PHP Secure User Registration with Login/logout
Many applications need to implement functionality of user registration and their login and logout. In this article, you will learn to create user registration form and store the form data in a database using PHP and MySQL. Also learn how the registered user will login and logout and maintain php session on login system.
For this, first create a 'users' table in database. You can either create this manually or copy and paste this query in your database.
CREATE TABLE IF NOT EXISTS `users` (
`userid` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(100) NOT NULL,
`username` varchar(100) NOT NULL,
`password` varchar(100) NOT NULL,
`salt` varchar(100) NOT NULL,
PRIMARY KEY (`userid`)
)
After that, create a PHP file 'index.php' and copy and paste these codes. This php script contains code for both registration and login form.
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" />
<div style="width: 45%; margin: 50px auto 20px auto; ">
<?php
session_start();
echo $_SESSION['msg'].'<br/><br/>';
if($_GET['view'] == 'profile') {
echo '<b>Welcome '.$_SESSION['name'].'</b><br/><br/>';
?>
<div class="col-sm-4">
<form action='handler.php' method="post" class="form-horizontal">
<div class="form-group">
<input type="hidden" name="object" value="logout"/>
<button class="btn btn-small btn-primary btn-block" type="submit">Logout</button>
</div>
</form>
</div>
<?php
} else {
?>
<div style="float: left; padding-right: 70px; border-right: 1px solid #ddd;">
<div class="wrapper">
<form action='handler.php' method="post" class="form-horizontal">
<h2 class="form-signin-heading">Please register</h2><br/>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput">Name</label>
<div class="col-sm-8">
<input id="textinput" name="name" placeholder="Enter your name" class="form-control input-md" required="" type="text">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput">Username</label>
<div class="col-sm-8">
<input id="textinput" name="username" placeholder="Enter your username" class="form-control input-md" required="" type="text">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput">Password</label>
<div class="col-sm-8">
<input id="textinput" name="password" placeholder="Enter your password" class="form-control input-md" required="" type="password">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput"></label>
<div class="col-sm-8">
<button class="btn btn-small btn-primary btn-block" type="submit">Register</button>
<input type="hidden" name="object" value="register"/>
</div>
</div>
</form>
</div>
</div>
<div style="float: right;">
<div class="wrapper">
<form class="form-signin" action='handler.php' method="post">
<h2 class="form-signin-heading">Please login</h2><br/>
<input type="text" class="form-control" name="username" placeholder="Username" required="" autofocus="" /><br/>
<input type="password" class="form-control" name="password" placeholder="Password" required=""/> <br/>
<button class="btn btn-small btn-primary btn-block" type="submit">Login</button>
<input type="hidden" name="object" value="login"/>
</form>
</div>
</div>
</div>
<?php } ?>
When either login or registration form is submitted. The form will be posted to 'handler.php'.
So let's create a PHP page name 'handler.php' and copy and paste the below code. This page contains code for database connection in the beginning and then first block contains code to save the registration form data to a mysql table, second block to check and select the user data on login and maintain session and third block to logout user and destroy the old session.
<?php
$salt = getSalt();
$req = $_POST;
$name = $req['name'];
$username = $req['username'];
$conn = mysqli_connect('hostname', 'username', 'password', 'database');
session_start();
if(mysqli_connect_error()){
die("Error in DB connection: ".mysqli_connect_errno()." - ".mysqli_connect_error());
}
if($req['object'] == 'register'){
$encypt_pwd = md5(SALT.$req['password']);
$insert = 'INSERT INTO `users` (`name`, `username`, `password`, `salt`) VALUES ("'.$name.'", "'.$username.'", "'.$encypt_pwd.'", "'.$salt.'")';
if(mysqli_query($conn, $insert)){
$_SESSION['msg'] = 'You have registered successfully, Please login.';
}
else{
$_SESSION['msg'] = 'Error: '.mysqli_error($conn);
}
header("Location: index.php");
}
if($req['object'] == 'login'){
$select = "SELECT name, password FROM `users` WHERE username = '$username' ";
$result = mysqli_query($conn, $select);
$row = mysqli_fetch_row($result);
if (md5(SALT . $_POST['password']) == $row[1]) {
$_SESSION['msg'] = 'You have logged in successfully';
$_SESSION['name'] = $row[0];
header("Location: index.php?view=profile");
} else {
$_SESSION['msg'] = 'Login Failed';
header("Location: index.php");
}
}
if($req['object'] == 'logout') {
session_destroy();
header("Location: index.php");
}
function getSalt() {
$charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*-_=+|';
$saltLength = 12;
$randSalt = "";
for ($i = 0; $i < $saltLength; $i++) {
$randSalt .= $charset[mt_rand(0, strlen($charset) - 1)];
}
return $randSalt;
}
?>
Related Articles
Preventing Cross Site Request Forgeries(CSRF) in PHPPHP code to send email using SMTP
Simple pagination in PHP
Simple PHP File Cache
PHP Connection and File Handling on FTP Server
Sending form data to an email using PHP
Recover forgot password using PHP and MySQL
◀ Previous Article
Recover forgot password using PHP and MySQL
Recover forgot password using PHP and MySQL
Next Article ▶
PHP user registration & login/ logout with secure password encryption
PHP user registration & login/ logout with secure password encryption
