PHP MySQL Login System
In this tutorial yous will acquire how to build a login organization with PHP and MySQL.
Implementing User Hallmark Mechanism
User authentication is very mutual in modern spider web awarding. It is a security machinery that is used to restrict unauthorized access to member-only areas and tools on a site.
In this tutorial we'll create a elementary registration and login system using the PHP and MySQL. This tutorial is comprised of two parts: in the starting time office we'll create a user registration grade, and in the second role we'll create a login form, as well as a welcome folio and a logout script.
Building the Registration System
In this section we'll build a registration organization that allows users to create a new account by filling out a web class. But, first we demand to create a tabular array that will hold all the user data.
Pace 1: Creating the Database Table
Execute the post-obit SQL query to create the users table inside your MySQL database.
CREATE Table users ( id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, username VARCHAR(50) Non Goose egg UNIQUE, password VARCHAR(255) Not Cipher, created_at DATETIME DEFAULT CURRENT_TIMESTAMP );
Please check out the tutorial on SQL CREATE Tabular array argument for the detailed data about syntax for creating tables in MySQL database organisation.
Step 2: Creating the Config File
Subsequently creating the tabular array, we need create a PHP script in order to connect to the MySQL database server. Let'due south create a file named "config.php" and put the post-obit code within it.
Instance
Procedural Object Oriented PDO
Download
<?php /* Database credentials. Assuming you are running MySQL server with default setting (user 'root' with no countersign) */ define('DB_SERVER', 'localhost'); define('DB_USERNAME', 'root'); ascertain('DB_PASSWORD', ''); ascertain('DB_NAME', 'demo'); /* Endeavor to connect to MySQL database */ $link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME); // Check connection if($link === false){ dice("ERROR: Could not connect. " . mysqli_connect_error()); } ?>
<?php /* Database credentials. Bold you lot are running MySQL server with default setting (user 'root' with no password) */ define('DB_SERVER', 'localhost'); ascertain('DB_USERNAME', 'root'); define('DB_PASSWORD', ''); define('DB_NAME', 'demo'); /* Attempt to connect to MySQL database */ $mysqli = new mysqli(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME); // Check connexion if($mysqli === false){ die("ERROR: Could not connect. " . $mysqli->connect_error); } ?>
<?php /* Database credentials. Assuming you are running MySQL server with default setting (user 'root' with no password) */ define('DB_SERVER', 'localhost'); ascertain('DB_USERNAME', 'root'); ascertain('DB_PASSWORD', ''); ascertain('DB_NAME', 'demo'); /* Attempt to connect to MySQL database */ endeavor{ $pdo = new PDO("mysql:host=" . DB_SERVER . ";dbname=" . DB_NAME, DB_USERNAME, DB_PASSWORD); // Set the PDO fault way to exception $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } grab(PDOException $east){ die("ERROR: Could not connect. " . $e->getMessage()); } ?>
If you've downloaded the Object Oriented or PDO code examples using the download button, please remove the text "-oo-format" or "-pdo-format" from file names before testing the code.
Note: Supersede the credentials co-ordinate to your MySQL server setting earlier testing this code, for instance, replace the database proper name 'demo' with your own database name, supersede username 'root' with your own database username, specify database countersign if there's any.
Footstep 3: Creating the Registration Form
Allow's create another PHP file "annals.php" and put the following case lawmaking in it. This case code volition create a web form that allows user to register themselves.
This script will as well generate errors if a user tries to submit the form without entering whatever value, or if username entered by the user is already taken by another user.
Instance
Procedural Object Oriented PDO
Download
<?php // Include config file require_once "config.php"; // Define variables and initialize with empty values $username = $password = $confirm_password = ""; $username_err = $password_err = $confirm_password_err = ""; // Processing form data when course is submitted if($_SERVER["REQUEST_METHOD"] == "POST"){ // Validate username if(empty(trim($_POST["username"]))){ $username_err = "Please enter a username."; } elseif(!preg_match('/^[a-zA-Z0-9_]+$/', trim($_POST["username"]))){ $username_err = "Username can only contain letters, numbers, and underscores."; } else{ // Prepare a select statement $sql = "SELECT id FROM users WHERE username = ?"; if($stmt = mysqli_prepare($link, $sql)){ // Demark variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "southward", $param_username); // Set up parameters $param_username = trim($_POST["username"]); // Attempt to execute the prepared statement if(mysqli_stmt_execute($stmt)){ /* store result */ mysqli_stmt_store_result($stmt); if(mysqli_stmt_num_rows($stmt) == 1){ $username_err = "This username is already taken."; } else{ $username = trim($_POST["username"]); } } else{ echo "Oops! Something went wrong. Please try once more afterwards."; } // Shut statement mysqli_stmt_close($stmt); } } // Validate countersign if(empty(trim($_POST["password"]))){ $password_err = "Delight enter a password."; } elseif(strlen(trim($_POST["password"])) < vi){ $password_err = "Password must have atleast vi characters."; } else{ $countersign = trim($_POST["password"]); } // Validate confirm password if(empty(trim($_POST["confirm_password"]))){ $confirm_password_err = "Delight confirm password."; } else{ $confirm_password = trim($_POST["confirm_password"]); if(empty($password_err) && ($password != $confirm_password)){ $confirm_password_err = "Password did not match."; } } // Check input errors earlier inserting in database if(empty($username_err) && empty($password_err) && empty($confirm_password_err)){ // Fix an insert statement $sql = "INSERT INTO users (username, password) VALUES (?, ?)"; if($stmt = mysqli_prepare($link, $sql)){ // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "ss", $param_username, $param_password); // Prepare parameters $param_username = $username; $param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash // Effort to execute the prepared statement if(mysqli_stmt_execute($stmt)){ // Redirect to login page header("location: login.php"); } else{ echo "Oops! Something went wrong. Delight try over again later."; } // Close statement mysqli_stmt_close($stmt); } } // Close connection mysqli_close($link); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Sign Up</title> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css"> <mode> body{ font: 14px sans-serif; } .wrapper{ width: 360px; padding: 20px; } </way> </head> <body> <div class="wrapper"> <h2>Sign Up</h2> <p>Please fill this form to create an account.</p> <grade action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="postal service"> <div form="form-grouping"> <characterization>Username</label> <input type="text" name="username" class="form-control <?php echo (!empty($username_err)) ? 'is-invalid' : ''; ?>" value="<?php repeat $username; ?>"> <span class="invalid-feedback"><?php echo $username_err; ?></span> </div> <div class="course-group"> <label>Password</label> <input type="countersign" name="password" class="course-command <?php echo (!empty($password_err)) ? 'is-invalid' : ''; ?>" value="<?php repeat $password; ?>"> <span class="invalid-feedback"><?php echo $password_err; ?></span> </div> <div class="course-grouping"> <label>Confirm Password</label> <input type="countersign" proper name="confirm_password" grade="class-control <?php echo (!empty($confirm_password_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $confirm_password; ?>"> <span form="invalid-feedback"><?php echo $confirm_password_err; ?></span> </div> <div class="course-grouping"> <input blazon="submit" class="btn btn-primary" value="Submit"> <input blazon="reset" class="btn btn-secondary ml-ii" value="Reset"> </div> <p>Already have an account? <a href="login.php">Login here</a>.</p> </form> </div> </trunk> </html>
<?php // Include config file require_once "config.php"; // Define variables and initialize with empty values $username = $password = $confirm_password = ""; $username_err = $password_err = $confirm_password_err = ""; // Processing form data when class is submitted if($_SERVER["REQUEST_METHOD"] == "Post"){ // Validate username if(empty(trim($_POST["username"]))){ $username_err = "Please enter a username."; } elseif(!preg_match('/^[a-zA-Z0-9_]+$/', trim($_POST["username"]))){ $username_err = "Username can merely contain messages, numbers, and underscores."; } else{ // Prepare a select argument $sql = "SELECT id FROM users WHERE username = ?"; if($stmt = $mysqli->prepare($sql)){ // Bind variables to the prepared statement as parameters $stmt->bind_param("s", $param_username); // Set parameters $param_username = trim($_POST["username"]); // Attempt to execute the prepared statement if($stmt->execute()){ // store result $stmt->store_result(); if($stmt->num_rows == one){ $username_err = "This username is already taken."; } else{ $username = trim($_POST["username"]); } } else{ echo "Oops! Something went wrong. Please endeavor over again later."; } // Shut argument $stmt->close(); } } // Validate password if(empty(trim($_POST["countersign"]))){ $password_err = "Please enter a password."; } elseif(strlen(trim($_POST["password"])) < half-dozen){ $password_err = "Password must have atleast vi characters."; } else{ $password = trim($_POST["password"]); } // Validate confirm password if(empty(trim($_POST["confirm_password"]))){ $confirm_password_err = "Please confirm countersign."; } else{ $confirm_password = trim($_POST["confirm_password"]); if(empty($password_err) && ($countersign != $confirm_password)){ $confirm_password_err = "Password did not lucifer."; } } // Bank check input errors before inserting in database if(empty($username_err) && empty($password_err) && empty($confirm_password_err)){ // Prepare an insert statement $sql = "INSERT INTO users (username, countersign) VALUES (?, ?)"; if($stmt = $mysqli->set($sql)){ // Bind variables to the prepared statement as parameters $stmt->bind_param("ss", $param_username, $param_password); // Set up parameters $param_username = $username; $param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a countersign hash // Attempt to execute the prepared statement if($stmt->execute()){ // Redirect to login page header("location: login.php"); } else{ repeat "Oops! Something went incorrect. Please endeavour again subsequently."; } // Close statement $stmt->shut(); } } // Close connection $mysqli->shut(); } ?> <!DOCTYPE html> <html lang="en"> <caput> <meta charset="UTF-8"> <title>Sign Up</title> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css"> <fashion> body{ font: 14px sans-serif; } .wrapper{ width: 360px; padding: 20px; } </style> </caput> <body> <div class="wrapper"> <h2>Sign Upward</h2> <p>Please fill this form to create an account.</p> <form activeness="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="postal service"> <div grade="course-grouping"> <characterization>Username</label> <input blazon="text" proper noun="username" form="form-control <?php echo (!empty($username_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $username; ?>"> <span form="invalid-feedback"><?php repeat $username_err; ?></span> </div> <div class="form-group"> <label>Password</label> <input type="password" proper noun="password" form="class-command <?php repeat (!empty($password_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $password; ?>"> <span grade="invalid-feedback"><?php echo $password_err; ?></span> </div> <div class="form-group"> <label>Confirm Password</label> <input type="password" proper name="confirm_password" course="form-command <?php echo (!empty($confirm_password_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $confirm_password; ?>"> <span grade="invalid-feedback"><?php echo $confirm_password_err; ?></span> </div> <div class="form-group"> <input type="submit" class="btn btn-primary" value="Submit"> <input type="reset" course="btn btn-secondary ml-2" value="Reset"> </div> <p>Already have an account? <a href="login.php">Login here</a>.</p> </form> </div> </body> </html>
<?php // Include config file require_once "config.php"; // Define variables and initialize with empty values $username = $password = $confirm_password = ""; $username_err = $password_err = $confirm_password_err = ""; // Processing class data when form is submitted if($_SERVER["REQUEST_METHOD"] == "POST"){ // Validate username if(empty(trim($_POST["username"]))){ $username_err = "Please enter a username."; } elseif(!preg_match('/^[a-zA-Z0-9_]+$/', trim($_POST["username"]))){ $username_err = "Username can only comprise letters, numbers, and underscores."; } else{ // Set up a select argument $sql = "SELECT id FROM users WHERE username = :username"; if($stmt = $pdo->gear up($sql)){ // Bind variables to the prepared statement every bit parameters $stmt->bindParam(":username", $param_username, PDO::PARAM_STR); // Set parameters $param_username = trim($_POST["username"]); // Try to execute the prepared statement if($stmt->execute()){ if($stmt->rowCount() == i){ $username_err = "This username is already taken."; } else{ $username = trim($_POST["username"]); } } else{ echo "Oops! Something went wrong. Delight try again later."; } // Shut statement unset($stmt); } } // Validate password if(empty(trim($_POST["password"]))){ $password_err = "Please enter a countersign."; } elseif(strlen(trim($_POST["password"])) < vi){ $password_err = "Password must accept atleast 6 characters."; } else{ $password = trim($_POST["password"]); } // Validate ostend password if(empty(trim($_POST["confirm_password"]))){ $confirm_password_err = "Please confirm countersign."; } else{ $confirm_password = trim($_POST["confirm_password"]); if(empty($password_err) && ($password != $confirm_password)){ $confirm_password_err = "Password did non match."; } } // Cheque input errors before inserting in database if(empty($username_err) && empty($password_err) && empty($confirm_password_err)){ // Set an insert statement $sql = "INSERT INTO users (username, password) VALUES (:username, :countersign)"; if($stmt = $pdo->gear up($sql)){ // Bind variables to the prepared argument as parameters $stmt->bindParam(":username", $param_username, PDO::PARAM_STR); $stmt->bindParam(":countersign", $param_password, PDO::PARAM_STR); // Ready parameters $param_username = $username; $param_password = password_hash($countersign, PASSWORD_DEFAULT); // Creates a password hash // Endeavour to execute the prepared statement if($stmt->execute()){ // Redirect to login page header("location: login.php"); } else{ echo "Oops! Something went wrong. Please effort over again later."; } // Close statement unset($stmt); } } // Close connection unset($pdo); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <championship>Sign Upwardly</title> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css"> <mode> body{ font: 14px sans-serif; } .wrapper{ width: 360px; padding: 20px; } </style> </head> <body> <div class="wrapper"> <h2>Sign Upwards</h2> <p>Please fill up this form to create an account.</p> <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post"> <div form="form-group"> <characterization>Username</label> <input blazon="text" proper name="username" class="form-control <?php echo (!empty($username_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $username; ?>"> <span grade="invalid-feedback"><?php echo $username_err; ?></span> </div> <div class="form-group"> <label>Countersign</label> <input type="password" proper noun="password" class="grade-control <?php echo (!empty($password_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $password; ?>"> <span form="invalid-feedback"><?php repeat $password_err; ?></span> </div> <div class="form-group"> <characterization>Confirm Password</label> <input type="countersign" name="confirm_password" class="class-control <?php repeat (!empty($confirm_password_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $confirm_password; ?>"> <bridge form="invalid-feedback"><?php echo $confirm_password_err; ?></span> </div> <div class="form-group"> <input type="submit" class="btn btn-primary" value="Submit"> <input type="reset" class="btn btn-secondary ml-two" value="Reset"> </div> <p>Already accept an account? <a href="login.php">Login hither</a>.</p> </form> </div> </trunk> </html>
— The output of the above example (i.e. signup form) will look something like this:
In the above case, we have used the PHP's inbuilt password_hash() role to create a password hash from the password string entered by the user (line no-78). This function creates a password hash using a stiff one-way hashing algorithm. It also generates and applies a random common salt automatically when hashing the countersign; this basically means that even if two users have the same passwords, their countersign hashes will be different.
At the time of login we'll verify the given password with the password hash stored in the database using the PHP password_verify() function, as demonstrated in the next case.
We've used the Bootstrap framework to make the course layouts speedily and beautifully. Delight, checkout the Bootstrap tutorial department to learn more near this framework.
Tip: Password salting is a technique which is widely used to secure passwords by randomizing password hashes, so that if two users have the same password, they will not have the same password hashes. This is done by appending or prepending a random string, chosen a table salt, to the password earlier hashing.
Building the Login System
In this section nosotros'll create a login class where user can enter their username and password. When user submit the grade these inputs will be verified against the credentials stored in the database, if the username and password match, the user is authorized and granted admission to the site, otherwise the login attempt will be rejected.
Pace i: Creating the Login Course
Let's create a file named "login.php" and place the following lawmaking inside information technology.
Example
Procedural Object Oriented PDO
Download
<?php // Initialize the session session_start(); // Check if the user is already logged in, if yes then redirect him to welcome page if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){ header("location: welcome.php"); exit; } // Include config file require_once "config.php"; // Define variables and initialize with empty values $username = $countersign = ""; $username_err = $password_err = $login_err = ""; // Processing course data when class is submitted if($_SERVER["REQUEST_METHOD"] == "Postal service"){ // Check if username is empty if(empty(trim($_POST["username"]))){ $username_err = "Delight enter username."; } else{ $username = trim($_POST["username"]); } // Bank check if password is empty if(empty(trim($_POST["password"]))){ $password_err = "Please enter your countersign."; } else{ $password = trim($_POST["password"]); } // Validate credentials if(empty($username_err) && empty($password_err)){ // Prepare a select argument $sql = "SELECT id, username, countersign FROM users WHERE username = ?"; if($stmt = mysqli_prepare($link, $sql)){ // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "s", $param_username); // Set parameters $param_username = $username; // Attempt to execute the prepared statement if(mysqli_stmt_execute($stmt)){ // Store upshot mysqli_stmt_store_result($stmt); // Bank check if username exists, if aye and so verify password if(mysqli_stmt_num_rows($stmt) == 1){ // Bind result variables mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password); if(mysqli_stmt_fetch($stmt)){ if(password_verify($password, $hashed_password)){ // Password is correct, then start a new session session_start(); // Store data in session variables $_SESSION["loggedin"] = truthful; $_SESSION["id"] = $id; $_SESSION["username"] = $username; // Redirect user to welcome page header("location: welcome.php"); } else{ // Password is not valid, brandish a generic error message $login_err = "Invalid username or password."; } } } else{ // Username doesn't exist, display a generic error message $login_err = "Invalid username or password."; } } else{ repeat "Oops! Something went wrong. Please try again later."; } // Close argument mysqli_stmt_close($stmt); } } // Shut connection mysqli_close($link); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <championship>Login</title> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css"> <style> body{ font: 14px sans-serif; } .wrapper{ width: 360px; padding: 20px; } </way> </head> <body> <div class="wrapper"> <h2>Login</h2> <p>Delight fill in your credentials to login.</p> <?php if(!empty($login_err)){ echo '<div class="alert alert-danger">' . $login_err . '</div>'; } ?> <class activity="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post"> <div class="form-grouping"> <label>Username</characterization> <input type="text" proper noun="username" class="form-control <?php echo (!empty($username_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $username; ?>"> <span class="invalid-feedback"><?php echo $username_err; ?></span> </div> <div class="form-grouping"> <label>Password</label> <input blazon="countersign" proper noun="password" course="form-control <?php echo (!empty($password_err)) ? 'is-invalid' : ''; ?>"> <span class="invalid-feedback"><?php echo $password_err; ?></span> </div> <div grade="form-grouping"> <input blazon="submit" course="btn btn-primary" value="Login"> </div> <p>Don't have an business relationship? <a href="annals.php">Sign up now</a>.</p> </form> </div> </torso> </html>
<?php // Initialize the session session_start(); // Check if the user is already logged in, if yes then redirect him to welcome page if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){ header("location: welcome.php"); exit; } // Include config file require_once "config.php"; // Define variables and initialize with empty values $username = $password = ""; $username_err = $password_err = $login_err = ""; // Processing grade data when form is submitted if($_SERVER["REQUEST_METHOD"] == "Mail"){ // Check if username is empty if(empty(trim($_POST["username"]))){ $username_err = "Please enter username."; } else{ $username = trim($_POST["username"]); } // Bank check if password is empty if(empty(trim($_POST["password"]))){ $password_err = "Please enter your password."; } else{ $password = trim($_POST["password"]); } // Validate credentials if(empty($username_err) && empty($password_err)){ // Fix a select statement $sql = "SELECT id, username, password FROM users WHERE username = ?"; if($stmt = $mysqli->set up($sql)){ // Demark variables to the prepared statement every bit parameters $stmt->bind_param("due south", $param_username); // Set parameters $param_username = $username; // Effort to execute the prepared statement if($stmt->execute()){ // Shop result $stmt->store_result(); // Bank check if username exists, if yes then verify password if($stmt->num_rows == 1){ // Bind outcome variables $stmt->bind_result($id, $username, $hashed_password); if($stmt->fetch()){ if(password_verify($password, $hashed_password)){ // Password is correct, so start a new session session_start(); // Shop data in session variables $_SESSION["loggedin"] = true; $_SESSION["id"] = $id; $_SESSION["username"] = $username; // Redirect user to welcome page header("location: welcome.php"); } else{ // Password is not valid, display a generic error bulletin $login_err = "Invalid username or password."; } } } else{ // Username doesn't exist, display a generic fault bulletin $login_err = "Invalid username or password."; } } else{ echo "Oops! Something went wrong. Delight try again later."; } // Close argument $stmt->close(); } } // Close connexion $mysqli->shut(); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-eight"> <title>Login</title> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css"> <style> body{ font: 14px sans-serif; } .wrapper{ width: 360px; padding: 20px; } </mode> </head> <trunk> <div grade="wrapper"> <h2>Login</h2> <p>Please fill in your credentials to login.</p> <?php if(!empty($login_err)){ echo '<div class="alarm warning-danger">' . $login_err . '</div>'; } ?> <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="postal service"> <div grade="course-grouping"> <label>Username</label> <input type="text" name="username" course="course-control <?php echo (!empty($username_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $username; ?>"> <bridge class="invalid-feedback"><?php echo $username_err; ?></bridge> </div> <div class="form-group"> <label>Password</characterization> <input type="countersign" name="password" course="form-control <?php echo (!empty($password_err)) ? 'is-invalid' : ''; ?>"> <span class="invalid-feedback"><?php repeat $password_err; ?></span> </div> <div grade="form-group"> <input type="submit" class="btn btn-primary" value="Login"> </div> <p>Don't have an account? <a href="register.php">Sign upwardly at present</a>.</p> </class> </div> </body> </html>
<?php // Initialize the session session_start(); // Check if the user is already logged in, if yes then redirect him to welcome page if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){ header("location: welcome.php"); get out; } // Include config file require_once "config.php"; // Define variables and initialize with empty values $username = $password = ""; $username_err = $password_err = $login_err = ""; // Processing form data when course is submitted if($_SERVER["REQUEST_METHOD"] == "Mail"){ // Check if username is empty if(empty(trim($_POST["username"]))){ $username_err = "Please enter username."; } else{ $username = trim($_POST["username"]); } // Bank check if password is empty if(empty(trim($_POST["password"]))){ $password_err = "Please enter your countersign."; } else{ $countersign = trim($_POST["password"]); } // Validate credentials if(empty($username_err) && empty($password_err)){ // Gear up a select statement $sql = "SELECT id, username, countersign FROM users WHERE username = :username"; if($stmt = $pdo->prepare($sql)){ // Bind variables to the prepared statement as parameters $stmt->bindParam(":username", $param_username, PDO::PARAM_STR); // Set parameters $param_username = trim($_POST["username"]); // Endeavor to execute the prepared statement if($stmt->execute()){ // Check if username exists, if yeah then verify countersign if($stmt->rowCount() == 1){ if($row = $stmt->fetch()){ $id = $row["id"]; $username = $row["username"]; $hashed_password = $row["password"]; if(password_verify($password, $hashed_password)){ // Password is correct, and so outset a new session session_start(); // Store data in session variables $_SESSION["loggedin"] = true; $_SESSION["id"] = $id; $_SESSION["username"] = $username; // Redirect user to welcome page header("location: welcome.php"); } else{ // Password is not valid, display a generic error message $login_err = "Invalid username or password."; } } } else{ // Username doesn't exist, display a generic error message $login_err = "Invalid username or password."; } } else{ echo "Oops! Something went wrong. Please attempt again later."; } // Close argument unset($stmt); } } // Close connection unset($pdo); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-viii"> <title>Login</title> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/iv.five.2/css/bootstrap.min.css"> <style> trunk{ font: 14px sans-serif; } .wrapper{ width: 360px; padding: 20px; } </style> </head> <trunk> <div class="wrapper"> <h2>Login</h2> <p>Please fill in your credentials to login.</p> <?php if(!empty($login_err)){ repeat '<div grade="alert warning-danger">' . $login_err . '</div>'; } ?> <class action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post"> <div class="form-group"> <label>Username</characterization> <input blazon="text" name="username" class="form-control <?php echo (!empty($username_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $username; ?>"> <span class="invalid-feedback"><?php echo $username_err; ?></span> </div> <div class="class-group"> <characterization>Password</characterization> <input type="password" proper name="password" course="class-control <?php echo (!empty($password_err)) ? 'is-invalid' : ''; ?>"> <span grade="invalid-feedback"><?php repeat $password_err; ?></bridge> </div> <div form="form-group"> <input type="submit" class="btn btn-main" value="Login"> </div> <p>Don't take an account? <a href="register.php">Sign up now</a>.</p> </form> </div> </body> </html>
— The output of the above example (i.e. login form) will look something like this:
Step 2: Creating the Welcome Page
Hither's the lawmaking of our "welcome.php" file, where user is redirected later on successful login.
<?php // Initialize the session session_start(); // Bank check if the user is logged in, if not so redirect him to login folio if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){ header("location: login.php"); exit; } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Welcome</title> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/four.5.ii/css/bootstrap.min.css"> <style> torso{ font: 14px sans-serif; text-align: center; } </style> </caput> <body> <h1 class="my-five">Hi, <b><?php echo htmlspecialchars($_SESSION["username"]); ?></b>. Welcome to our site.</h1> <p> <a href="reset-password.php" class="btn btn-alarm">Reset Your Countersign</a> <a href="logout.php" form="btn btn-danger ml-3">Sign Out of Your Account</a> </p> </body> </html>
If data comes from external sources similar form filled in by anonymous users, there is a risk that it may contain malicious script indented to launch cross-site scripting (XSS) attacks. Therefore, yous must escape this data using the PHP htmlspecialchars() office before displaying information technology in the browser, and then that any HTML tag information technology contains becomes harmless.
For case, after escaping special characters the string <script>alert("XSS")</script> becomes <script>alert("XSS")</script> which is not executed by the browser.
Pace 3: Creating the Logout Script
Now, let's create a "logout.php" file. When the user clicks on the log out or sign out link, the script inside this file destroys the session and redirect the user dorsum to the login page.
<?php // Initialize the session session_start(); // Unset all of the session variables $_SESSION = array(); // Destroy the session. session_destroy(); // Redirect to login page header("location: login.php"); leave; ?>
Adding the Password Reset Feature
Finally, in this section nosotros will add the password reset utility to our login system. Using this feature logged in users can instantly reset their own password for their accounts.
Let's create a file named "reset-password.php" and identify the following code inside it.
Example
Procedural Object Oriented PDO
Download
<?php // Initialize the session session_start(); // Bank check if the user is logged in, otherwise redirect to login page if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== truthful){ header("location: login.php"); go out; } // Include config file require_once "config.php"; // Ascertain variables and initialize with empty values $new_password = $confirm_password = ""; $new_password_err = $confirm_password_err = ""; // Processing form data when form is submitted if($_SERVER["REQUEST_METHOD"] == "Postal service"){ // Validate new password if(empty(trim($_POST["new_password"]))){ $new_password_err = "Please enter the new password."; } elseif(strlen(trim($_POST["new_password"])) < six){ $new_password_err = "Password must have atleast vi characters."; } else{ $new_password = trim($_POST["new_password"]); } // Validate confirm countersign if(empty(trim($_POST["confirm_password"]))){ $confirm_password_err = "Delight confirm the password."; } else{ $confirm_password = trim($_POST["confirm_password"]); if(empty($new_password_err) && ($new_password != $confirm_password)){ $confirm_password_err = "Password did not match."; } } // Check input errors before updating the database if(empty($new_password_err) && empty($confirm_password_err)){ // Prepare an update statement $sql = "UPDATE users SET password = ? WHERE id = ?"; if($stmt = mysqli_prepare($link, $sql)){ // Bind variables to the prepared statement every bit parameters mysqli_stmt_bind_param($stmt, "si", $param_password, $param_id); // Fix parameters $param_password = password_hash($new_password, PASSWORD_DEFAULT); $param_id = $_SESSION["id"]; // Attempt to execute the prepared argument if(mysqli_stmt_execute($stmt)){ // Password updated successfully. Destroy the session, and redirect to login page session_destroy(); header("location: login.php"); go out(); } else{ echo "Oops! Something went wrong. Please try again subsequently."; } // Close statement mysqli_stmt_close($stmt); } } // Shut connection mysqli_close($link); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Reset Countersign</title> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.ii/css/bootstrap.min.css"> <mode> body{ font: 14px sans-serif; } .wrapper{ width: 360px; padding: 20px; } </style> </head> <trunk> <div class="wrapper"> <h2>Reset Password</h2> <p>Please fill out this class to reset your password.</p> <course action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="mail"> <div class="form-group"> <label>New Countersign</label> <input type="password" name="new_password" grade="class-control <?php echo (!empty($new_password_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $new_password; ?>"> <span grade="invalid-feedback"><?php repeat $new_password_err; ?></span> </div> <div class="class-group"> <characterization>Confirm Countersign</label> <input type="password" name="confirm_password" class="form-control <?php echo (!empty($confirm_password_err)) ? 'is-invalid' : ''; ?>"> <span grade="invalid-feedback"><?php echo $confirm_password_err; ?></span> </div> <div grade="form-group"> <input type="submit" class="btn btn-primary" value="Submit"> <a class="btn btn-link ml-ii" href="welcome.php">Abolish</a> </div> </form> </div> </torso> </html>
<?php // Initialize the session session_start(); // Cheque if the user is logged in, otherwise redirect to login page if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){ header("location: login.php"); leave; } // Include config file require_once "config.php"; // Define variables and initialize with empty values $new_password = $confirm_password = ""; $new_password_err = $confirm_password_err = ""; // Processing class information when class is submitted if($_SERVER["REQUEST_METHOD"] == "POST"){ // Validate new password if(empty(trim($_POST["new_password"]))){ $new_password_err = "Please enter the new password."; } elseif(strlen(trim($_POST["new_password"])) < 6){ $new_password_err = "Countersign must take atleast 6 characters."; } else{ $new_password = trim($_POST["new_password"]); } // Validate confirm password if(empty(trim($_POST["confirm_password"]))){ $confirm_password_err = "Delight ostend the password."; } else{ $confirm_password = trim($_POST["confirm_password"]); if(empty($new_password_err) && ($new_password != $confirm_password)){ $confirm_password_err = "Password did not match."; } } // Cheque input errors before updating the database if(empty($new_password_err) && empty($confirm_password_err)){ // Prepare an update argument $sql = "UPDATE users SET password = ? WHERE id = ?"; if($stmt = $mysqli->prepare($sql)){ // Demark variables to the prepared statement as parameters $stmt->bind_param("si", $param_password, $param_id); // Prepare parameters $param_password = password_hash($new_password, PASSWORD_DEFAULT); $param_id = $_SESSION["id"]; // Attempt to execute the prepared statement if($stmt->execute()){ // Password updated successfully. Destroy the session, and redirect to login folio session_destroy(); header("location: login.php"); get out(); } else{ echo "Oops! Something went incorrect. Please attempt again later."; } // Close statement $stmt->close(); } } // Close connection $mysqli->close(); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Reset Password</championship> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.ii/css/bootstrap.min.css"> <style> body{ font: 14px sans-serif; } .wrapper{ width: 360px; padding: 20px; } </way> </caput> <body> <div grade="wrapper"> <h2>Reset Countersign</h2> <p>Delight fill up out this form to reset your password.</p> <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post"> <div class="form-group"> <characterization>New Password</characterization> <input type="countersign" name="new_password" grade="form-control <?php echo (!empty($new_password_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $new_password; ?>"> <span course="invalid-feedback"><?php echo $new_password_err; ?></bridge> </div> <div course="grade-group"> <label>Confirm Password</label> <input type="password" proper noun="confirm_password" grade="form-control <?php echo (!empty($confirm_password_err)) ? 'is-invalid' : ''; ?>"> <bridge class="invalid-feedback"><?php echo $confirm_password_err; ?></span> </div> <div grade="form-grouping"> <input type="submit" class="btn btn-primary" value="Submit"> <a class="btn btn-link ml-2" href="welcome.php">Abolish</a> </div> </form> </div> </trunk> </html>
<?php // Initialize the session session_start(); // Bank check if the user is logged in, otherwise redirect to login page if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== truthful){ header("location: login.php"); exit; } // Include config file require_once "config.php"; // Define variables and initialize with empty values $new_password = $confirm_password = ""; $new_password_err = $confirm_password_err = ""; // Processing form data when form is submitted if($_SERVER["REQUEST_METHOD"] == "POST"){ // Validate new password if(empty(trim($_POST["new_password"]))){ $new_password_err = "Please enter the new countersign."; } elseif(strlen(trim($_POST["new_password"])) < half dozen){ $new_password_err = "Password must accept atleast 6 characters."; } else{ $new_password = trim($_POST["new_password"]); } // Validate confirm password if(empty(trim($_POST["confirm_password"]))){ $confirm_password_err = "Please confirm the password."; } else{ $confirm_password = trim($_POST["confirm_password"]); if(empty($new_password_err) && ($new_password != $confirm_password)){ $confirm_password_err = "Password did not friction match."; } } // Check input errors earlier updating the database if(empty($new_password_err) && empty($confirm_password_err)){ // Prepare an update statement $sql = "UPDATE users Set up countersign = :countersign WHERE id = :id"; if($stmt = $pdo->prepare($sql)){ // Bind variables to the prepared statement as parameters $stmt->bindParam(":password", $param_password, PDO::PARAM_STR); $stmt->bindParam(":id", $param_id, PDO::PARAM_INT); // Set parameters $param_password = password_hash($new_password, PASSWORD_DEFAULT); $param_id = $_SESSION["id"]; // Endeavour to execute the prepared statement if($stmt->execute()){ // Password updated successfully. Destroy the session, and redirect to login folio session_destroy(); header("location: login.php"); go out(); } else{ repeat "Oops! Something went wrong. Please effort again later."; } // Close statement unset($stmt); } } // Shut connection unset($pdo); } ?> <!DOCTYPE html> <html lang="en"> <caput> <meta charset="UTF-8"> <title>Reset Countersign</title> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/four.5.2/css/bootstrap.min.css"> <style> body{ font: 14px sans-serif; } .wrapper{ width: 360px; padding: 20px; } </style> </caput> <torso> <div course="wrapper"> <h2>Reset Countersign</h2> <p>Please fill out this form to reset your password.</p> <grade activity="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="postal service"> <div form="form-group"> <label>New Password</characterization> <input type="password" proper noun="new_password" class="form-command <?php echo (!empty($new_password_err)) ? 'is-invalid' : ''; ?>" value="<?php repeat $new_password; ?>"> <span class="invalid-feedback"><?php echo $new_password_err; ?></bridge> </div> <div course="form-group"> <label>Ostend Countersign</characterization> <input blazon="password" name="confirm_password" class="course-control <?php echo (!empty($confirm_password_err)) ? 'is-invalid' : ''; ?>"> <bridge class="invalid-feedback"><?php echo $confirm_password_err; ?></span> </div> <div class="form-grouping"> <input type="submit" course="btn btn-chief" value="Submit"> <a course="btn btn-link ml-ii" href="welcome.php">Cancel</a> </div> </course> </div> </body> </html>
0 Response to "How To Make A Login And Register With Php And Mysqli"
Post a Comment