PHP Login and Registration System Using PDO Connection

By | December 12, 2016

In our previous tutorial we explained how to implement Simple Login System using PHP and MySQL In today’s tutorial we will check more secure methodĀ for Login and registration system using PDO connection. It can be used while working with different database systems like Oracle, ,MySQL, Postgre SQL. For this tutorial we will use MySQL. It is recommended that you are running PHP version 5.5, only then password hashing functions will work. We have used Bootstrap to design our form. Login script will be provided for download.

PHP Login and Registration System Using PDO Connection

Live Demo

Download

PHP Login and Registration System using PDO connection

We will be using 6 files

  • db.php
  • registration.php
  • login.php
  • user_class.php
  • welcome.php
  • logout.php

We have created a database pdo_login and we will create table users with fields id, email and password.


CREATE DATABASE `pdo_login` ;

CREATE TABLE IF NOT EXISTS `users` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`email` varchar(55) NOT NULL,
`password` varchar(55) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=18 ;

db.php

This file contains an object user_class and using that object we will call various functions in user_class.php file. You will need to modify username, password PDO() connection value depending on your database.


<?php session_start(); $host = "localhost"; $user = "root"; $password = ""; $database = "pdo_login"; try { $dbconn = new PDO("mysql:host={$host};dbname={$database}",$user,$password); $dbconn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
require_once('user_class.php');

$user_class = new user_class($dbconn);
?>

Registration.php

In registration.php we will input email id and password. If user enters unique email ID then user will be registered or else user will have to input new email id.

<!DOCTYPE html>
<html>
<head>
 <title></title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>


<style>
body {
 
 background-color: #808080;

}
.sign-up-title {
 position: relative;
 top:20px;
 margin: -25px -25px 25px;
 padding: 15px 25px;
 line-height: 35px;
 font-size: 26px;
 font-weight: 300;
 color: #aaa;
 text-align: center;
 text-shadow: 0 1px rgba(255, 255, 255, 0.75);
 background: #f7f7f7;
}
.sign-up-button {
 position: relative;
 vertical-align: top;
 width: 20%;
 height: 54px;
 padding: 0;
 font-size: 22px;
 color: white;
 text-align: center;
 text-shadow: 0 1px 2px rgba(0, 0, 0, 0.25);
 background: #f0776c;
 border: 0;
 border-bottom: 2px solid #d76b60;
 border-radius: 5px;
 cursor: pointer;
 -webkit-box-shadow: inset 0 -2px #d76b60;
 box-shadow: inset 0 -2px #d76b60;
}

.sign-up-input {
 width: 20%;
 height: 50px;
 margin-bottom: 25px;
 padding: 0 15px 2px;
 font-size: 17px;
 background: white;
 border: 2px solid #ebebeb;
 border-radius: 4px;
 -webkit-box-shadow: inset 0 -2px #ebebeb;
 box-shadow: inset 0 -2px #ebebeb;
}

.sign-up
{
 position: relative;
 left:550px;
 top:130px;
}

body{
 overflow-x:hidden;

}

}

</style>



</head>
</head>
<body>


<h1 class="sign-up-title">Sign up in seconds</h1>



<div id="main">


<form class="sign-up" method="post" action="">

 <input type="text" class="sign-up-input" placeholder="Enter your Email" name="email" autofocus="">
 <input type="password" class="sign-up-input" placeholder="Choose a Strong Password" name="password">
 <input type="submit" value="Sign Up" class="sign-up-button" name="btn_submit">
 </form>




<h5 style="position:relative; top:140px; left:580px; font-size:20px; ">Already a user? <a href="login.php" style="color:#ba0101">Login</a></h5>


</div>


</body>
</html>

<?php require_once('db.php'); if(isset($_POST['btn_submit'])) { $uemail = trim($_POST['email']); $upassword = trim($_POST['password']); try { $stmt = $dbconn->prepare("SELECT email,password FROM users WHERE email=:user_email OR password=:user_password");
 $stmt->execute(array(':user_email'=>$uemail, ':user_password'=>$upassword));
 $row=$stmt->fetch(PDO::FETCH_ASSOC);
 
 if($row['email']==$uemail) {
 
 ?>
 


<div class="alert alert-danger" style="position:relative;top:-250px;">
 <strong>Danger!</strong> <?php echo "Email already exists";?>
 </div>




<?php } else { if($user_class->register($uemail,$upassword)) 
 {
 header("Location: login.php");
 
 }
 }
 }
 catch(PDOException $e)
 {
 echo $e->getMessage();
 }

 
}

?>

Login.php

In this file we will input email id and password to check user is registered if yes then he will be redirected to home page (welcome.php).

<!DOCTYPE html>
<html>
<head>
 <title></title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">

<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>

<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<link rel="stylesheet" href="bootstrap/css/bootstrap.min.css" type="text/css" />



<style>
body {
 
 background-color: #808080;

}
.sign-up-title {
 position: relative;
 top:20px;
 margin: -25px -25px 25px;
 padding: 15px 25px;
 line-height: 35px;
 font-size: 26px;
 font-weight: 300;
 color: #aaa;
 text-align: center;
 text-shadow: 0 1px rgba(255, 255, 255, 0.75);
 background: #f7f7f7;
}
.sign-up-button {
 position: relative;
 vertical-align: top;
 width: 20%;
 height: 54px;
 padding: 0;
 font-size: 22px;
 color: white;
 text-align: center;
 text-shadow: 0 1px 2px rgba(0, 0, 0, 0.25);
 background: #f0776c;
 border: 0;
 border-bottom: 2px solid #d76b60;
 border-radius: 5px;
 cursor: pointer;
 -webkit-box-shadow: inset 0 -2px #d76b60;
 box-shadow: inset 0 -2px #d76b60;
}

.sign-up-input {
 width: 20%;
 height: 50px;
 margin-bottom: 25px;
 padding: 0 15px 2px;
 font-size: 17px;
 background: white;
 border: 2px solid #ebebeb;
 border-radius: 4px;
 -webkit-box-shadow: inset 0 -2px #ebebeb;
 box-shadow: inset 0 -2px #ebebeb;
}

.sign-up
{
 position: relative;
 left:550px;
 top:130px;
}

body{
 overflow-x:hidden;


}

}

</style>



</head>
</head>
<body>




<h1 class="sign-up-title">Login</h1>




<div class="form-container">
 <?php if(isset($error)) { ?>



<div class="alert alert-danger">
 <i class="glyphicon glyphicon-warning-sign"></i> &nbsp; <?php echo $error; ?> !
 </div>


 <?php } ?>


<div id="main">



<form class="sign-up" method="post" action="">
 <input type="text" class="sign-up-input" placeholder="Enter your Email" name="email" autofocus="">
 <input type="password" class="sign-up-input" placeholder="Enter your Password" name="password">
 <input type="submit" value="Login" class="sign-up-button" name="btn_submit">
 </form>




<h5 style="position:relative; top:140px; left:570px; font-size:20px; ">New User? <a href="registration.php" style="color:#ba0101">Register here</a></h5>


</div>


</div>



</body>
</html>

<?php require_once('db.php'); if(isset($_POST['btn_submit'])) { $uemail = $_POST['email']; $upassword = $_POST['password']; if($user_class->login($uemail,$upassword))
 {
 header("Location: welcome.php");

 } 
}
?>

User_class.php

In the class file we have three functions register(), login() and is_loggedin(). Register function will be used to register new users with email id and password.

We have used password_hash() inbuilt function which only runs on version PHP 5.5 to use strong password. Login function uses password_verify() to check hashed password from the database to compare with the user provided password. If they match then user will be redirected to welcome.php and session will be started.

<?php require_once('db.php'); class user_class { private $db; function __construct($dbconn) { $this->db = $dbconn;
 }

 public function is_loggedin()
 {
 if(isset($_SESSION['user_session']))
 {
 return true;
 }
 }
 public function register($uemail,$upassword)
 {
 try
 {
 $newpass = password_hash($upassword, PASSWORD_DEFAULT);
 
 $stmt = $this->db->prepare("INSERT INTO users(email,password) 
 VALUES(:uemail, :upassword)");
 

 $stmt->bindparam(":uemail", $uemail);
 $stmt->bindparam(":upassword", $newpass); 
 
 $stmt->execute(); 
 
 return $stmt; 
 }
 catch(PDOException $e)
 {
 echo $e->getMessage();
 } 
 }
 public function login($uemail,$upassword)
 {
 try
 {
 $stmt = $this->db->prepare("SELECT * FROM users WHERE email=:uemail AND password=:upassword");
 $stmt->execute(array(':uemail'=>$uemail, ':upassword'=>$upassword));
 $userRow=$stmt->fetch(PDO::FETCH_ASSOC);
 if($stmt->rowCount() > 0)
 {

 
 $_SESSION['user_session'] = $userRow['id'];

 if(password_verify($upass, $userRow['user_pass']))
 return true;
 }
 else
 {
 ?>



<div class="alert alert-danger" style="position:relative;top:-250px;">
 <strong>Danger!</strong> <?php echo "Invalid username or password";?>
 </div>



 <?php return false; } } catch(PDOException $e) { echo $e->getMessage();
 }
 }
 
} 
?> 

Welcome.php

Welcome.php file is the dashboard or homepage after successful login. If the user clicks on logout user’s session will be destroyed.

<?php require_once("db.php"); if(!$user_class->is_loggedin())
{
 $user_class->redirect('login.php');
}

$id = $_SESSION['user_session']; 

$stmt = $dbconn->prepare("SELECT * FROM users WHERE id=:user_id");
$stmt->execute(array(":user_id"=>$id));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);

?>

<!DOCTYPE html>
<html>
<head>
 <title></title>

<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">

<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>

<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>

</head>
<body>


<nav class="navbar navbar-default">

<div class="container-fluid">
 <!-- Brand and toggle get grouped for better mobile display -->

<div class="navbar-header">
 <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
 <span class="sr-only">Toggle navigation</span>
 <span class="icon-bar"></span>
 <span class="icon-bar"></span>
 <span class="icon-bar"></span>
 </button>
 <a class="navbar-brand" href="#">TechPlugg Dashboard</a>
 </div>


 

<ul class="nav navbar-nav navbar-right">
 

<li class="dropdown">
 <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Hi <?php print($userRow['email']); ?> <span class="caret"></span></a>

<ul class="dropdown-menu">

<li><a href="<?php echo "logout.php"?>">Logout</a></li>

 
 
 </ul>

 </li>

 </ul>

 </div>

<!-- /.navbar-collapse -->
 </div>

<!-- /.container-fluid -->
</nav>



<div class="jumbotron">
<center>

<h1>Welcome to TechPlugg</h1>



We are a Tech Blog with Programming tutorials



<a class="btn btn-primary btn-lg" href="http://www.techplugg.com" role="button">Visit Blog</a>

</center>
</div>

 

</body>
</html>

logout.php

Logout.php will destroy user’s session and user will be redirected to login page.

<?php session_start(); session_destroy(); header('Location: login.php'); ?>

Note: We have provided the code for download. Another copy of the code will be provided with md5() function for PHP versions below 5.5. You can modify code as per your needs and this code is free to use.

If you liked PHP Login and Registration System using PDO then please share it with your friends.