Free Download Now Secure PHP Login & User Management Script is an user friendly script for manage your websites. This Free Download PHP Login & User Management Script allows you to easily Create, Modify and Delete your users, Edit the login password and email of your registered users in just a few minutes without any knowledge of php programming language. You can manage as many online pages or applications with single script.
Our Secure Php Login & User Management Script is a complete PHP package which helps you to create your own login and user management system. Our library contains an array of useful code elements that you can simply plug and play in order to build an administrative panel for your site or application.
Creating the Login Form Design
We need a login form for our websites users to interact with and enter their details. We will be using HTML and CSS for this part of the tutorial as PHP will not be necessary on this page.
Edit the index.html file with your favorite code editor as we’re going to edit this file and add the login form code.
Add the following code:HTMLCopy
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Login</title>
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.7.1/css/all.css">
</head>
<body>
<div class="login">
<h1>Login</h1>
<form action="authenticate.php" method="post">
<label for="username">
<i class="fas fa-user"></i>
</label>
<input type="text" name="username" placeholder="Username" id="username" required>
<label for="password">
<i class="fas fa-lock"></i>
</label>
<input type="password" name="password" placeholder="Password" id="password" required>
<input type="submit" value="Login">
</form>
</div>
</body>
</html>What this will look like if we navigate to the index page in our web browser:http://localhost/phplogin/index.html
Pretty basic right? Let’s open up our style.css file and add the following code:CSSCopy
* {
box-sizing: border-box;
font-family: -apple-system, BlinkMacSystemFont, "segoe ui", roboto, oxygen, ubuntu, cantarell, "fira sans", "droid sans", "helvetica neue", Arial, sans-serif;
font-size: 16px;
-webkit-font-smoothing: antialiased;
-moz-osx-font-smoothing: grayscale;
}
body {
background-color: #435165;
}
.login {
width: 400px;
background-color: #ffffff;
box-shadow: 0 0 9px 0 rgba(0, 0, 0, 0.3);
margin: 100px auto;
}
.login h1 {
text-align: center;
color: #5b6574;
font-size: 24px;
padding: 20px 0 20px 0;
border-bottom: 1px solid #dee0e4;
}
.login form {
display: flex;
flex-wrap: wrap;
justify-content: center;
padding-top: 20px;
}
.login form label {
display: flex;
justify-content: center;
align-items: center;
width: 50px;
height: 50px;
background-color: #3274d6;
color: #ffffff;
}
.login form input[type="password"], .login form input[type="text"] {
width: 310px;
height: 50px;
border: 1px solid #dee0e4;
margin-bottom: 20px;
padding: 0 15px;
}
.login form input[type="submit"] {
width: 100%;
padding: 15px;
margin-top: 20px;
background-color: #3274d6;
border: 0;
cursor: pointer;
font-weight: bold;
color: #ffffff;
transition: background-color 0.2s;
}
.login form input[type="submit"]:hover {
background-color: #2868c7;
transition: background-color 0.2s;
}We need to include our stylesheet in our index.html file so we must add the following code to the head section:HTMLCopy
<link href="style.css" rel="stylesheet" type="text/css">And now if we refresh the index.html page in our web browser our login form will look more appealing:http://localhost/phplogin/index.html
Let’s narrow down the form so we can get a better understanding on what’s going on.
- Form — We need to use both the action and post attributes. The action attribute will be set to the authentication file. When the form is submitted, the form data will be sent to the authentication file for processing. In addition, the method is declared as post as this will allow us to process the form data using the POST request method.
- Input (text/password) — We need to name our form fields so the server can recognize them. The value of the attribute name we can declare as username, which we can use to retrieve the post variable in our authentication file to get the data, for example: $_POST[‘username’].
- Input (submit) — On form submission the data will be sent to our authentication file for processing.
Creating the Registration Form
Let’s create another PHP file “register.php” and put the following example code in it. This example code will create a web form that allows user to register themselves.
This script will also generate errors if a user tries to submit the form without entering any value, or if username entered by the user is already taken by another user.
Example
Procedural Object Oriented PDODownload
<?php
// Include config file
require_once "config.php";
// Define variables and initialize with empty values
$username = $password = $confirm_password = "";
$username_err = $password_err = $confirm_password_err = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Validate username
if(empty(trim($_POST["username"]))){
$username_err = "Please enter a username.";
} elseif(!preg_match('/^[a-zA-Z0-9_]+$/', trim($_POST["username"]))){Creating the Database and setting-up Tables
For this part, you will need to access your MySQL database, either using phpMyAdmin or your preferred MySQL database management application.
Follow the below instructions if you’re using phpMyAdmin.
- Navigate to: http://localhost/phpmyadmin/
- Click the Databases tab at the top
- Under Create database, type in phplogin in the text box
- Select utf8_general_ci as the collation
- Click Create
You can use your own database name, but for this tutorial, we’ll use phplogin.
What we need now is an accounts table as this will store all the accounts (usernames, passwords, emails, etc) that are registered with the system.
How to run the User Registration & Login and User Management System With admin panel Project
1. Download the zip file
2. Extract the file and copy loginsystem folder
3.Paste inside root directory(for xampp xampp/htdocs, for wamp wamp/www, for lamp var/www/html)
4. Open PHPMyAdmin (http://localhost/phpmyadmin)
5. Create a database with name loginsystem
6. Import loginsystem.sql file(given inside the zip package in SQL file folder)
7.Run the script http://localhost/loginsystem (frontend)
8. For admin Panel http://localhost/loginsystem/admin
Credential for admin panel :
Username: admin
Password: Test@12345
Credential for user panel :
Username: phpgurukulteam@gmail.com
Password : Test@123
Authenticating Users with PHP
Now that we have our database setup, we can go ahead and start coding with PHP. We’re going to start with the authentication file, which will process and validate the form data that we’ll send from our index.html file.
Edit the authenticate.php file and add the following:PHPCopy
<?php
session_start();
// Change this to your connection info.
$DATABASE_HOST = 'localhost';
$DATABASE_USER = 'root';
$DATABASE_PASS = '';
$DATABASE_NAME = 'phplogin';
// Try and connect using the info above.
$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
if ( mysqli_connect_errno() ) {
// If there is an error with the connection, stop the script and display the error.
exit('Failed to connect to MySQL: ' . mysqli_connect_error());
}The first thing we have to do is start the session as this allows us to preserve account details on the server and will be used later on to remember logged-in users.
Connecting to the database is essential. Without it, how can we retrieve and store information related to our users? Therefore, we must make sure to update the variables to reflect our MySQL database credentials.
Add below:PHPCopy
// Now we check if the data from the login form was submitted, isset() will check if the data exists.
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
exit('Please fill both the username and password fields!');
}This will make sure the form data exists, whereas if the user tries to access the file without submitting the form, it will output a simple error.
Add below:PHPCopy
// Prepare our SQL, preparing the SQL statement will prevent SQL injection.
if ($stmt = $con->prepare('SELECT id, password FROM accounts WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s"
$stmt->bind_param('s', $_POST['username']);
$stmt->execute();
// Store the result so we can check if the account exists in the database.
$stmt->store_result();
$stmt->close();
}
?>This will prepare the SQL statement that will select the id and password columns from the accounts table. It will bind the username to the SQL statement, execute, and then store the result.
After this line:
$stmt->store_result();Add:PHPCopy
if ($stmt->num_rows > 0) {
$stmt->bind_result($id, $password);
$stmt->fetch();
// Account exists, now we verify the password.
// Note: remember to use password_hash in your registration file to store the hashed passwords.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has logged-in!
// Create sessions, so we know the user is logged in, they basically act like cookies but remember the data on the server.
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $_POST['username'];
$_SESSION['id'] = $id;
echo 'Welcome ' . $_SESSION['name'] . '!';
} else {
// Incorrect password
echo 'Incorrect username and/or password!';
}
} else {
// Incorrect username
echo 'Incorrect username and/or password!';
}First, we need to check if the query has returned any results. If the username doesn’t exist in the database then there would be no results.
If the username exists, we can bind the results to the variables: $id and $password.
Subsequently, we proceed to verify the password with the password_verify function. Only passwords that were created with the password_hash function will work.
If you don’t want to use any password encryption method, you can simply replace the following code:PHPCopy
if (password_verify($_POST['password'], $password)) {With:PHPCopy
if ($_POST['password'] === $password) {Upon successful authentication from the user, session variables will be initialized and remembered throughout the entire process. These session variables are stored on the server and in the user’s browser as we’ll use these variables to determine if the user is logged-in or not, and to associate the session variables with our retrieved MySQL database results.
Now we can test the login system and make sure the authentication works correctly, navigate to http://localhost/phplogin/index.html
Conclusion
Easy to install. Easy to manage. Simple and effective is your network User Security system. Visit our demo site for full functionality of our secure Php Login and User Management Script.
No Comment.