system using php sessions and ajax. Note: I do not address any security issues in this tutorial. This system of doing this is in no way full proof when it comes to being secure. But it should get you to a good start. PHP freaks has awesome article on php security. So go ahead and read on.

html(login.php)

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PHP Admin</title>
<script type="text/javascript">
    function getXMLHTTP()
    {
        var xmlHttp=null;
        try
        {
            xmlHttp=new XMLHttpRequest();
        }
        catch (e)
        {
            try
            {
                xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
            }
            catch(e)
            {
                xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
            }
        }
        return xmlHttp;
    }
function dologin(usernamei, passwordi)
{
    var req = getXMLHTTP(); // fuction to get xmlhttp object
    strURL = "dologin.php?usernamei=" + usernamei + "&passwordi=" + passwordi;
    if (req)
    {
        req.onreadystatechange = function()
        {
            if (req.readyState == 4)
            { //data is retrieved from server
                if (req.status == 200)
                { // which reprents ok status
                    document.getElementById('status').innerHTML=req.responseText;
                    if(req.responseText == 'ok')
                        window.location='index.php';
                }
                else
                {
                    alert("There was a problem while using XMLHTTP:\n");
                }
            }
        }
        req.open("GET", strURL, true); //open url using get method
        req.send(null);
    }
}
</script>
</head>
<body>
<form action="#" onsubmit="dologin(document.getElementById('uname').value, document.getElementById('pword').value); return false;">
    Username <input type="text" id="uname" name="uname" style="float:none;"/><br /><br />
    Password <input type="text" id="pword" name="pword" style="float:none;"/><br /><br />
    <label style="color: #FF0000" id="status"></label>
    <input type="submit" value="Login"/>
 </form>
</body>
</html>

The PHP(dologin.php)

<?
$username = $_REQUEST['usernamei'];
$password = $_REQUEST['passwordi'];
if(!$username || !$password)
{
    die("Please enter both password and username");
}
else
{
    $password = md5($password);
    mysql_connect('dbserver', 'dbuser', 'dbpassword');
    mysql_select_db('dbname');
    $sql = "select * from users where username='$username' and password='$password'";
    $result = mysql_query($sql) or die(mysql_error());
    $login = mysql_num_rows($result);
    if($login > 0)
    {
        session_start();
        session_register('username');
        $_SESSION['username'] = 'admin';
        die("ok");
    }
    else
    {
        die("Incorrect username entered");
    }
}
?>
<?
include_once(“dbconnect.php”);$username = $_REQUEST[‘usernamei’];
$password = $_REQUEST[‘passwordi’];if(!$dblink)
{
die(“Failed to connect to server please contact administrator.”);
}
else if(!$username || !$password)
{
die(“Please enter both password and username”);
}
else
{
$password = md5($password);
$sql = “select * from users where username=’$username’ and password=’$password'”;
$result = mysql_query($sql) or die(mysql_error());
$login = mysql_num_rows($result);
if($login > 0)
{
session_start();
session_register(‘username’);
$_SESSION[‘username’] = ‘admin’;
die(“ok”);
}
else
{
die(“Incorrect username entered”);
}
}
?>