This is a simple and complete login system in PHP and MySql. Most of the web applications it is necessary to have an authentication system. Latest frameworks such as Laravel, Symfony have bundles(modules) to do this job with the most advanced secure method. But this tutorial is intended for a beginners who wants to understand an authentication system in the simple language.
User authentication in php
- Creating the form in HTML
- Posting the form values
- Sanitising the input
- Connecting to database
- Verifying the form values against the database
- If login is successful, then redirect to the dashboard page
First, we have to create a database for our application. After that, we are creating a database table called users. If you are on the server you have to do MySQL login before doing this and run the below query.
Login.php
This would be our master file as all the operations take place in this file. As you can see I have used Bootstrap to avoid the hassle of creating a new template. I have a form in this two enter the email and password. In the first section, it’s verifying the input and stripping all the tags from it to prevent any XSS attack. There are plenty of libraries that doing this. I just demonstrated as a simple example. Next, if all the form fields are validated its moving to the database validation process. Here I have PDO for the database interactions as its the best approach for secure applications. Bcrypt is used for the password hashing, so you just want to use the below code for password hash.
password_hash("samplepass123", PASSWORD_BCRYPT);
For the verification you have to use password_verify($password, $hashedPwdDB)
. You can see the method used in this example.
config.inc.php
Its the database connection for our application. We include this file in all PHP files to connect to the database. As I said earlier we use PDO to secure the application from SQL injection attacks.
dashboard.php
It’s just a dashboard page that welcomes the logged in user.
logout.php
This page is to destroy the session we set in the login page. So once the session destroyed the user will not have access to the dashboard page.
In addition to this, I have added a file called insert_user.php to add a user. You can modify this file to add your new user and test the script. You can read this article for how to create user register form in PHP
Download the file in my GitHub repository
- Just want to thank us? Buy us a Coffee
- May be another day? Shop on Amazon using our links.
Your prices won't change but we get a small commission.
Abdul Rahman says
Finally found the first one which works perfect. Thanks.
rintoug says
Thanks Abdul
Abdul Rahman says
How to show content if user is logged in throught this script?
And if he is not logged in the show else content?
rintoug says
Did you notice a session setting in login.php. For ex.$_SESSION[‘user_id’] = $user->user_id;
If $_SESSION[‘user_id’] is set it means user is logged in otherwise not. So based on this you can show the content. Does that make sense?