Secure Login System with PHP and MySQL https://codeshack.

io/secure-login-system-php-mysql/

 CodeShack Packages Tutorials Examples References Tools

HTML CSS JavaScript jQuery PHP Python MySQL

Secure Login System with PHP and MySQL Your new development career
awaits. Check out the latest
Updated on January 11, 2023 by David Adams listings.

ADS VIA CARBON

Search blog ... 

✉
Become a Subscriber
Stay up to date and join our newsletter to
receive the latest updates.

Email Address

Subscribe

In this tutorial, I'll be teaching you how you can create your very own secure PHP login system. A login form
is what your website's visitors can use to log in to your website to access restricted content, such as a pro�le
page. We will leverage MySQL to retrieve account data from the database. FOLLOW US

The Advanced package includes additional features and a download link to the source code. In addition, it
  
includes the complete tutorial source code.

Contents
RECENT POSTS
1 Getting Started
1.1 Requirements
File Upload Progress Bar with
1.2 What You Will Learn in this Tutorial JS and PHP
1.3 File Structure & Setup
2 Creating the Login Form Design Newsletter System with PHP
and MySQL
3 Creating the Database and setting-up Tables
4 Authenticating Users with PHP Live Support Chat with AJAX,
5 Creating the Home Page PHP and MySQL
6 Creating the Pro�le Page
7 Creating the Logout Script

TAGS
1. Getting Started
tutorials php mysql programming
There are a few steps we need to take before we create our secure login system. We need to set up our web
javascript snippets ajax css form
server environment and ensure we have the required extensions enabled.
php class html login freebies
1.1.
 Requirements
CODESHACK.IO FOLLOW US
scripting pdo shopping cart
Packages Tools I recommend you download and install
• If you haven't got a local web server set-up, AboutXAMPP.
Us
registration mysqli python jquery
 
Tutorials Live Code Editor Contact Us
• XAMPP is a cross-platform web server package that includes the essentials for back-end developers. It voting system mvc progamming table
Examples JSON Sorter Privacy Policy
includes PHP, MySQL, Apache, phpMyAdmin, and more. It's not necessary to install all the software
�le upload event calendar
References
separately with XAMPP. Resend a Receipt Terms
commenting system javascript class
1.2. What You Will Learn in this Tutorial sessions express hotel reservation form
© 2023 CodeShack. All Rights Reserved. By using this website you accept the terms and conditions.
By using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand

1 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

• Form Design — Design a login form with HTML5 and CSS3. poll system crud register
 CodeShack Packages Tutorials Examples References Tools
• Prepared SQL Queries — How to properly prepare SQL queries to prevent SQL injection and therefore gallery system sort mailing list
prevent your database from being exposed.
review system cookie pagination js
• Basic Validation — Validating form data that is sent to the server using GET and POST requests
content locker node.js �ask contact
(username, password, email, etc.).
ticketing system template progress bar
• Session Management — Initialize sessions and store retrieved database results. Sessions are saved on
the server and are associated with a unique ID that is saved in the browser. columns newsletter system database

live support chat snippet modals

1.3. File Structure & Setup
survey form
We can now start our web server and create the �les and directories we're going to use for our login system.

• Open XAMPP Control Panel

• Next to the Apache module click Start

• Next to the MySQL module click Start

• Navigate to XAMPP's installation directory (C:\xampp)

• Open the htdocs directory

• Create the following directories and �les:

File Structure

\-- phplogin
  |-- index.html
  |-- style.css
  |-- authenticate.php
  |-- logout.php
  |-- home.php
  |-- profile.php

Each �le will consist of the following:

• index.html — The login form created with HTML5 and CSS3. We don't need to use PHP in this �le.
Therefore, we can save it as plain HTML.

• style.css — The stylesheet (CSS3) for our secure login system.

• authenticate.php — Authenticate users, connect to the database, validate form data, retrieve database
results, and create new sessions.

• logout.php — Destroy the logged-in sessions and redirect the user to the login page.

• home.php — Basic home page for logged-in users.

• pro�le.php — Retrieve the user's account details from our MySQL database and populate them with
PHP and HTML.

2. Creating the Login Form Design

We will now create a form that our users can use to enter their details and submit them for processing. We
will be using HTML and CSS for this part of the tutorial as PHP will not be necessary on this page.

Edit the index.html �le with your favorite code editor and add the following code:

HTML  Copy

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Login</title>
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.7.1/css/all.css
</head>
By using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand

2 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

<body>
 CodeShack
<div class="login"> Packages Tutorials Examples References Tools
<h1>Login</h1>
<form action="authenticate.php" method="post">
<label for="username">
<i class="fas fa-user"></i>
</label>
<input type="text" name="username" placeholder="Username" id="username" required
<label for="password">
<i class="fas fa-lock"></i>
</label>
<input type="password" name="password" placeholder="Password" id="password
<input type="submit" value="Login">
</form>
</div>
</body>
</html>

If we navigate to the index page in our web browser, it will look like the following:

http://localhost/phplogin/index.html

Pretty basic right? Let's edit our style.css �le and implement code that will improve the appearance of the
form.

Add the following code to the style.css �le:

CSS  Copy

* {
box-sizing: border-box;
font-family: -apple-system, BlinkMacSystemFont, "segoe ui", roboto, oxygen, ubuntu, cantarell,
font-size: 16px;
-webkit-font-smoothing: antialiased;
-moz-osx-font-smoothing: grayscale;
}
body {
background-color: #435165;
}
.login {
width: 400px;
background-color: #ffffff;
box-shadow: 0 0 9px 0 rgba(0, 0, 0, 0.3);
margin: 100px auto;
}
.login h1 {
text-align: center;
color: #5b6574;
font-size: 24px;
By using
padding: this0 website,
20px 20px 0;you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand

3 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

border-bottom: 1px solid #dee0e4;


} CodeShack Packages Tutorials Examples References Tools
.login form {
display: flex;
flex-wrap: wrap;
justify-content: center;
padding-top: 20px;
}
.login form label {
display: flex;
justify-content: center;
align-items: center;
width: 50px;
height: 50px;
background-color: #3274d6;
color: #ffffff;
}
.login form input[type="password"], .login form input[type="text"] {
width: 310px;
height: 50px;
border: 1px solid #dee0e4;
margin-bottom: 20px;
padding: 0 15px;
}
.login form input[type="submit"] {
width: 100%;
padding: 15px;
margin-top: 20px;
background-color: #3274d6;
border: 0;
cursor: pointer;
font-weight: bold;
color: #ffffff;
transition: background-color 0.2s;
}
.login form input[type="submit"]:hover {
background-color: #2868c7;
transition: background-color 0.2s;
}

We need to include our stylesheet in our index.html �le and therefore we must add the following code to the
head section:

HTML  Copy

<link href="style.css" rel="stylesheet" type="text/css">

And now if we refresh the index.html page in our web browser, our login form will look more appealing:

By using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand

4 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

 http://localhost/phplogin/index.html
CodeShack Packages Tutorials Examples References Tools

That looks much better! Let's narrow down the form elements, so we can get a better understanding of
what's going on.

• Form — We need to use both the action and post attributes. The action attribute will be set to
the authentication �le. When the form is submitted, the form data will be sent to the authentication �le
for processing. In addition, the method is declared as post as this will enable us to process the
form data using the POST request method.
◦ Input (text/password) — We need to name our form �elds so the server can recognize them. The
value of the attribute name we can declare as username , which we can use to retrieve the post
variable in our authentication �le to get the data, for example: $_POST['username'] .

◦ Input (submit) — On form submission, the data will be sent to our authentication �le for
processing.

3. Creating the Database and setting-up Tables

For this part, you will need to access your MySQL database, either using phpMyAdmin or your preferred
MySQL database management application.

Follow the below instructions if you're using phpMyAdmin.

• Navigate to: http://localhost/phpmyadmin/

• Click the Databases tab at the top

• Under Create database, enter phplogin in the text box

• Select utf8_general_ci as the collation

• Click Create

You can use your own database name, but for this tutorial, we'll use phplogin.

What we need now is an accounts table as this will store all the accounts (usernames, passwords, emails,
etc) that are registered with the system.

Click the database on the left side panel (phplogin) and execute the following SQL statement:

SQL  Copy

CREATE TABLE IF NOT EXISTS `accounts` (

`id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(50) NOT NULL,
`password` varchar(255) NOT NULL,
By using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand

5 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

`email` varchar(100) NOT NULL,

 CodeShack
PRIMARY KEY
(`id`) Packages Tutorials Examples References Tools
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;

INSERT INTO `accounts` (`id`, `username`, `password`, `email`) VALUES (1, 'test', '$2y$10$SfhYIDtn.iOuCW7zf

On phpMyAdmin this should look like:

http://localhost/phpmyadmin/

The above SQL statement code will create the accounts table with the columns id , username , password
, and email .

The SQL statement will insert a test account with the username: test , and the password: test . The test
account will be used for testing purposes to ensure our login system is functioning correctly.

4. Authenticating Users with PHP

Now that we have our database set up, we can go ahead and start coding with PHP. We're going to start with
the authentication �le, which will process and validate the form data that we'll send from our index.html �le.

Edit the authenticate.php �le and add the following:

PHP  Copy

<?php
session_start();
// Change this to your connection info.
$DATABASE_HOST = 'localhost';
$DATABASE_USER = 'root';
$DATABASE_PASS = '';
$DATABASE_NAME = 'phplogin';
// Try and connect using the info above.
$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
if ( mysqli_connect_errno() ) {
// If there is an error with the connection, stop the script and display the error.
exit('Failed to connect to MySQL: ' . mysqli_connect_error());
}

Initially, the code will start the session as this enables us to preserve account details on the server and will
be used later on to remember logged-in users. Without sessions, we can't associate the client with the
server.

Connecting to the database is essential. Without it, how can we retrieve and store information related to our
users? Therefore, we must make sure to update the variables to re�ect our MySQL database credentials.

By using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand
Add below:

6 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

PHP  Copy
 CodeShack Packages Tutorials Examples References Tools
// Now we check if the data from the login form was submitted, isset() will check if the data exists.
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
exit('Please fill both the username and password fields!');
}

The above code will make sure the form data exists, whereas if the user tries to access the �le without
submitting the form, it will output a simple error.

Add below:

PHP  Copy

// Prepare our SQL, preparing the SQL statement will prevent SQL injection.
if ($stmt = $con->prepare('SELECT id, password FROM accounts WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use
$stmt->bind_param('s', $_POST['username']);
$stmt->execute();
// Store the result so we can check if the account exists in the database.
$stmt->store_result();

$stmt->close();
}
?>

The above code will prepare the SQL statement that will select the id and password columns from the
accounts table. In addition, it will bind the username to the SQL statement, execute it, and then store the
result.

Tip
 Leveraging prepared statements correctly will secure your SQL queries and therefore prevent SQL injection.

After the following line:

$stmt->store_result();

Add:

PHP  Copy

if ($stmt->num_rows > 0) {
$stmt->bind_result($id, $password);
$stmt->fetch();
// Account exists, now we verify the password.
// Note: remember to use password_hash in your registration file to store the hashed passwords.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has logged-in!
// Create sessions, so we know the user is logged in, they basically act like cookies but remember
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $_POST['username'];
$_SESSION['id'] = $id;
echo 'Welcome ' . $_SESSION['name'] . '!';
} else {
// Incorrect password
echo 'Incorrect username and/or password!';
}
} else {
// Incorrect username
echo 'Incorrect username and/or password!';
}

First, we need to check if the query has returned any results. If the username doesn't exist in the database
then there would be no results.

If the username exists,

By using wewebsite,
this can bind theagree
you results towe
that both the
and our$id and may
partners $password variables.
set cookies for purposes such as customising content and advertising. I Understand

7 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

Subsequently, we proceed to verify the password with the password_verify function. Only passwords that
 CodeShack
were created with the password_hashPackages
function will work.Tutorials Examples References Tools

If you don't want to use any password encryption method, you can simply replace the following code:

PHP  Copy

if (password_verify($_POST['password'], $password)) {

With:

PHP  Copy

if ($_POST['password'] === $password) {

However, I don't recommend removing the hashing functions because if somehow your database becomes
exposed, all the passwords stored in the accounts table will also be exposed. In addition, the user will have a
sense of privacy knowing their password is encrypted.

Upon successful authentication from the user, session variables will be initialized and preserved until they're
destroyed by either logging out or the session expiring. These session variables are stored on the server and
are associated with a session ID stored in the user's browser. We'll use these variables to determine whether
the user is logged in or not and to associate the session variables with our retrieved MySQL database
results.

Did you know?

 The session_regenerate_id() function will help prevent session hijacking as it regenerates the user's session ID
that is stored on the server and as a cookie in the browser.

The user cannot change the session variables in their browser, and therefore you don't need to be concerned
about such a matter. The only variable they can change is the encrypted session ID, which is used to
associate the user with the server sessions.

Now, we can test the login system and make sure the authentication works correctly. Navigate to http://lo-
calhost/phplogin/index.html in your browser.

Type in a random username and password, and click the login button. It should output an error that should
look like the following:

http://localhost/phplogin/authenticate.php

Don't worry, it's not broken! If we navigate back to our login form and enter test for both the username and
password �elds, the authentication page will look like the following:
By using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand

8 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

 http://localhost/phplogin/authenticate.php
CodeShack Packages Tutorials Examples References Tools

If you receive an error, make sure to double-check your code to make sure you haven't missed anything or
check if the test account exists in your database.

5. Creating the Home Page

The home page will be the �rst page our users see when they've logged in. The only way they can access this
page is if they're logged in, whereas if they aren't, they will be redirected back to the login page.

Edit the home.php �le and add the following code:

PHP  Copy

<?php
// We need to use sessions, so you should always start sessions using the below code.
session_start();
// If the user is not logged in redirect to the login page...
if (!isset($_SESSION['loggedin'])) {
header('Location: index.html');
exit;
}
?>

Basically, the above code will check if the user is logged in. If they are not, they will be redirected to the login
page. Remember the $_SESSION['loggedin'] variable we de�ned in the authenticate.php �le? This is
what we can use to determine whether users are logged in or not.

After, we can add some HTML to our home page. Below the closing tag, add the following code:

PHP  Copy

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Home Page</title>
<link href="style.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.
</head>
<body class="loggedin">
<nav class="navtop">
<div>
<h1>Website Title</h1>
<a href="profile.php"><i class="fas fa-user-circle"></i>Profile</a>
<a href="logout.php"><i class="fas fa-sign-out-alt"></i>Logout</a>
</div>
By using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand

9 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

</nav>
 CodeShack
<div class="content">Packages Tutorials Examples References Tools
<h2>Home Page</h2>
<p>Welcome back, <?=$_SESSION['name']?>!</p>
</div>
</body>
</html>

The above code is the template for our home page. On this page, the user will encounter a welcome
message along with their name being displayed.

We need to add CSS for the home page. Add the following code to style.css �le:

PHP  Copy

.navtop {
background-color: #2f3947;
height: 60px;
width: 100%;
border: 0;
}
.navtop div {
display: flex;
margin: 0 auto;
width: 1000px;
height: 100%;
}
.navtop div h1, .navtop div a {
display: inline-flex;
align-items: center;
}
.navtop div h1 {
flex: 1;
font-size: 24px;
padding: 0;
margin: 0;
color: #eaebed;
font-weight: normal;
}
.navtop div a {
padding: 0 20px;
text-decoration: none;
color: #c1c4c8;
font-weight: bold;
}
.navtop div a i {
padding: 2px 8px 0 0;
}
.navtop div a:hover {
color: #eaebed;
}
body.loggedin {
background-color: #f3f4f7;
}
.content {
width: 1000px;
margin: 0 auto;
}
.content h2 {
margin: 0;
padding: 25px 0;
font-size: 22px;
border-bottom: 1px solid #e0e0e3;
color: #4a536e;
}
.content > p, .content > div {
box-shadow: 0 0 5px 0 rgba(0, 0, 0, 0.1);
margin: 25px 0;
padding: 25px;
background-color: #fff;
}
.content > p table td, .content > div table td {
padding: 5px;
}
.content By
> using this td:first-child,
p table website, you agree .content
that we and
> our
divpartners may set cookies for
table td:first-child { purposes such as customising content and advertising. I Understand

10 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

font-weight: bold;
 CodeShack
color: #4a536e; Packages Tutorials Examples References Tools
padding-right: 15px;
}
.content > div p {
padding: 5px;
margin: 0 0 10px 0;
}

Now that we have our home page set up, we can redirect our users from the authenticate.php �le to our
home page, edit authenticate.php and replace the following line of code:

PHP  Copy

echo 'Welcome ' . $_SESSION['name'] . '!';

With:

PHP  Copy

header('Location: home.php');

If you log in with the test account, you should see something like this:

http://localhost/phplogin/home.php

This is a pretty basic home page. You can customize it to how you want now that you understand how it
works.

6. Creating the Pro�le Page

The pro�le page will display the account information for the logged-in user.

Edit the pro�le.php �le and add the following code:

PHP  Copy

<?php
// We need to use sessions, so you should always start sessions using the below code.
session_start();
// If the user is not logged in redirect to the login page...
if (!isset($_SESSION['loggedin'])) {
header('Location: index.html');
exit;
}
$DATABASE_HOST = 'localhost';
By using=this
$DATABASE_USER website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand
'root';

11 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

$DATABASE_PASS = '';
 CodeShack = 'phplogin'; Packages
$DATABASE_NAME Tutorials Examples References Tools
$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
if (mysqli_connect_errno()) {
exit('Failed to connect to MySQL: ' . mysqli_connect_error());
}
// We don't have the password or email info stored in sessions, so instead, we can get the results from the
$stmt = $con->prepare('SELECT password, email FROM accounts WHERE id = ?');
// In this case we can use the account ID to get the account info.
$stmt->bind_param('i', $_SESSION['id']);
$stmt->execute();
$stmt->bind_result($password, $email);
$stmt->fetch();
$stmt->close();
?>

The above code retrieves additional account information from the database, as before with the home page,
we didn't need to connect to the database because we retrieved the data stored in sessions.

We're going to populate all the account information for the user and therefore we must retrieve the
password and email columns from the database. We don't need to retrieve the username or id
columns because we've them stored in session variables that were declared in the authenticate.php �le.

After the closing tag, add the following code:

PHP  Copy

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Profile Page</title>
<link href="style.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.
</head>
<body class="loggedin">
<nav class="navtop">
<div>
<h1>Website Title</h1>
<a href="profile.php"><i class="fas fa-user-circle"></i>Profile</a>
<a href="logout.php"><i class="fas fa-sign-out-alt"></i>Logout</a>
</div>
</nav>
<div class="content">
<h2>Profile Page</h2>
<div>
<p>Your account details are below:</p>
<table>
<tr>
<td>Username:</td>
<td><?=$_SESSION['name']?></td>
</tr>
<tr>
<td>Password:</td>
<td><?=$password?></td>
</tr>
<tr>
<td>Email:</td>
<td><?=$email?></td>
</tr>
</table>
</div>
</div>
</body>
</html>

A simple layout that will populate account information. If you navigate to the pro�le.php �le, it will look like
the following:

By using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand

12 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

 http://localhost/phplogin/pro�le.php
CodeShack Packages Tutorials Examples References Tools

Remember, the passwords are encrypted, so you cannot see the decrypted password unless you create a
new session variable and store the password in the authenticate.php �le.

7. Creating the Logout Script

Creating the logout script is straightforward. All you need to do is destroy the sessions that were declared in
the authenticate.php �le.

Edit the logout.php �le and add the following code:

PHP  Copy

<?php
session_start();
session_destroy();
// Redirect to the login page:
header('Location: index.html');
?>

Initialize sessions, destroy them, and redirect the user to the login page. We use sessions to determine
whether the user is logged in or not, so by removing them, the user will not be logged in.

Conclusion
You should now have a basic understanding of how a login system works with PHP and MySQL. You're free
to use the source code and incorporate it into your own projects.

The next step is to create a registration system that will enable visitors to register.

Don't forget to follow us and share the article as it will help us create future tutorials and update existing
content with new features.

Next tutorial in this series: Secure Registration System with PHP and MySQL

If you would like to support us, consider purchasing the advanced secure login & registration system below
as it will greatly help us create more tutorials and keep our website up and running. The advanced package
includes improved code and more features.

By using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand

13 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

 CodeShack Packages Tutorials Examples Sale

References Tools
ADVANCED BUNDLE (SAVE 53%)

$ 20.00 $ 119.00 255.00

view more details view more details

Source Code  Secure Login & Registration System 

Database SQL File  Shopping Cart System 

Secure Login & Registration System  CRUD Application 

Home, Pro�le & Edit Pro�le Pages  Ticketing System 

Account Activation Feature  Gallery System 

Remember Me Feature  Event Calendar System 

AJAX Integration  Poll and Voting System 

PDO, MVC OOP & Basic Versions  Commenting System 

Admin Panel  Review System 

Add-on: Forgot Password  Contact Form 

Add-on: Brute Force Protection  Live Support Chat System 

Add-on: CSRF Protection  Newsletter & Mailing System 

Add-on: Two-factor Authentication  Access to future scripts 

Add-on: Native Captcha 

Add-on: reCAPTCHA v3 

Add-on: Google OAuth 

Add-on: Facebook OAuth 

Responsive Design (mobile-friendly) 

SCSS File 

Commented Code 

Free Updates & Support (minor issues) 

User Guide 

Extra: Tutorial Source Code 

PayPal PayPal
Download Download

Stripe Stripe
Download Download
By using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand

14 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

Crypto Crypto
 CodeShack Download Packages Tutorials Examples
Download References Tools

   

ABOUT AUTHOR

David Adams
Enthusiastic website developer, I've been designing and developing web
applications for over 10 years, I enjoy the creativity I put into my projects
and enjoy what others bring to the awesome web. My goal is to help
newcomers learn the ways of the web.

form login mysql mysqli php programming tutorials

Secure Registration System with PHP and MySQL →

RELATED POSTS

Shopping Cart System with PHP Live Support Chat with AJAX, PHP Poll and Voting System with PHP
and MySQL and MySQL and MySQL

By using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand

15 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

1249 Comments
 CodeShack Packages Tutorials Examples 1
Login
References Tools

G Join the discussion…

LOG IN WITH OR SIGN UP WITH DISQUS ?

Name

22 Share Best Newest Oldest

Bob van Mierlo − ⚑

BV ⏲ 5 days ago
Hi David,

Just downloaded version 2.0 of the advanced package. I noticed that the google_oauth.php �le in the
advanced_pdo folder of the addons contains all mysqli statements and not PDO. The �le is exactly the
same as the one in the advanced folder.
I guess this is a mistake? Because when using pdo this is not working now, because the $con variable is
non existing.

Kind regards,
Bob
0 0 • Reply • Share ›

David Adams Mod > Bob van Mierlo − ⚑

⏲ 5 days ago edited
Hi @Bob van Mierlo,

Thanks for letting me know! I must've copied the wrong �les to the add-on directory. Let me �x
that ASAP!

Edit: Updated! Download the package again to receive the latest �les. Let me know if you
encounter any other issues. Thanks!
0 0 • Reply • Share ›

Anirudh R − ⚑
AR ⏲ 6 days ago
Hello,

I am having an issue that when I login to the website, it shows the code in

authenticate.php

prepare('SELECT id, password FROM accounts WHERE username = ?')) {

// Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so
we use "s"
$stmt->bind_param('s', $_POST['username']);
$stmt->execute();
// Store the result so we can check if the account exists in the database.
$stmt->store_result();

$stmt->close();
$stmt->store_result();

if ($stmt->num_rows > 0) {
$stmt->bind_result($id, $password);
$stmt->fetch();
// Account exists, now we verify the password.
// Note: remember to use password_hash in your registration file to store the hashed passwords.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has logged-in!
// Create sessions, so we know the user is logged in, they basically act like cookies but
remember the data on the server.
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $_POST['username'];
$_SESSION['id'] = $id;
echo 'Welcome ' . $_SESSION['name'] . '!';
} else {
// Incorrect password

By using
echo this website,
'Incorrect usernameyou agreepassword!';
and/or that we and our partners may set cookies for purposes such as customising content and advertising. I Understand
}

16 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

}
} else {
 CodeShack
// Incorrect username Packages Tutorials Examples References Tools
echo 'Incorrect username and/or password!';
}
if (password_verify($_POST['password'], $password)) {
if ($_POST['password'] === $password) {
}
?>

Can you please help?

0 0 • Reply • Share ›

David Adams Mod > Anirudh R − ⚑

⏲ 6 days ago edited
Are you navigating to the �le over localhost or directly? Also, make sure PHP is running on
your web server.

I assume you included the PHP tag at the start of your script (<?php)?
0 0 • Reply • Share ›

Anirudh R > David Adams − ⚑

AR ⏲ 3 days ago
By the Way, I am using Visual Studio Code
0 0 • Reply • Share ›

David Adams Mod > Anirudh R − ⚑

⏲ 2 days ago
Visual Studio Code should not be the problem. However, I'd suggest you
type the address in manually in your browser to ensure you're including
"localhost" in the URL.
0 0 • Reply • Share ›

Anirudh R − ⚑
AR ⏲ 9 days ago
By any chance, could you please give me a register system tutorial with html, php, css, and sql. That
would be wonderful! And can it please have the same CSS code?
0 0 • Reply • Share ›

David Adams Mod > Anirudh R − ⚑

⏲ 9 days ago
Here you go: https://codeshack.io/secure...
0 0 • Reply • Share ›

Anirudh R > David Adams − ⚑

AR ⏲ 6 days ago
Thank you so much!
0 0 • Reply • Share ›

Bob van Mierlo − ⚑

BV ⏲ 9 days ago
Hi David,
Still enjoying the advanced package I bought > a year ago. Any change there will be a new version
anytime soon, with all the great ideas pitched in the comments below?
0 0 • Reply • Share ›

David Adams Mod > Bob van Mierlo − ⚑

⏲ 9 days ago
Hi @Bob van Mierlo,

I'm glad you're still enjoy using the advanced package! I'm working on a new version as we
speak, which will include Google OAuth add-on, FB OAuth add-on, reCAPTCHA v3 add-on, and
slight improvements to the code and design. Hopefully, I'll have it �nished by the end of the
week.
0 0 • Reply • Share ›

Bob van Mierlo > David Adams − ⚑

BV ⏲ 5 days ago
Looks nice, unfortunately you haven't incorporated detailed roles/permissions into
this (yet). Would be a very good addition i.m.o.
By using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand
0 0 • Reply • Share ›

17 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

0 0 Reply Share ›

 CodeShack Packages Tutorials Examples References Tools

David Adams Mod > Bob van Mierlo − ⚑
⏲ 5 days ago
Hmm... It's a feature that hasn't been requested enough, so I haven't yet
changed the structure for the roles aspect. However, if you'd like me to
work on a custom request for you, shoot me an email, and I'll see what I
can do.
0 0 • Reply • Share ›

Luis − ⚑
L ⏲ 19 days ago
How do i remove the routes to be the page name and be a parameters instead for example page=2 or is it
possible to only apply it to the front end on the advance mvc package
0 0 • Reply • Share ›

David Adams Mod > Luis − ⚑

⏲ 16 days ago
Hi Luis,

De�ning routes and rewriting the URLs is only available in the MVC version (advanced
package). If you want to implement the same techniques in the tutorial source code, you can
create an .htaccess �le and add your URLs to it.
0 0 • Reply • Share ›

Luis > David Adams − ⚑

L ⏲ 8 days ago
Hello, i have the mcv package
0 0 • Reply • Share ›

David Adams Mod > Luis − ⚑

⏲ 8 days ago edited
Awesome! Thank a bunch! :-)

In that case, you can create new routes in the "app/app.php" �le:

$app->route->get('/page/{page}', 'Pages@your_controller_method');

function your_controller_method($page) {
// $page
}

And in the URI, you can add "localhost/mvc/page/1" or it could be a

string, depending on how you handle it in the controller method.
0 0 • Reply • Share ›

shawn − ⚑
⏲ 23 days ago
Hi there, before purchasing the Advanced package and spending time with the tutorial, can you please
tell me, I have a full site already build using XAMPP w/ Mariadb locally and I want to be able to lightly
modify some already-extant pages (e.g., pages with front-end CRUD abilities using Datatables Editor and
UIKIT). Can your full/Advanced tutorial be used in this setting without having to dismantle my work in any
fundamental way?

I need to start giving potential employers the URL to my work and hadn't planned on ever sharing it with
anyone; hence, no user login system was build from the get-go:( lol

Thanks for your response,

Shawn
0 0 • Reply • Share ›

David Adams Mod > shawn − ⚑

⏲ 21 days ago
Hi @shawn, Thank you for your interest in purchasing the advanced package!

Regarding your question, I have implemented a function that can restrict any PHP page
without making any changes to your current script. If you read my answer a few posts below,
you can see how to restrict your HTML/PHP pages.
0 0 • Reply • Share ›

By Gamer
Die using this website, you agree that we and our partners may set cookies for purposes such⚑
Power −
as customising content and advertising. I Understand
DG ⏲ a month ago

18 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

DG ⏲ a month ago
Hi how can i make a SQL request to insert new member / a new account.
 CodeShack Packages Tutorials Examples References Tools
0 0 • Reply • Share ›

David Adams Mod > Die Gamer Power − ⚑

⏲ a month ago
Follow the registration tutorial here: https://codeshack.io/secure...
0 0 • Reply • Share ›

Dan Foltz − ⚑
DF ⏲ a month ago
Well I got confused when it got to phpMyAdmin. What I was asked to �nd was not there. So I have some
questions.
1. Not having done a System Restore Point, how would I delete all of the "stuff" that I added to my
system. Or will that all be part of the package if I purchase?
2. What does my hosting company need to have on there servers for this to work. Perhaps it is all
standard "stuff" once it is sent to the server?
3. Is this sort of a Plug and Play package?
4, Is this easily added into existing HTML/ASP Code?

If I can get answers to those questions, I will do the $20 download.. If this won't work for me, I would at
least like to remove all of the "stuff" added to my machine.

Thank you very much. I do hope this works as I read. I have a customer who has wanted this for a long
time and I am too old to learn all that I would need to know to write it myself,

THANKS!
Dan
0 0 • Reply • Share ›

David Adams Mod > Dan Foltz − ⚑

⏲ a month ago edited
Hi @Dan Foltz,

Thank you for your interest in purchasing the advanced package!

1. Well, if you've installed XAMPP for the tutorial source alone and have no intention of
developing future PHP applications, you can go ahead and unistall XAMPP along with its �les.
If the directory remains on your computer, you can delete it.

2. It's all standard stuff. However, if it doesn't work, I'd check the version of PHP and change it
to 5.5 or greater. Most common hosting providers will use the latest version, so it shouldn't be
an issue.

3. It requires basic PHP & HTML knowledge to create new pages.

4. You can easily convert your existing HTML �les to leverage the restricted page aspect. I've
implemented a function that securely processes the loggedin state, so there isn't anything else
you need to include in the page to ensure the user is restricted. Please see the example below.

<?php
include 'main.php';
check_loggedin($con);
?>
// Add your restricted html page here

The above example will restrict any page to logged-in users only.

If you have any other questions, feel free to reach out! :-)
0 0 • Reply • Share ›

Dan Foltz > David Adams − ⚑

DF ⏲ a month ago
Thank you. I will order the package but wait a bit on deletion of XAMPP. I am rather
anxious to see if work in my apps. Thanks again.
1 0 • Reply • Share ›

David Adams Mod > Dan Foltz − ⚑

⏲ a month ago
That's awesome! Thanks a bunch! If you have any questions, feel free to
reach out. You can reply to the receipt email.
0 0 • Reply • Share ›

Assassin − ⚑
A ⏲By
2 months
Dear Sir
ago
using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand

19 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

Dear Sir
Please!
 CodeShack Packages Tutorials Examples References Tools
Can you suggest me best Youtube Channel for learning advanced php in

English/Hindi..... .

I will be very greatful.................I know Basic

0 0 • Reply • Share ›

David Adams Mod > Assassin − ⚑

⏲ 2 months ago
Unfortunately, I'm not an advocate for watching tutorials on YouTube, so I can't provide any
recommendations. However, if you do a search on YouTube for "php programming tutorial",
you'll �nd dozens of channels you can check out.
0 0 • Reply • Share ›

rgreenly77 − ⚑
⏲ 2 months ago
Why can't someone use IIS, PHP, and PHPmyadmin with SQL instead of WAMP?
1 0 • Reply • Share ›

David Adams Mod > rgreenly77 − ⚑

⏲ 2 months ago
You can use ISS, but I can't guarantee the SQL queries will work. You might have to make
some alterations to the code.
0 0 • Reply • Share ›

amir − ⚑
⏲ 2 months ago
hi, I was wondering, how would I be able to add custom pro�le pictures to the pro�les?
0 0 • Reply • Share ›

David Adams Mod > amir − ⚑

⏲ 2 months ago
I suggest you check out the gallery system as it contains code that uploads an image. All you
would need to do is associate it with the account ID.
0 0 • Reply • Share ›

Ash Heath − ⚑
⏲ 3 months ago
I've installed the advanced PDO two factor authentication as per the instructions. It's working except the
user's sessions variables are not saving after entering the TFA code.
0 0 • Reply • Share ›

Ash Heath > Ash Heath − ⚑

⏲ 3 months ago
Worked it out... In twofactor.php $username; $id; & $role; were not de�ned.

$_SESSION['name'] = $username;
$_SESSION['id'] = $id;
$_SESSION['role'] = $role;

Changed to

$_SESSION['name'] = $account['username'];
$_SESSION['id'] = $account['id'];
$_SESSION['role'] = $account['role'];
0 0 • Reply • Share ›

David Adams Mod > Ash Heath − ⚑

⏲ 3 months ago
Hi @Ash Heath,

Thank you for purchasing the advanced package! I'm aware of the bug and will �x it
in the next update.
1 0 • Reply • Share ›

Bruce − ⚑
⏲ 3 months ago
Hello David, you may remember that I am using your login script on the website I am putting together for
By using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand
our retirement village. Your script has been working well since I bought it and I've been able to

20 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

successfully incorporate it with my code. What I would like is to be able to import a set of member details
 via a .csv �le. The csv �le would
CodeShack have the default passwords
Packages Tutorials in clear soExamples
these would need toReferences
be hashed Tools
as part of the import process. Can you help with this?
0 0 • Reply • Share ›

David Adams Mod > Bruce − ⚑

⏲ 3 months ago
Hi @Bruce,

I'd be willing to take on a request for you, but I'd have to charge for it. If you send me the
details and an example CSV �le over email, I'll let you know the cost.
0 0 • Reply • Share ›

Bruce > David Adams − ⚑

⏲ 3 months ago
Thanks David. What email do I send to?
0 0 • Reply • Share ›

David Adams Mod > Bruce − ⚑

⏲ 3 months ago
You can use the contact form page or reply to the receipt email.
0 0 • Reply • Share ›

PhleboticJess − ⚑
P ⏲ 3 months ago
With the username, case-sensetivity doesnt seem to matter, so you could log in using tEsT
0 0 • Reply • Share ›

David Adams Mod > PhleboticJess − ⚑

⏲ 3 months ago
If case-sensitivity is a concern to you, you can add BINARY to the query in the authentication
�le:

SELECT id, password FROM accounts WHERE BINARY username = ?

0 0 • Reply • Share ›

Scott Garcia − ⚑
SG ⏲ 4 months ago
Hello, I am getting this error when adding two factor authentication addon: Parse error: syntax error,
unexpected '=' this for for the code : } else if (result.includes("tfa:")) {
window.location.href = result.replace("tfa: ", "");

Any assistance would be appreciated.

0 0 • Reply • Share ›

David Adams Mod > Scott Garcia − ⚑

⏲ 4 months ago
Hi @Scott Garcia,

Thank you for purchasing the advanced package!

Did you add the code to the JS code located at the bottom of the �les? If you reply to the
receipt email and attach your �le, I'll take a look at it.
0 0 • Reply • Share ›

Scott Garcia > David Adams − ⚑

SG ⏲ 4 months ago
Thanks for the help. That was the issue.
1 0 • Reply • Share ›

Daniel Henshaw − ⚑
DH ⏲ 4 months ago
How can I make it only display things based on user security role?
Does the advance version have this?
0 0 • Reply • Share ›

David Adams Mod > Daniel Henshaw − ⚑

⏲ 4 months ago
In the advanced version, it's as simple as the following:
By using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand

21 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

if ($_SESSION['role'] == 'Admin') {
exit('This page is restricted!');
 CodeShack } Packages Tutorials Examples References Tools
1 0 • Reply • Share ›

Daniel Henshaw > David Adams − ⚑

DH ⏲ 4 months ago
No like I wasn't it to show a different page based on role
0 0 • Reply • Share ›

David Adams Mod > Daniel Henshaw − ⚑

⏲ 4 months ago
if ($_SESSION['role'] == 'Admin') {
include 'page.php';
} else {
include 'another-page.php';
}

0 0 • Reply • Share ›

Daniel Henshaw > David Adams − ⚑

DH ⏲ 4 months ago
Ok thank you
0 0 • Reply • Share ›

David Bissonnette − ⚑
DB ⏲ 4 months ago edited
As a heads up if you change "href="pro�le.php" class="fas fa-user-circle" Pro�le" to
"href="home.php"class="fas fa-home" Home" in pro�le.php you can go back and fourth between the
home page and the pro�le page.
Again great tutorial.
1 0 • Reply • Share ›

David Bissonnette − ⚑
DB ⏲ 4 months ago
I had been trying to �nd something like this for a few weeks. This was exactly what I needed. Will
probably purchase the advance version to get the extra bells and whistles. De�nitely bookmarked this
site. Thanks again...
0 0 • Reply • Share ›

Load more comments

Subscribe Privacy Do Not Sell My Data

By using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand

22 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

 CodeShack Packages Tutorials Examples References Tools

By using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand

23 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

 CodeShack Packages Tutorials Examples References Tools

By using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand

24 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

 CodeShack Packages Tutorials Examples References Tools

By using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand

25 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

 CodeShack Packages Tutorials Examples References Tools

By using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand

26 of 27 1/18/23, 03:54
Secure Login System with PHP and MySQL https://codeshack.io/secure-login-system-php-mysql/

 CodeShack Packages Tutorials Examples References Tools

By using this website, you agree that we and our partners may set cookies for purposes such as customising content and advertising. I Understand

27 of 27 1/18/23, 03:54