Creating a Secure Login and Signup System in PHP: A Step-by-Step Guide

Creating a login and signup page in PHP is a common task for web developers. This type of functionality allows users to create an account on your website and then log in to access restricted content or features. In this blog post, we will walk through the process of building a simple login and signup page in PHP.

Step 1: Set up the database

Before we can start creating our login and signup page, we need to set up a database to store our user information. You can use any type of database you prefer, but for this example, we will be using MySQL. Create a new table in your database called “users” and add the following columns: “id”, “username”, “password”, and “email”.

Step 2: Create the signup page

The first step in creating our login and signup page is to create the signup page. This is where users will enter their information to create a new account. Create a new PHP file called “signup.php” and add the following code to it:

<html>
<head>
  <title>Sign Up</title>
</head>
<body>
  <form action="signup-submit.php" method="post">
    <label for="username">Username:</label>
    <input type="text" id="username" name="username" required>
    <br>
    <label for="password">Password:</label>
    <input type="password" id="password" name="password" required>
    <br>
    <label for="email">Email:</label>
    <input type="email" id="email" name="email" required>
    <br>
    <input type="submit" value="Sign Up">
  </form>
</body>
</html>

This code creates a simple HTML form that allows users to enter their username, password, and email. When the user submits the form, the information is sent to the “signup-submit.php” file, which we will create in the next step.

Step 3: Create the signup submit page

The next step is to create the “signup-submit.php” file, which will handle the form submission from the signup page. Add the following code to this file:

<?php
  //connect to the database
  $conn = mysqli_connect("host", "username", "password", "database");

  //get the form data
  $username = $_POST['username'];
  $password = $_POST['password'];
  $email = $_POST['email'];

  //hash the password
  $password = password_hash($password, PASSWORD_DEFAULT);

  //insert the user into the database
  $sql = "INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')";
  mysqli_query($conn, $sql);

  //redirect the user to the login page
  header("Location: login.php");
?>

This code first connects to the database using the mysqli_connect function. It then gets the form data from the signup page and stores it in variables. The password is then hashed using the password_hash function to ensure that the password is securely stored in the database. The script then inserts the user’s information into the “users” table and redirects the user

to the login page.

Step 4: Create the login page

Now that we have a way for users to create an account, we need to create a page where they can log in. Create a new PHP file called “login.php” and add the following code to it:

<html>
<head>
  <title>Log In</title>
</head>
<body>
  <form action="login-submit.php" method="post">
    <label for="username">Username:</label>
    <input type="text" id="username" name="username" required>
    <br>
    <label for="password">Password:</label>
    <input type="password" id="password" name="password" required>
    <br>
    <input type="submit" value="Log In">
  </form>
</body>
</html>

This code is similar to the signup page, but this time we are only asking for the username and password. When the user submits the form, the information is sent to the “login-submit.php” file, which we will create in the next step.

Step 5: Create the login submit page

The final step is to create the “login-submit.php” file, which will handle the form submission from the login page. Add the following code to this file:

<?php
  //connect to the database
  $conn = mysqli_connect("host", "username", "password", "database");

  //get the form data
  $username = $_POST['username'];
  $password = $_POST['password'];

  //get the user from the database
  $sql = "SELECT * FROM users WHERE username='$username'";
  $result = mysqli_query($conn, $sql);
  $user = mysqli_fetch_assoc($result);

  //verify the password
  if (password_verify($password, $user['password'])) {
    //start a session and redirect to the restricted page
    session_start();
    $_SESSION['username'] = $user['username'];
    header("Location: restricted.php");
  } else {
    //redirect to the login page with an error message
    header("Location: login.php?error=invalid");
  }
?>

This code first connects to the database and gets the form data from the login page. It then retrieves the user from the database using the username provided in the form. The script then uses the password_verify function to verify that the password provided in the form matches the hashed password stored in the database. If the password is correct, the script starts a session and redirects the user to a restricted page. If the password is incorrect, the user is redirected back to the login page with an error message.

In conclusion, creating a login and signup page in PHP is a relatively simple task that can be accomplished by following these steps. It’s important to note that this is just a basic example and you should always be aware of security concerns and take the necessary steps to protect your users’ information. such as validating inputs, hashing passwords, and using prepared statements to prevent SQL injection.

Tags: , , ,

Leave a Reply