By Syed Rizwan

How to create a login system in PHP

How to Create a Login System in PHP

Creating a login system is an essential feature for many web applications. It allows users to securely access their accounts and protects sensitive information. In this article, we will guide you through the process of building a simple yet effective login system using PHP. We’ll cover the necessary components, provide clear code examples, and offer tips on code optimization and troubleshooting.

Understanding the Basics of a Login System

Before diving into the coding aspect, let’s define what a login system is. A login system typically involves:

  • User Authentication: Verifying that the user is who they claim to be.
  • Session Management: Keeping track of logged-in users during their session.
  • Data Security: Protecting user credentials and sensitive data.

Use Cases for a Login System

  • Web Applications: Websites that require user accounts, such as e-commerce platforms, social media sites, and online banking services.
  • Content Management Systems: Allowing administrators and editors to manage content securely.
  • Community Forums: Enabling users to create profiles and interact within a community.

Getting Started: Prerequisites

To create a login system in PHP, you will need:

  • A web server (like Apache or Nginx)
  • PHP installed (preferably version 7.0 or higher)
  • A database system (MySQL is common)
  • Basic knowledge of HTML, CSS, and PHP

Step 1: Setting Up the Database

First, we need to create a database to store user credentials. Here’s how you can do it:

  1. Create a Database: Open your MySQL command line or phpMyAdmin and run the following command:

sql CREATE DATABASE user_auth;

  1. Create a Users Table: Inside the user_auth database, create a users table to hold user data:

sql CREATE TABLE users ( id INT(11) AUTO_INCREMENT PRIMARY KEY, username VARCHAR(50) NOT NULL, password VARCHAR(255) NOT NULL );

Note: Always store passwords securely using hashing.

Step 2: User Registration

Next, we’ll create a registration form for users to sign up. Here’s a simple HTML form:

<form action="register.php" method="POST">
    <input type="text" name="username" placeholder="Username" required>
    <input type="password" name="password" placeholder="Password" required>
    <button type="submit">Register</button>
</form>

Now, let’s handle the form submission in register.php:

<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "user_auth";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $user = $_POST['username'];
    $pass = password_hash($_POST['password'], PASSWORD_DEFAULT); // Hashing the password

    $sql = "INSERT INTO users (username, password) VALUES ('$user', '$pass')";

    if ($conn->query($sql) === TRUE) {
        echo "Registration successful!";
    } else {
        echo "Error: " . $sql . "<br>" . $conn->error;
    }
}

$conn->close();
?>

Code Explanation:

  • password_hash(): This function securely hashes the password before storing it in the database.
  • SQL Injection Prevention: Consider using prepared statements to protect against SQL injection.

Step 3: User Login

Now, we’ll create a login form:

<form action="login.php" method="POST">
    <input type="text" name="username" placeholder="Username" required>
    <input type="password" name="password" placeholder="Password" required>
    <button type="submit">Login</button>
</form>

Next, let’s implement the login logic in login.php:

<?php
session_start();

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "user_auth";

$conn = new mysqli($servername, $username, $password, $dbname);

if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $user = $_POST['username'];
    $pass = $_POST['password'];

    $sql = "SELECT * FROM users WHERE username='$user'";
    $result = $conn->query($sql);

    if ($result->num_rows > 0) {
        $row = $result->fetch_assoc();
        if (password_verify($pass, $row['password'])) {
            $_SESSION['username'] = $user; // Store username in session
            echo "Login successful!";
        } else {
            echo "Invalid password!";
        }
    } else {
        echo "No user found!";
    }
}

$conn->close();
?>

Key Features:

  • Session Management: We use PHP sessions to keep track of logged-in users.
  • password_verify(): This function checks the entered password against the hashed password in the database.

Step 4: Protecting Your Pages

To protect specific pages, check if the user is logged in:

<?php
session_start();
if (!isset($_SESSION['username'])) {
    header("Location: login.php"); // Redirect to login page
    exit();
}
?>

Troubleshooting Common Issues

  • Database Connection Errors: Ensure that your database credentials are correct.
  • Session Not Working: Make sure to start the session at the top of your PHP files where session variables are used.
  • Password Hashing: If users can’t log in, check if the passwords are hashed correctly during registration.

Conclusion

Building a login system in PHP involves creating a user registration process, handling user authentication, and managing sessions. By following the steps outlined in this article, you can create a secure and functional login system tailored to your needs. Always prioritize security by hashing passwords and using prepared statements to prevent SQL injection. Happy coding!

SR
Syed
Rizwan

About the Author

Syed Rizwan is a Machine Learning Engineer with 5 years of experience in AI, IoT, and Industrial Automation.