|
1 | | -# basic-php-login-registration-system |
2 | | -A beginner-friendly, basic login & registration system built with PHP and MySQL. |
| 1 | +# Basic Login & Registration System |
| 2 | + |
| 3 | +This project implements a simple login and registration system with basic security using PHP and MySQL. It is designed to be beginner-friendly, providing a step-by-step guide to creating robust forms, handling user authentication, managing sessions, validating inputs, and interacting securely with a MySQL database. |
| 4 | + |
| 5 | +This system is based on the tutorials "[Secure Login System with PHP and MySQL](https://codeshack.io/secure-login-system-php-mysql/)" and "[Secure Registration System with PHP and MySQL](https://codeshack.io/secure-registration-system-php-mysql/)". |
| 6 | + |
| 7 | +## Features |
| 8 | + |
| 9 | +* **User Registration:** Allows new users to create an account. |
| 10 | +* **User Login:** Securely authenticates users against database records. |
| 11 | +* **Password Hashing:** Uses `password_hash()` and `password_verify()` for secure password management. |
| 12 | +* **Session Management:** Initializes sessions upon login and manages user state. |
| 13 | +* **Page Protection:** Restricts access to certain pages (e.g., home, profile) to logged-in users only. |
| 14 | +* **User Profile Page:** Displays basic account details for the logged-in user. |
| 15 | +* **Logout Functionality:** Allows users to securely end their session. |
| 16 | +* **Form Design:** Clean login (and registration) forms designed with HTML5 and CSS3. |
| 17 | +* **Prepared SQL Queries:** Utilizes prepared statements to prevent SQL injection vulnerabilities. |
| 18 | +* **Input Validation:** Basic server-side validation for form data. |
| 19 | + |
| 20 | +## Requirements |
| 21 | + |
| 22 | +* A web server environment (e.g., XAMPP, WAMP, MAMP, or a live server). |
| 23 | +* PHP |
| 24 | +* MySQL |
| 25 | + |
| 26 | +XAMPP is recommended for local development as it includes PHP, MySQL, Apache, and phpMyAdmin. |
| 27 | + |
| 28 | +## File Structure |
| 29 | + |
| 30 | +The project follows this general file structure: |
| 31 | +/phplogin/ |
| 32 | +|-- index.php # Login form page, redirects if already logged in |
| 33 | +|-- style.css # Stylesheet for all pages |
| 34 | +|-- authenticate.php # Handles login authentication, session creation |
| 35 | +|-- register.php # Registration form |
| 36 | +|-- register-process.php # Handles user registrations |
| 37 | +|-- home.php # Home page for logged-in users |
| 38 | +|-- profile.php # User profile page |
| 39 | +|-- logout.php # Handles user logout (destroys session) |
| 40 | + |
| 41 | +## Database Setup |
| 42 | + |
| 43 | +1. **Create a Database:** |
| 44 | + * Open phpMyAdmin or your preferred MySQL management tool. |
| 45 | + * Create a new database. The article uses the name `phplogin`. |
| 46 | + * Choose `utf8mb4_unicode_ci` as the collation. |
| 47 | + |
| 48 | +2. **Create `accounts` Table:** |
| 49 | + Execute the following SQL query in your `phplogin` database: |
| 50 | + |
| 51 | + ```sql |
| 52 | + CREATE TABLE IF NOT EXISTS `accounts` ( |
| 53 | + `id` int(11) NOT NULL AUTO_INCREMENT, |
| 54 | + `username` varchar(50) NOT NULL, |
| 55 | + `password` varchar(255) NOT NULL, |
| 56 | + `email` varchar(100) NOT NULL, |
| 57 | + `registered` datetime NOT NULL, |
| 58 | + PRIMARY KEY (`id`) |
| 59 | + ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; |
| 60 | + ``` |
| 61 | + |
| 62 | + The article also includes a test account. If you wish to add it: |
| 63 | + ```sql |
| 64 | + INSERT INTO `accounts` (`id`, `username`, `password`, `email`, `registered`) VALUES (1, 'test', '$2y$10$SfhYIDtn.iOuCW7zfoFLuuZHX6lja4lF4XA4JqNmpiH/.P3zB8JCa', 'test@example.com', '2025-01-01 00:00:00'); |
| 65 | + -- Note: The password 'test' is hashed. The registration form should handle hashing for new users. |
| 66 | + ``` |
| 67 | + |
| 68 | +## Installation and Setup |
| 69 | + |
| 70 | +1. **Clone or Download:** |
| 71 | + Place the project files in your web server's document root (e.g., `htdocs/phplogin` if using XAMPP). |
| 72 | +
|
| 73 | +2. **Configure Database Connection:** |
| 74 | + Open the following PHP files and update the database connection variables to match your MySQL setup: |
| 75 | + * `authenticate.php` |
| 76 | + * `profile.php` |
| 77 | + * `register.php` |
| 78 | +
|
| 79 | + ```php |
| 80 | + <?php |
| 81 | + // In authenticate.php, profile.php, etc. |
| 82 | + $DATABASE_HOST = 'localhost'; |
| 83 | + $DATABASE_USER = 'your_mysql_username'; // e.g., 'root' |
| 84 | + $DATABASE_PASS = 'your_mysql_password'; // e.g., '' or your root password |
| 85 | + $DATABASE_NAME = 'phplogin'; // The database name you created |
| 86 | +
|
| 87 | + $con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME); |
| 88 | + if (mysqli_connect_errno()) { |
| 89 | + exit('Failed to connect to MySQL: ' . mysqli_connect_error()); |
| 90 | + } |
| 91 | + // ... rest of the code |
| 92 | + ?> |
| 93 | + ``` |
| 94 | +
|
| 95 | +3. **Start Your Web Server:** |
| 96 | + Ensure Apache and MySQL services are running from your XAMPP control panel (or equivalent). |
| 97 | +
|
| 98 | +4. **Access the Application:** |
| 99 | + Open your web browser and navigate to `http://localhost/phplogin/` (or the appropriate path if you named the folder differently). |
| 100 | +
|
| 101 | +## Usage |
| 102 | +
|
| 103 | +* **Register:** Navigate to `register.php` (or click the "Register" link on the login page) to create a new account. |
| 104 | +* **Login:** Go to `index.php` to log in with your username and password. |
| 105 | +* **Home Page:** After successful login, you will be redirected to `home.php`. |
| 106 | +* **Profile Page:** View your account details on `profile.php`. |
| 107 | +* **Logout:** Click the "Logout" link to end your session. |
| 108 | +
|
| 109 | +## Security Considerations from the Article |
| 110 | +
|
| 111 | +The original article highlights several important security practices: |
| 112 | +
|
| 113 | +* Always use `htmlspecialchars()` when outputting user-provided data to prevent XSS. |
| 114 | +* Use prepared statements for all SQL queries to prevent SQL injection. |
| 115 | +* Hash passwords securely using `password_hash()` and verify them with `password_verify()`. |
| 116 | +* Regenerate session IDs using `session_regenerate_id()` after login to help prevent session fixation. |
| 117 | +* Consider secure session INI settings. |
| 118 | +* Use HTTPS in a production environment. |
| 119 | +* Configure error reporting appropriately for development (`error_reporting(E_ALL)`) versus production (`error_reporting(0)` and log errors to a file). |
| 120 | +* Implement CSRF (Cross-Site Request Forgery) protection for forms. |
| 121 | +
|
| 122 | +## Credits |
| 123 | +
|
| 124 | +* This project is based on the tutorials "[Secure Login System with PHP and MySQL](https://codeshack.io/secure-login-system-php-mysql/)" and "[Secure Registration System with PHP and MySQL](https://codeshack.io/secure-registration-system-php-mysql/)" by David Adams at CodeShack.io. |
| 125 | +* Icons used in the forms are from Font Awesome and Material Design Icons. |
| 126 | +
|
0 commit comments