PHP user registration & login/ logout with secure password encryption
In many web applications, we need to keep track of the user's data, like - username and password. Among these data, password is most sensitive data. It is an absolute bad technique to store password as it is in the database. Today security concern is most important. There are many attacker's techniques which easily crack your stored password. Password encryption and decryption technique is also not more enough to secure user data. The hacker can easily trace it.
To make password more secure, here we are using php password encryption technique md5() with salt. Salt is a bit of data which make the password more secure.
For this, first create a form name 'index.php' to store user information. If you want to make your data much more secure, you can use the random generated salt.
Either create manually or copy and paste this query in your database.
CREATE TABLE IF NOT EXISTS `users` (
`userid` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(100) NOT NULL,
`username` varchar(100) NOT NULL,
`password` varchar(100) NOT NULL,
PRIMARY KEY (`userid`)
)
Create a PHP file 'index.php' and copy and paste these codes. This php script contains code for both registration and login form.
index.php
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" />
<div style="width: 45%; margin: 50px auto 20px auto; ">
<?php
session_start();
echo $_SESSION['msg'].'<br/><br/>';
if($_GET['view'] == 'profile') {
echo '<b>Welcome '.$_SESSION['name'].'</b><br/><br/>';
?>
<div class="col-sm-4">
<form action='handler.php' method="post" class="form-horizontal">
<div class="form-group">
<input type="hidden" name="object" value="logout"/>
<button class="btn btn-small btn-primary btn-block" type="submit">Logout</button>
</div>
</form>
</div>
<?php
} else {
?>
<div style="float: left; padding-right: 50px; border-right: 1px solid #ddd;">
<div class="wrapper">
<form action='handler.php' method="post" class="form-horizontal">
<h2 class="form-signin-heading">Please register</h2><br/>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput">Name</label>
<div class="col-sm-8">
<input id="textinput" name="name" placeholder="Enter your name" class="form-control input-md" required="" type="text">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput">Username</label>
<div class="col-sm-8">
<input id="textinput" name="username" placeholder="Enter your username" class="form-control input-md" required="" type="text">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput">Password</label>
<div class="col-sm-8">
<input id="textinput" name="password" placeholder="Enter your password" class="form-control input-md" required="" type="password">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput"></label>
<div class="col-sm-8">
<button class="btn btn-small btn-primary btn-block" type="submit">Register</button>
<input type="hidden" name="object" value="register"/>
</div>
</div>
</form>
</div>
</div>
<div style="float: right;">
<div class="wrapper">
<form class="form-signin" action='handler.php' method="post">
<h2 class="form-signin-heading">Please login</h2><br/>
<input type="text" class="form-control" name="username" placeholder="Username" required="" autofocus="" /><br/>
<input type="password" class="form-control" name="password" placeholder="Password" required=""/><br/>
<button class="btn btn-small btn-primary btn-block" type="submit">Login</button>
<input type="hidden" name="object" value="login"/>
</form>
</div>
</div>
</div>
<?php } ?>
When either login or registration form is submitted. The form will be posted to 'handler.php'. Create a PHP page name 'handler.php' and copy and paste the below codes. This page contains code for database connection and one block to save the registration form data to a mysql table, one block to check and select the user data on login and maintain session and one block to logout user and destroy the old session.
handler.php
<?php
error_reporting('E_All');
define('SALT', 'd#f453dd');
$req = $_POST;
$name = $req['name'];
$username = $req['username'];
$conn = mysqli_connect('hostname', 'username', 'password', 'database');
session_start();
if(mysqli_connect_error()){
die("Error in DB connection: ".mysqli_connect_errno()." - ".mysqli_connect_error());
}
if($req['object'] == 'register'){
$encypt_pwd = md5(SALT.$req['password']);
$insert = 'INSERT INTO `users` ( `name`, `username`, `password`) VALUES ( "'.$name.'", "'.$username.'", "'.$encypt_pwd.'")';
if(mysqli_query($conn, $insert)){
$_SESSION['msg'] = 'You have registered successfully, Please login.';
}
else{
$_SESSION['msg'] = 'Error: '.mysqli_error($conn);
}
header("Location: index.php");
}
if($req['object'] == 'login'){
$select = "SELECT name, password FROM `users` WHERE username = '$username' ";
$result = mysqli_query($conn, $select);
$row = mysqli_fetch_row($result);
if (md5(SALT . $_POST['password']) == $row[1]) {
$_SESSION['msg'] = 'You have logged in successfully';
$_SESSION['name'] = $row[0];
header("Location: index.php?view=profile");
} else {
$_SESSION['msg'] = 'Login Failed';
header("Location: index.php");
}
}
if($req['object'] == 'logout') {
session_destroy();
header("Location: index.php");
}
?>
◀ Previous Article
PHP Secure User Registration with Login/logout
PHP Secure User Registration with Login/logout
Next Article ▶
Php file based authentication
Php file based authentication