×


PHP Secure User Registration with Login/logout

In this post, you will learn how to develop a secure registration system with login and logout using the PHP programming language and MySQL.

These days, almost every website gives registration system and login functionality. While hosting an event, an online registration can be of a great convenience for both the organizers as well as for the participants. The online registration systems should be highly secured. Thus, it is necessary to know how to develop a secure registration system.

In this article, you will learn how to create a user registration form and store the form data in a database. Also, learn how the registered user will login and logout and maintain the PHP session on the login system.





Creating the Database Table

First, we create a 'users' table inside the MySQL database. You can either create this manually or copy and paste this query in your database.

CREATE TABLE IF NOT EXISTS `users` (
  `userid` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(100) NOT NULL,
  `username` varchar(100) NOT NULL,
  `password` varchar(100) NOT NULL,
  `salt` varchar(100) NOT NULL,
  PRIMARY KEY (`userid`)
)


Secure registration form

<div style="float: left; padding-right: 70px; border-right: 1px solid #ddd;">
<div class="wrapper">
<form action='handler.php' method="post" class="form-horizontal">
<h2 class="form-signin-heading">Please register</h2><br/>
 <div class="form-group">
  <label class="control-label col-sm-4" for="textinput">Name</label>  
 <div  class="col-sm-8">
<input id="textinput" name="name" placeholder="Enter your name" class="form-control input-md" required="" type="text">
</div>
</div>
<div class="form-group">
 <label class="control-label col-sm-4" for="textinput">Username</label>  
 <div  class="col-sm-8">
 <input id="textinput" name="username" placeholder="Enter your username" class="form-control input-md" required="" type="text">
 </div>
</div>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput">Password</label>  
<div  class="col-sm-8">
 <input id="textinput" name="password" placeholder="Enter your password" class="form-control input-md" required="" type="password">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput">Confirm Password</label>  
<div  class="col-sm-8">
 <input id="textinput" name="confirm_password" placeholder="Confirm your password" class="form-control input-md" required="" type="password">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-4" for="textinput"></label>  
<div class="col-sm-8">
 <button class="btn btn-small btn-primary btn-block" type="submit">Register</button>  
<input type="hidden" name="object" value="register"/>
</div>
</div>    
</form>
</div>   
</div>


Logout form

<div  class="col-sm-4">
<form action='handler.php' method="post" class="form-horizontal">
<div class="form-group">
 <input type="hidden" name="object" value="logout"/>
 <button class="btn btn-small btn-primary btn-block" type="submit">Logout</button>  
</div>
</form>
</div>   




PHP secure login form

<div style="float: right;">
<div class="wrapper">
 <form class="form-signin" action='handler.php' method="post">       
 <h2 class="form-signin-heading">Please login</h2><br/>
 <input type="text" class="form-control" name="username" placeholder="Username" required="" autofocus="" /><br/>
 <input type="password" class="form-control" name="password" placeholder="Password" required=""/>      <br/>
 <button class="btn btn-small btn-primary btn-block" type="submit">Login</button>   
 <input type="hidden" name="object" value="login"/>
</form>
</div>
</div>


PHP secure user registration



Complete code: Secure registration system with login/logout

Here, we create a PHP file 'index.php' and merge the above codes. This PHP script contains code for the registration system with login and logout.

index.php
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" />
<div style="width: 45%; margin: 50px auto 20px auto; ">
<?php 
 session_start();
 echo $_SESSION['msg'].'<br/><br/>';

 if($_GET['view'] == 'profile') {
 echo '<b>Welcome '.$_SESSION['name'].'</b><br/><br/>';
?>
<div  class="col-sm-4">
  <form action='handler.php' method="post" class="form-horizontal">
   <div class="form-group">
    <input type="hidden" name="object" value="logout"/>
    <button class="btn btn-small btn-primary btn-block" type="submit">Logout</button>  
   </div>
  </form>
</div>    
<?php
} else {
?>
<div style="float: left; padding-right: 70px; border-right: 1px solid #ddd;">
<div class="wrapper">
<form action='handler.php' method="post" class="form-horizontal">
   <h2 class="form-signin-heading">Please register</h2><br/>
   <div class="form-group">
    <label class="control-label col-sm-4" for="textinput">Name</label>  
   <div  class="col-sm-8">
   <input id="textinput" name="name" placeholder="Enter your name" class="form-control input-md" required="" type="text">
</div>
</div>
<div class="form-group">
   <label class="control-label col-sm-4" for="textinput">Username</label>  
   <div  class="col-sm-8">
    <input id="textinput" name="username" placeholder="Enter your username" class="form-control input-md" required="" type="text">
   </div>
</div>
<div class="form-group">
   <label class="control-label col-sm-4" for="textinput">Password</label>  
   <div  class="col-sm-8">
    <input id="textinput" name="password" placeholder="Enter your password" class="form-control input-md" required="" type="password">
   </div>
</div>
<div class="form-group">
   <label class="control-label col-sm-4" for="textinput">Confirm Password</label>  
    <div  class="col-sm-8">
     <input id="textinput" name="confirm_password" placeholder="Confirm your password" class="form-control input-md" required="" type="password">
    </div>
</div>
<div class="form-group">
 <label class="control-label col-sm-4" for="textinput"></label>  
  <div class="col-sm-8">
   <button class="btn btn-small btn-primary btn-block" type="submit">Register</button>  
   <input type="hidden" name="object" value="register"/>
  </div>
</div>    
</form>
</div>   
</div>
<div style="float: right;">
<div class="wrapper">
<form class="form-signin" action='handler.php' method="post">       
<h2 class="form-signin-heading">Please login</h2><br/>
 <input type="text" class="form-control" name="username" placeholder="Username" required="" autofocus="" /><br/>
 <input type="password" class="form-control" name="password" placeholder="Password" required=""/>      <br/>
 <button class="btn btn-small btn-primary btn-block" type="submit">Login</button>   
<input type="hidden" name="object" value="login"/>
</form>
</div>
</div>
</div>
<?php } ?>




When either the login or registration form is submitted. The form will be posted to 'handler.php'.
So let's create a PHP page name 'handler.php'. This page contains code for database connection in the beginning, and then the first block contains code to save the registration form data to a MySQL table, the second block contains code to check and select the user data on login and maintain the session, and the third block contains code to logout the user and destroy the old session.

handler.php
<?php 
$salt = getSalt();
$req = $_POST; 
$name = $req['name'];
$username = $req['username'];

// Database connection code
$conn = mysqli_connect('hostname', 'username', 'password', 'database');

// Start session
session_start();
if(mysqli_connect_error()){
    die("Error in DB connection: ".mysqli_connect_errno()." - ".mysqli_connect_error());
}

// handle user registration
if($req['object'] == 'register'){ 
    // Validate confirm password
    if($req['password'] != $req['confirm_password']){
            $confirm_password_err = "Password did not match.";
    }
    if(empty($confirm_password_err)){
     $encypt_pwd = md5(SALT.$req['password']); 
     // storing values into the database
     $insert = 'INSERT INTO `users` (`name`, `username`, `password`, `salt`) VALUES ("'.$name.'", "'.$username.'", "'.$encypt_pwd.'", "'.$salt.'")';
     if(mysqli_query($conn, $insert)){
         $_SESSION['msg'] = 'You have registered successfully, Please login.';
     }
     else{
         $_SESSION['msg'] = 'Error: '.mysqli_error($conn);  
     }
    }
    else {
	$_SESSION['msg'] = 'Error: '.$confirm_password_err;
	}
    header("Location: index.php");
}

// handle user login
if($req['object'] == 'login'){ 
    $select = "SELECT name, password FROM `users` WHERE  username = '$username' ";
    $result = mysqli_query($conn, $select);
    $row = mysqli_fetch_row($result); 
    if (md5(SALT . $_POST['password']) == $row[1]) {
        
        $_SESSION['msg'] = 'You have logged in successfully';
        $_SESSION['name'] = $row[0];
        header("Location: index.php?view=profile");
    } else {
        $_SESSION['msg'] = 'Login Failed';
        header("Location: index.php");
    }
    
}

// handling user logout
if($req['object'] == 'logout') {
    session_destroy();
    header("Location: index.php");
}

// function to secure password
function getSalt() {
    $charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*-_=+|';
    $saltLength = 12;
    $randSalt = "";
    for ($i = 0; $i < $saltLength; $i++) {
        $randSalt .= $charset[mt_rand(0, strlen($charset) - 1)];
    }
    return $randSalt;
}
?>




Related Articles

PHP array length
Import Excel File into MySQL Database using PHP
PHP String Contains
PHP remove last character from string
PHP random quote generator
PHP calculate percentage of total
PHP sanitize string
Preventing Cross Site Request Forgeries(CSRF) in PHP
PHP code to send email using SMTP
Simple pagination in PHP
Simple PHP File Cache
PHP Connection and File Handling on FTP Server
Sending form data to an email using PHP
Recover forgot password using PHP and MySQL
Import Data Into MySQL From Excel File
Php display PDF in iframe
Read CSV file & Import data into MySQL with PHP
PHP reverse a string without predefined function
PHP random quote generator
PHP convert string into an array




Read more articles


General Knowledge



Learn Popular Language