Simple Login with php & mysql ~ Welcome To Mainak's Blog

Creating the Database Table:-

Execute the following SQL query to create the users table inside your MySql database.

CREATE TABLE users ( id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, username VARCHAR(50) NOT NULL UNIQUE, password VARCHAR(255) NOT NULL, created_at DATETIME DEFAULT CURRENT_TIMESTAMP );

create config.php :-

<?php

define('DB_SERVER', 'localhost');

define('DB_USERNAME', 'root');

define('DB_PASSWORD', '');

define('DB_NAME', 'demo');

/* Attempt to connect to MySQL database */

$link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME);

// Check connection

if($link === false){

die("ERROR: Could not connect. " . mysqli_connect_error());

}

create register.php :-

<?php

// Include config file

require_once "config.php";

// Define variables and initialize with empty values

$username = $password = $confirm_password = "";

$username_err = $password_err = $confirm_password_err = "";

// Processing form data when form is submitted

if($_SERVER["REQUEST_METHOD"] == "POST"){

// Validate username

if(empty(trim($_POST["username"]))){

$username_err = "Please enter a username.";

} else{

// Prepare a select statement

$sql = "SELECT id FROM users WHERE username = ?";

if($stmt = mysqli_prepare($link, $sql)){

// Bind variables to the prepared statement as parameters

mysqli_stmt_bind_param($stmt, "s", $param_username);

// Set parameters

$param_username = trim($_POST["username"]);

// Attempt to execute the prepared statement

if(mysqli_stmt_execute($stmt)){

/* store result */

mysqli_stmt_store_result($stmt);

if(mysqli_stmt_num_rows($stmt) == 1){

$username_err = "This username is already taken.";

} else{

$username = trim($_POST["username"]);

}

} else{

echo "Oops! Something went wrong. Please try again later.";

}

// Close statement

mysqli_stmt_close($stmt);

}

// Validate password

if(empty(trim($_POST["password"]))){

$password_err = "Please enter a password.";

} elseif(strlen(trim($_POST["password"])) < 6){

$password_err = "Password must have atleast 6 characters.";

} else{

$password = trim($_POST["password"]);

}

// Validate confirm password

if(empty(trim($_POST["confirm_password"]))){

$confirm_password_err = "Please confirm password.";

} else{

$confirm_password = trim($_POST["confirm_password"]);

if(empty($password_err) && ($password != $confirm_password)){

$confirm_password_err = "Password did not match.";

}

// Check input errors before inserting in database

if(empty($username_err) && empty($password_err) && empty($confirm_password_err)){

// Prepare an insert statement

$sql = "INSERT INTO users (username, password) VALUES (?, ?)";

if($stmt = mysqli_prepare($link, $sql)){

// Bind variables to the prepared statement as parameters

mysqli_stmt_bind_param($stmt, "ss", $param_username, $param_password);

// Set parameters

$param_username = $username;

$param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash

// Attempt to execute the prepared statement

if(mysqli_stmt_execute($stmt)){

// Redirect to login page

header("location: login.php");

} else{

echo "Something went wrong. Please try again later.";

}

// Close statement

mysqli_stmt_close($stmt);

}

// Close connection

mysqli_close($link);

}

<!DOCTYPE html>

<head>

body{ font: 14px sans-serif; }

.wrapper{ width: 350px; padding: 20px; }

</style>

</head>

<body>

<p>Please fill this form to create an account.</p>

<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">

<label>Username</label>

</div>

<label>Password</label>

</div>

<label>Confirm Password</label>

</div>

</div>

<p>Already have an account? <a href="login.php">Login here</a>.</p>

</form>

</div>

</body>

</html>

Create login.php :-

<?php

// Initialize the session

session_start();

// Check if the user is already logged in, if yes then redirect him to welcome page

if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){

header("location: welcome.php");

exit;

}

// Include config file

require_once "config.php";

// Define variables and initialize with empty values

$username = $password = "";

$username_err = $password_err = "";

// Processing form data when form is submitted

if($_SERVER["REQUEST_METHOD"] == "POST"){

// Check if username is empty

if(empty(trim($_POST["username"]))){

$username_err = "Please enter username.";

} else{

$username = trim($_POST["username"]);

}

// Check if password is empty

if(empty(trim($_POST["password"]))){

$password_err = "Please enter your password.";

} else{

$password = trim($_POST["password"]);

}

// Validate credentials

if(empty($username_err) && empty($password_err)){

// Prepare a select statement

$sql = "SELECT id, username, password FROM users WHERE username = ?";

if($stmt = mysqli_prepare($link, $sql)){

// Bind variables to the prepared statement as parameters

mysqli_stmt_bind_param($stmt, "s", $param_username);

// Set parameters

$param_username = $username;

// Attempt to execute the prepared statement

if(mysqli_stmt_execute($stmt)){

// Store result

mysqli_stmt_store_result($stmt);

// Check if username exists, if yes then verify password

if(mysqli_stmt_num_rows($stmt) == 1){

// Bind result variables

mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password);

if(mysqli_stmt_fetch($stmt)){

if(password_verify($password, $hashed_password)){

// Password is correct, so start a new session

session_start();

// Store data in session variables

$_SESSION["loggedin"] = true;

$_SESSION["id"] = $id;

$_SESSION["username"] = $username;

// Redirect user to welcome page

header("location: welcome.php");

} else{

// Display an error message if password is not valid

$password_err = "The password you entered was not valid.";

}

} else{

// Display an error message if username doesn't exist

$username_err = "No account found with that username.";

}

} else{

echo "Oops! Something went wrong. Please try again later.";

}

// Close statement

mysqli_stmt_close($stmt);

}

// Close connection

mysqli_close($link);

}

<!DOCTYPE html>

<head>

<title>Login</title>

body{ font: 14px sans-serif; }

.wrapper{ width: 350px; padding: 20px; }

</style>

</head>

<body>

<h2>Login</h2>

<p>Please fill in your credentials to login.</p>

<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">

<label>Username</label>

</div>

<label>Password</label>

</div>

</div>

<p>Don't have an account? <a href="register.php">Sign up now</a>.</p>

</form>

</div>

</body>

</html>

Saturday, October 27, 2018