PHP user registration & login/ logout with secure password encryption

In this article, you will learn how to develop user registration login and logout process with secure password encryption.

In many web applications, we need to keep track of the user's data, like - username and password. Among these data, password is most sensitive data. It is an absolute bad technique to store password as it is in the database. Today, security concern is most important. There are many attacker's techniques which easily crack your stored password. Password encryption and decryption techniques are also not more enough to secure user data. The hacker can easily trace it.

To make password more secure, here we are using PHP password encryption process using PHP inbuilt function md5() with salt. Salt is a bit of data which make the password more secure.

For this, first we will create a form name 'index.php' to store user information. If you want to make your data much more secure, you can use the random generated salt.

User Database

Here is the database table to store user information. You can either use your existing database or copy and paste this query in your database.

CREATE TABLE IF NOT EXISTS `users` (
  `userid` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(100) NOT NULL,
  `username` varchar(100) NOT NULL,
  `password` varchar(100) NOT NULL,
  PRIMARY KEY (`userid`)
) 

index.php

Here, we have created a PHP file 'index.php' that we will call on the browser. This PHP script contains code for both user registration process and login form.

<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" />
<div style="width: 45%; margin: 50px auto 20px auto; ">
<?php 
session_start();
echo $_SESSION['msg'].'<br/><br/>';

if($_GET['view'] == 'profile') {
echo '<b>Welcome '.$_SESSION['name'].'</b><br/><br/>';
 ?>
<div class="col-sm-4">
<form action='handler.php' method="post" class="form-horizontal">
<div class="form-group">
<input type="hidden" name="object" value="logout"/>
<button class="btn btn-small btn-primary btn-block" type="submit">Logout</button>  
</div>
</form>
</div>    
<?php
} 
else 
{
?>
<div style="float: left; padding-right: 50px; border-right: 1px solid #ddd;">
<div class="wrapper">
<form action='handler.php' method="post" class="form-horizontal">
<h2 class="form-signin-heading">Please register</h2><br/>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput">Name</label>  
<div class="col-sm-8">
<input id="textinput" name="name" placeholder="Enter your name" class="form-control input-md" required="" type="text">
</div>
</div>
 <div class="form-group">
<label class="control-label col-sm-4" for="textinput">Username</label>  
<div class="col-sm-8">
<input id="textinput" name="username" placeholder="Enter your username" class="form-control input-md" required="" type="text">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput">Password</label>  
<div class="col-sm-8">
<input id="textinput" name="password" placeholder="Enter your password" class="form-control input-md" required="" type="password">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput"></label>  
<div class="col-sm-8">
<button class="btn btn-small btn-primary btn-block" type="submit">Register</button>  
<input type="hidden" name="object" value="register"/>
</div>
</div>    
</form>
</div>   
</div>
<div style="float: right;">
<div class="wrapper">
<form class="form-signin" action='handler.php' method="post">       
<h2 class="form-signin-heading">Please login</h2><br/>
<input type="text" class="form-control" name="username" placeholder="Username" required="" autofocus="" /><br/>
<input type="password" class="form-control" name="password" placeholder="Password" required=""/><br/>
<button class="btn btn-small btn-primary btn-block" type="submit">Login</button>   
 <input type="hidden" name="object" value="login"/>
</form>
</div>
</div>
</div>
<?php
 } 
?>

handler.php

When either login or registration form is submitted. The form will be posted to 'handler.php' filr. Create a PHP page name 'handler.php' and copy and paste the below codes. At the start of this file, we have written the database connection code and stored the post data in variables. If the POST object is 'register', then the code block saves the registration form data to the MySQL table. If the POST object is 'login', then the code block checks and selects the user data on login and maintain session. And if the POST object is 'logout' then the code block logout the user and destroy the old session.

<?php 
error_reporting('E_All');
define('SALT', 'd#f453dd');
$req = $_POST; 
$name = $req['name'];
$username = $req['username'];
$conn = mysqli_connect('hostname', 'username', 'password', 'database');
session_start();
if(mysqli_connect_error()){
    die("Error in DB connection: ".mysqli_connect_errno()." - ".mysqli_connect_error());
}
if($req['object'] == 'register'){ 
    $encypt_pwd = md5(SALT.$req['password']); 
    $insert = 'INSERT INTO `users` ( `name`, `username`, `password`) VALUES ( "'.$name.'", "'.$username.'", "'.$encypt_pwd.'")';
    if(mysqli_query($conn, $insert)){
        $_SESSION['msg'] = 'You have registered successfully, Please login.';
    }
    else{
        $_SESSION['msg'] = 'Error: '.mysqli_error($conn);
    }
    header("Location: index.php");
}
if($req['object'] == 'login'){ 
    $select = "SELECT name, password FROM `users` WHERE  username = '$username' ";
    $result = mysqli_query($conn, $select);
    $row = mysqli_fetch_row($result); 
    if (md5(SALT . $_POST['password']) == $row[1]) {
        
        $_SESSION['msg'] = 'You have logged in successfully';
        $_SESSION['name'] = $row[0];
        header("Location: index.php?view=profile");
    } else {
        $_SESSION['msg'] = 'Login Failed';
        header("Location: index.php");
    }
    
}
if($req['object'] == 'logout') {
    session_destroy();
    header("Location: index.php");
}
?>

Related Articles