A PHP Login and Register System With MYSQL

by Habib | May 9, 2019 | Featured, Guides, Habib Featured, Habib O

A PHP Login and Register System With MYSQL

In this short guide i will cover the basics of setting up a PHP login and registration system. I will include the mysql file and PHP code files for you to feel free to copy and paste.

Its very important to have a secure login and registration system that uses encryption. Following our code you will be able to have a basic setup.

Below we have the login.php file with fully comments for you to understand.

require("inc/connect.php");   

if(isset($_SESSION['usersesh'])) {
                header("Location: index.php");
                die();
              }


//If the post data from the form is not empty
if(!empty($_POST)) 
{ 

  //links the post data username from the form to the column username in table users, also parses the id, username, password, salt
  $selecteroo = "SELECT id, username, password, salt FROM users WHERE username = :username";  
  $query_parameters = array( 
    ':username' => $_POST['username'] 
  ); 

  try 
  { 
    //preparing the database
    $stmt = $db->prepare($selecteroo); 
    $result = $stmt->execute($query_parameters); 
  } 

  //if there are any errors, print error message
  catch(PDOException $err) 
  { 
    die("Query failed to execute: " . $err->getMessage()); 
  } 

  //login is not default set to true
  $login_ok = false; 

  //grabs the row matching the username that was entered in the form
  $row = $stmt->fetch(); 
  if($row) 
  { 
    //assigning the entered password to the variable in order to then check the hash match
    $check_password = hash('sha256', $_POST['password'] . $row['salt']); 
    //hashes the password with 65536 rounds, basically makes the hashing more secure if someone was to try & crack it,
    for($round = 0; $round < 65536; $round++) 
    { 
      $check_password = hash('sha256', $check_password . $row['salt']); 
    } 

    //checks if the new hashed password matches the same hash as the one in the db set the variable to true
    if($check_password === $row['password']) 
    { 
      $login_ok = true; 
    } 
  } 

  if($login_ok) 
  { 
    unset($row['salt']); 
    unset($row['password']); 

    //applies the session 'thesesh' to the row aligning with the username
    $_SESSION['usersesh'] = $row; 

    //redirects to index.php
    header("Location: index.php"); 
    die("Redirecting to: index.php"); 
  } 
  else 
  { 
    //if password didnt match display an error
    echo '<center><span style="color:#FFFFFF;">You have entered an invalid username or password.</span></center>';
  } 
}

    require("inc/connect.php"); 
    
        if(isset($_SESSION['usersesh'])) {
                header("Location: index.php");
                die();
              }
    
    if(!empty($_POST)) 
    { 
        if(empty($_POST['username'])) 
        { 
            die("You did not input a username."); 
        } 
         
        if(empty($_POST['password'])) 
        { 
            die("You did not enter a password."); 
        } 
         
        $selecteroo = "SELECT 1 FROM users WHERE username = :username"; 
        $query_params = array(':username' => $_POST['username']); 
        try 
        { 
            $stmt = $db->prepare($selecteroo); 
            $result = $stmt->execute($query_params); 
        } 
        catch(PDOException $err) 
        { 
            die("Query failed to execute: " . $err->getMessage()); 
        }  
        $row = $stmt->fetch();
        if($row) 
        { 
            die("Username taken."); 
        }  
         
        try 
        { 
            $stmt = $db->prepare($selecteroo); 
            $result = $stmt->execute($query_params); 
        } 
        catch(PDOException $err) 
        { 
            die("Query failed to execute: " . $err->getMessage()); 
        } 
        $row = $stmt->fetch(); 
        $selecteroo = "INSERT INTO users (username, password, salt) VALUES (:username, :password, :salt)"; 
         
        $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
        $password = hash('sha256', $_POST['password'] . $salt);
        for($round = 0; $round < 65536; $round++)
        { 
            $password = hash('sha256', $password . $salt);
        }
         
        $query_params = array(':username' => $_POST['username'], ':password' => $password, ':salt' => $salt); 
         
        try 
        { 
            $stmt = $db->prepare($selecteroo); 
            $result = $stmt->execute($query_params); 
        } 
        catch(PDOException $err) 
        { 
            die("Query failed to execute: " . $err->getMessage()); 
        } 
         
        header("Location: login.php");  
        die("Redirecting to login.php"); 
    }

Connect.php

include 'conf/config.php';

try 
{ 
    global $db;    //Creates a connection to the database
    $db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password); 
} 
catch(PDOException $err) 
{ 
    // Tell us if there is an error
	die("Failed to establish a database connection: " . $err->getMessage()); 
} 

header('Content-Type: text/html; charset=utf-8');  
session_start(); 

//Makes sure the sanitize function is always available whenever the database is in use
require_once './func/sanitize.php';
//require_once './func/adminfuncs.php';

Config.php

<?php 

//Welcome to the config page, where you can configure and setup the website to your liking

$username = "root";    //Enter Your Database Username
$password = "";     // Enter Your Database Password
$host = "localhost";    // Enter Database Host
$dbname = "Remastered";        // Enter database Name

?>

Here you can see the full structure of the mysql data. Below you will find the SQL code to create it.

By compiling all this code you will easily be able to have a simple login system

SQLDB.SQL

-- phpMyAdmin SQL Dump
-- version 4.8.4
-- https://www.phpmyadmin.net/
--
-- Host: 127.0.0.1:3306
-- Generation Time: May 09, 2019 at 06:23 PM
-- Server version: 10.1.13-MariaDB
-- PHP Version: 7.2.14

SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET AUTOCOMMIT = 0;
START TRANSACTION;
SET time_zone = "+00:00";


/*!40101 SET @[email protected]@CHARACTER_SET_CLIENT */;
/*!40101 SET @[email protected]@CHARACTER_SET_RESULTS */;
/*!40101 SET @[email protected]@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;

--
-- Database: `test`
--

-- --------------------------------------------------------

--
-- Table structure for table `users`
--

DROP TABLE IF EXISTS `users`;
CREATE TABLE IF NOT EXISTS `users` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `username` varchar(12) NOT NULL,
  `password` varchar(5000) NOT NULL,
  `salt` varchar(500) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `username` (`username`)
) ENGINE=MyISAM AUTO_INCREMENT=10 DEFAULT CHARSET=latin1;

--
-- Dumping data for table `users`
--

INSERT INTO `users` (`id`, `username`, `password`, `salt`) VALUES
(1, 'Bob', '7feee46b0ceb70ace8ddc4d1351ab0d3c902fdbd614cea26c86ed57199db4e23', '3dff1fc56b880d0a'),
(2, 'Jay', '', ''),
(8, 'Sally', '', ''),
(9, 'test', '99909e71925e45e49a392413dfd850ae3d0e09cae910e0bbf8702955e0705389', '28d5f29c4574e984');
COMMIT;

/*!40101 SET [email protected]_CHARACTER_SET_CLIENT */;
/*!40101 SET [email protected]_CHARACTER_SET_RESULTS */;
/*!40101 SET [email protected]_COLLATION_CONNECTION */;

Habib O

Self proclaimed tech enthusiast looking to expand my personal portfolio. Click my profile to find out more. PS. If you give me something i will break it.

View Profile