PHP Secure User Registration with Login/logout
Many applications need to implement functionality for user registration and their login and logout. In this article, you will learn how to create a user registration form and store the form data in a database using PHP and MySQL. Also, learn how the registered user will login and logout and maintain the PHP session on the login system.
For this, first create a 'users' table in the database. You can either create this manually or copy and paste this query in your database.
CREATE TABLE IF NOT EXISTS `users` (
`userid` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(100) NOT NULL,
`username` varchar(100) NOT NULL,
`password` varchar(100) NOT NULL,
`salt` varchar(100) NOT NULL,
PRIMARY KEY (`userid`)
)
After that, create a PHP file 'index.php' and copy and paste these codes. This PHP script contains code for both the registration and login forms.
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" />
<div style="width: 45%; margin: 50px auto 20px auto; ">
<?php
session_start();
echo $_SESSION['msg'].'<br/><br/>';
if($_GET['view'] == 'profile') {
echo '<b>Welcome '.$_SESSION['name'].'</b><br/><br/>';
?>
<div class="col-sm-4">
<form action='handler.php' method="post" class="form-horizontal">
<div class="form-group">
<input type="hidden" name="object" value="logout"/>
<button class="btn btn-small btn-primary btn-block" type="submit">Logout</button>
</div>
</form>
</div>
<?php
} else {
?>
<div style="float: left; padding-right: 70px; border-right: 1px solid #ddd;">
<div class="wrapper">
<form action='handler.php' method="post" class="form-horizontal">
<h2 class="form-signin-heading">Please register</h2><br/>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput">Name</label>
<div class="col-sm-8">
<input id="textinput" name="name" placeholder="Enter your name" class="form-control input-md" required="" type="text">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput">Username</label>
<div class="col-sm-8">
<input id="textinput" name="username" placeholder="Enter your username" class="form-control input-md" required="" type="text">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput">Password</label>
<div class="col-sm-8">
<input id="textinput" name="password" placeholder="Enter your password" class="form-control input-md" required="" type="password">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput"></label>
<div class="col-sm-8">
<button class="btn btn-small btn-primary btn-block" type="submit">Register</button>
<input type="hidden" name="object" value="register"/>
</div>
</div>
</form>
</div>
</div>
<div style="float: right;">
<div class="wrapper">
<form class="form-signin" action='handler.php' method="post">
<h2 class="form-signin-heading">Please login</h2><br/>
<input type="text" class="form-control" name="username" placeholder="Username" required="" autofocus="" /><br/>
<input type="password" class="form-control" name="password" placeholder="Password" required=""/> <br/>
<button class="btn btn-small btn-primary btn-block" type="submit">Login</button>
<input type="hidden" name="object" value="login"/>
</form>
</div>
</div>
</div>
<?php } ?>
When either the login or registration form is submitted. The form will be posted to 'handler.php'.
So let's create a PHP page name 'handler.php' and copy and paste the given code. This page contains code for database connection in the beginning, and then the first block contains code to save the registration form data to a MySQL table, the second block to check and select the user data on login and maintain the session, and the third block to logout the user and destroy the old session.
<?php
$salt = getSalt();
$req = $_POST;
$name = $req['name'];
$username = $req['username'];
$conn = mysqli_connect('hostname', 'username', 'password', 'database');
session_start();
if(mysqli_connect_error()){
die("Error in DB connection: ".mysqli_connect_errno()." - ".mysqli_connect_error());
}
if($req['object'] == 'register'){
$encypt_pwd = md5(SALT.$req['password']);
$insert = 'INSERT INTO `users` (`name`, `username`, `password`, `salt`) VALUES ("'.$name.'", "'.$username.'", "'.$encypt_pwd.'", "'.$salt.'")';
if(mysqli_query($conn, $insert)){
$_SESSION['msg'] = 'You have registered successfully, Please login.';
}
else{
$_SESSION['msg'] = 'Error: '.mysqli_error($conn);
}
header("Location: index.php");
}
if($req['object'] == 'login'){
$select = "SELECT name, password FROM `users` WHERE username = '$username' ";
$result = mysqli_query($conn, $select);
$row = mysqli_fetch_row($result);
if (md5(SALT . $_POST['password']) == $row[1]) {
$_SESSION['msg'] = 'You have logged in successfully';
$_SESSION['name'] = $row[0];
header("Location: index.php?view=profile");
} else {
$_SESSION['msg'] = 'Login Failed';
header("Location: index.php");
}
}
if($req['object'] == 'logout') {
session_destroy();
header("Location: index.php");
}
function getSalt() {
$charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*-_=+|';
$saltLength = 12;
$randSalt = "";
for ($i = 0; $i < $saltLength; $i++) {
$randSalt .= $charset[mt_rand(0, strlen($charset) - 1)];
}
return $randSalt;
}
?>
Related Articles
PHP array lengthImport Excel File into MySQL Database using PHP
PHP String Contains
PHP remove last character from string
PHP random quote generator
PHP calculate percentage of total
PHP sanitize string
Preventing Cross Site Request Forgeries(CSRF) in PHP
PHP code to send email using SMTP
Simple pagination in PHP
Simple PHP File Cache
PHP Connection and File Handling on FTP Server
Sending form data to an email using PHP
Recover forgot password using PHP and MySQL
Import Data Into MySQL From Excel File
Php display PDF in iframe
Read CSV file & Import data into MySQL with PHP
PHP reverse a string without predefined function
PHP random quote generator
PHP convert string into an array
◀ Previous Article
Recover forgot password using PHP and MySQL
Recover forgot password using PHP and MySQL
Next Article ▶
PHP user registration & login/ logout with secure password encryption
PHP user registration & login/ logout with secure password encryption
