PHP user registration & login/ logout with secure password encryption

In this article, you will learn how to develop a user registration login and logout process with secure password encryption using the PHP programming language.





In many web applications, we need to keep track of the user's data, like username and password. Among this data, passwords are the most sensitive data. It is an absolutely bad technique to store passwords as they are in the database. Today, security concerns are the most important thing. There are many attackers' techniques which easily crack your stored password. Password encryption and decryption techniques are also not enough to secure user data. The hacker can easily trace it.





To make passwords more secure, here we are using the password encryption process using the PHP inbuilt function md5() with salt. Salt is a bit of data that makes the password more secure.

First, we will create a form named 'index.php' to store user information. You can use the randomly generated salt to make your data much more secure.





User Database

Here is the database table to store user information. You can either use your existing database or copy and paste this query into your database.

CREATE TABLE IF NOT EXISTS `users` (
  `userid` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(100) NOT NULL,
  `username` varchar(100) NOT NULL,
  `password` varchar(100) NOT NULL,
  PRIMARY KEY (`userid`)
)




index.php

Here, we have created a PHP file 'index.php' that we will call in the browser. This PHP script contains code for both the user registration process and the login form.

<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" />
<div style="width: 45%; margin: 50px auto 20px auto; ">
<?php 
session_start();
echo $_SESSION['msg'].'<br/><br/>';

if($_GET['view'] == 'profile') {
echo '<b>Welcome '.$_SESSION['name'].'</b><br/><br/>';
 ?>
<div class="col-sm-4">
<form action='handler.php' method="post" class="form-horizontal">
<div class="form-group">
<input type="hidden" name="object" value="logout"/>
<button class="btn btn-small btn-primary btn-block" type="submit">Logout</button>  
</div>
</form>
</div>    
<?php
} 
else 
{
?>
<div style="float: left; padding-right: 50px; border-right: 1px solid #ddd;">
<div class="wrapper">
<form action='handler.php' method="post" class="form-horizontal">
<h2 class="form-signin-heading">Please register</h2><br/>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput">Name</label>  
<div class="col-sm-8">
<input id="textinput" name="name" placeholder="Enter your name" class="form-control input-md" required="" type="text">
</div>
</div>
 <div class="form-group">
<label class="control-label col-sm-4" for="textinput">Username</label>  
<div class="col-sm-8">
<input id="textinput" name="username" placeholder="Enter your username" class="form-control input-md" required="" type="text">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput">Password</label>  
<div class="col-sm-8">
<input id="textinput" name="password" placeholder="Enter your password" class="form-control input-md" required="" type="password">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput"></label>  
<div class="col-sm-8">
<button class="btn btn-small btn-primary btn-block" type="submit">Register</button>  
<input type="hidden" name="object" value="register"/>
</div>
</div>    
</form>
</div>   
</div>
<div style="float: right;">
<div class="wrapper">
<form class="form-signin" action='handler.php' method="post">       
<h2 class="form-signin-heading">Please login</h2><br/>
<input type="text" class="form-control" name="username" placeholder="Username" required="" autofocus="" /><br/>
<input type="password" class="form-control" name="password" placeholder="Password" required=""/><br/>
<button class="btn btn-small btn-primary btn-block" type="submit">Login</button>   
 <input type="hidden" name="object" value="login"/>
</form>
</div>
</div>
</div>
<?php
 } 
?>


handler.php

When either a login or registration form is submitted. The form will be posted to the 'handler.php' file. Create a PHP page name 'handler.php' and copy and paste the given codes. At the start of this file, we have written the database connection code and stored the post data in variables. If the POST object is 'register', then the code block saves the registration form data to the MySQL table. If the POST object is 'login', then the code block checks and selects the user data on login and maintains the session. And if the POST object is 'logout' then the code blocks logging out the user and destroys the old session.

<?php 
error_reporting('E_All');
define('SALT', 'd#f453dd');
$req = $_POST; 
$name = $req['name'];
$username = $req['username'];
$conn = mysqli_connect('hostname', 'username', 'password', 'database');
session_start();
if(mysqli_connect_error()){
    die("Error in DB connection: ".mysqli_connect_errno()." - ".mysqli_connect_error());
}
if($req['object'] == 'register'){ 
    $encypt_pwd = md5(SALT.$req['password']); 
    $insert = 'INSERT INTO `users` ( `name`, `username`, `password`) VALUES ( "'.$name.'", "'.$username.'", "'.$encypt_pwd.'")';
    if(mysqli_query($conn, $insert)){
        $_SESSION['msg'] = 'You have registered successfully, Please login.';
    }
    else{
        $_SESSION['msg'] = 'Error: '.mysqli_error($conn);
    }
    header("Location: index.php");
}
if($req['object'] == 'login'){ 
    $select = "SELECT name, password FROM `users` WHERE  username = '$username' ";
    $result = mysqli_query($conn, $select);
    $row = mysqli_fetch_row($result); 
    if (md5(SALT . $_POST['password']) == $row[1]) {
        
        $_SESSION['msg'] = 'You have logged in successfully';
        $_SESSION['name'] = $row[0];
        header("Location: index.php?view=profile");
    } else {
        $_SESSION['msg'] = 'Login Failed';
        header("Location: index.php");
    }
    
}
if($req['object'] == 'logout') {
    session_destroy();
    header("Location: index.php");
}
?>




Related Articles

PHP array length
Import Excel File into MySQL Database using PHP
PHP String Contains
PHP remove last character from string
PHP random quote generator
Preventing Cross Site Request Forgeries(CSRF) in PHP
PHP code to send email using SMTP
Simple pagination in PHP
Simple PHP File Cache
PHP Connection and File Handling on FTP Server
Sending form data to an email using PHP
Recover forgot password using PHP and MySQL
How to display PDF file in PHP from database
How to encrypt password in PHP
PHP7 Password Hashing
PHP secure random password generator
PHP file based authentication
PHP Server Side Form Validation
How to read CSV file in PHP and store in MySQL



Read more articles

PHP MySQL PDO Database Connection and CRUD
Operations
PHP create image from text and save
How to get data from XML file in PHP
Characteristics of a Good Computer Program
Submit form data using PHP, AJAX and JavaScript
Retrieve Data From Database Without Page refresh
Using AJAX, PHP and Javascript
Simple Show Hide Menu Navigation
PHP Getting Document of Remote Address

General Knowledge

listen
listen
listen
listen
listen
listen
listen
listen
listen


Learn Popular Language

listen
listen
listen
listen
listen