PHP user registration & login/ logout with secure password encryption

In this article, you will learn how to develop user registration login and logout process with secure password encryption.

In many web applications, we need to keep track of the user's data, like - username and password. Among these data, password is most sensitive data. It is an absolute bad technique to store password as it is in the database. Today, security concern is most important. There are many attacker's techniques which easily crack your stored password. Password encryption and decryption techniques are also not more enough to secure user data. The hacker can easily trace it.

To make password more secure, here we are using PHP password encryption process using PHP inbuilt function md5() with salt. Salt is a bit of data which make the password more secure.

For this, first we will create a form name 'index.php' to store user information. If you want to make your data much more secure, you can use the random generated salt.



User Database

Here is the database table to store user information. You can either use your existing database or copy and paste this query in your database.

CREATE TABLE IF NOT EXISTS `users` (
  `userid` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(100) NOT NULL,
  `username` varchar(100) NOT NULL,
  `password` varchar(100) NOT NULL,
  PRIMARY KEY (`userid`)
) 




index.php

Here, we have created a PHP file 'index.php' that we will call on the browser. This PHP script contains code for both user registration process and login form.

<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" />
<div style="width: 45%; margin: 50px auto 20px auto; ">
<?php 
session_start();
echo $_SESSION['msg'].'<br/><br/>';

if($_GET['view'] == 'profile') {
echo '<b>Welcome '.$_SESSION['name'].'</b><br/><br/>';
 ?>
<div class="col-sm-4">
<form action='handler.php' method="post" class="form-horizontal">
<div class="form-group">
<input type="hidden" name="object" value="logout"/>
<button class="btn btn-small btn-primary btn-block" type="submit">Logout</button>  
</div>
</form>
</div>    
<?php
} 
else 
{
?>
<div style="float: left; padding-right: 50px; border-right: 1px solid #ddd;">
<div class="wrapper">
<form action='handler.php' method="post" class="form-horizontal">
<h2 class="form-signin-heading">Please register</h2><br/>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput">Name</label>  
<div class="col-sm-8">
<input id="textinput" name="name" placeholder="Enter your name" class="form-control input-md" required="" type="text">
</div>
</div>
 <div class="form-group">
<label class="control-label col-sm-4" for="textinput">Username</label>  
<div class="col-sm-8">
<input id="textinput" name="username" placeholder="Enter your username" class="form-control input-md" required="" type="text">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput">Password</label>  
<div class="col-sm-8">
<input id="textinput" name="password" placeholder="Enter your password" class="form-control input-md" required="" type="password">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput"></label>  
<div class="col-sm-8">
<button class="btn btn-small btn-primary btn-block" type="submit">Register</button>  
<input type="hidden" name="object" value="register"/>
</div>
</div>    
</form>
</div>   
</div>
<div style="float: right;">
<div class="wrapper">
<form class="form-signin" action='handler.php' method="post">       
<h2 class="form-signin-heading">Please login</h2><br/>
<input type="text" class="form-control" name="username" placeholder="Username" required="" autofocus="" /><br/>
<input type="password" class="form-control" name="password" placeholder="Password" required=""/><br/>
<button class="btn btn-small btn-primary btn-block" type="submit">Login</button>   
 <input type="hidden" name="object" value="login"/>
</form>
</div>
</div>
</div>
<?php
 } 
?>


handler.php

When either login or registration form is submitted. The form will be posted to 'handler.php' filr. Create a PHP page name 'handler.php' and copy and paste the below codes. At the start of this file, we have written the database connection code and stored the post data in variables. If the POST object is 'register', then the code block saves the registration form data to the MySQL table. If the POST object is 'login', then the code block checks and selects the user data on login and maintain session. And if the POST object is 'logout' then the code block logout the user and destroy the old session.

<?php 
error_reporting('E_All');
define('SALT', 'd#f453dd');
$req = $_POST; 
$name = $req['name'];
$username = $req['username'];
$conn = mysqli_connect('hostname', 'username', 'password', 'database');
session_start();
if(mysqli_connect_error()){
    die("Error in DB connection: ".mysqli_connect_errno()." - ".mysqli_connect_error());
}
if($req['object'] == 'register'){ 
    $encypt_pwd = md5(SALT.$req['password']); 
    $insert = 'INSERT INTO `users` ( `name`, `username`, `password`) VALUES ( "'.$name.'", "'.$username.'", "'.$encypt_pwd.'")';
    if(mysqli_query($conn, $insert)){
        $_SESSION['msg'] = 'You have registered successfully, Please login.';
    }
    else{
        $_SESSION['msg'] = 'Error: '.mysqli_error($conn);
    }
    header("Location: index.php");
}
if($req['object'] == 'login'){ 
    $select = "SELECT name, password FROM `users` WHERE  username = '$username' ";
    $result = mysqli_query($conn, $select);
    $row = mysqli_fetch_row($result); 
    if (md5(SALT . $_POST['password']) == $row[1]) {
        
        $_SESSION['msg'] = 'You have logged in successfully';
        $_SESSION['name'] = $row[0];
        header("Location: index.php?view=profile");
    } else {
        $_SESSION['msg'] = 'Login Failed';
        header("Location: index.php");
    }
    
}
if($req['object'] == 'logout') {
    session_destroy();
    header("Location: index.php");
}
?>




Related Articles

PHP array length
Import Excel File into MySQL Database using PHP
PHP String Contains
PHP remove last character from string
PHP random quote generator
Preventing Cross Site Request Forgeries(CSRF) in PHP
PHP code to send email using SMTP
Simple pagination in PHP
Simple PHP File Cache
PHP Connection and File Handling on FTP Server
Sending form data to an email using PHP
Recover forgot password using PHP and MySQL
How to display PDF file in PHP from database
How to read CSV file in PHP and store in MySQL




Read more articles


General Knowledge



Learn Popular Language