Build a Basic Login System Using PHP and MySQLi

4th January 2024

Creating a login system in PHP involves several steps, including creating a database table to store user credentials, implementing the login form, validating user input, and handling authentication. Below is a simple example of how to create a basic login system using PHP and MySQLi:

Prerequisites

A basic understanding of PHP.
A basic understanding of databases.

Create a MySQL Database Table to Store User Information

CREATE TABLE users (
    id INT AUTO_INCREMENT PRIMARY KEY,
    username VARCHAR(50) NOT NULL UNIQUE,
    password VARCHAR(255) NOT NULL
);

Create a PHP Script for the Login Form (login.php)

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Registration</title>
</head>
<body>
    <h2>Registration</h2>
    <?php if(isset($registration_error)) { ?>
        <div><?php echo $registration_error; ?></div>
    <?php } ?>
    <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
        <label for="username">Username:</label><br>
        <input type="text" id="username" name="username" required><br><br>
        <label for="password">Password:</label><br>
        <input type="password" id="password" name="password" required><br><br>
        <input type="submit" value="Register">
    </form>
</body>
</html>

Create a PHP Script to Process the Login (login_process.php)

<?php
session_start();

// Database connection parameters
$servername = "localhost";
$username = "username";
$password = "password";
$database = "dbname";

// Create connection
$conn = new mysqli($servername, $username, $password, $database);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

// Function to sanitize user inputs
function sanitize_input($data) {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // Sanitize and validate input data
    $username = sanitize_input($_POST["username"]);
    $password = sanitize_input($_POST["password"]);

    // Hash the password
    $hashed_password = password_hash($password, PASSWORD_DEFAULT);

    // Query to insert user details
    $sql = "INSERT INTO users (username, password) VALUES (?, ?)";
    $stmt = $conn->prepare($sql);
    $stmt->bind_param("ss", $username, $hashed_password);

    if ($stmt->execute()) {
        // Registration successful, redirect to login page
        header("Location: login.php");
        exit;
    } else {
        // Registration failed
        $registration_error = "Registration failed. Please try again.";
    }
}

// Close database connection
$conn->close();
?>

In the above example:

password_hash() is used to hash passwords before storing them in the database.
password_verify() is used to verify hashed passwords during login.
Session management is done using $_SESSION superglobal variables.
Input validation is performed using htmlspecialchars() to prevent XSS attacks and trim() to remove whitespace.
Prepared statements are used to prevent SQL injection attacks.

Make sure to replace "localhost", "username", "password", and "dbname" with your actual database connection details. Additionally, you may need to adjust the code according to your database schema.

Conclusion

This is a basic example of a login system in PHP. Always consider security best practices when developing a login system, such as password hashing and salting, session management, input validation, using prepared statements to prevent SQL injection attacks and using bcrypt or Argon2 for password hashing.

Is this still valid in 2024? Please let me know in the comments below.