Creating a PHP login page with MySQL is a fundamental step in building secure and user-friendly websites. In this article, I will guide you through the process of creating a robust login system using PHP and MySQL.
Setting up the Database
The first step is to set up the database that will store the user login credentials. Start by creating a new MySQL database and a table to store the user information. The table should have columns for username, password, and any other relevant user data you want to collect.
CREATE DATABASE mylogin;
USE mylogin;
CREATE TABLE users (
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(30) NOT NULL,
password VARCHAR(30) NOT NULL
);
Creating the PHP Login Page
Now let’s create the PHP login page that will allow users to enter their credentials and log in to your website. Start by creating a new PHP file, e.g., login.php.
<?php
session_start();
if(isset($_POST['submit'])){
// Retrieve input values
$username = $_POST['username'];
$password = $_POST['password'];
// Validate input
// ...
// Check if user exists in the database
// ...
// Verify password
// ...
// Redirect to homepage upon successful login
// ...
}
?>
<!DOCTYPE html>
Login
Login
Validating Input
When dealing with user input, it is essential to validate and sanitize the data to protect against potential security threats. Use PHP filters and regular expressions to ensure that the username and password meet the required criteria.
// Validate username
if(!preg_match("/^[a-zA-Z0-9]{5,30}$/", $username)){
// Invalid username
}
// Validate password
if(strlen($password) < 4 || strlen($password) > 30){
// Invalid password
}
Checking User Existence
To check if the entered username exists in the database, execute a MySQL query and fetch the results. If a matching record is found, proceed to verify the password.
// Check if user exists
$query = "SELECT * FROM users WHERE username = '$username'";
$result = mysqli_query($conn, $query);
if(mysqli_num_rows($result) == 1){
// User exists, proceed to verify password
} else{
// User does not exist
}
Verifying Password
When verifying the password, avoid storing plain text passwords in the database. Instead, store hashed passwords using a strong encryption algorithm such as bcrypt or Argon2. Compare the hashed password stored in the database with the provided password using the password_verify() function.
// Verify password
$row = mysqli_fetch_assoc($result);
if(password_verify($password, $row['password'])){
// Password is correct, log in the user
} else{
// Incorrect password
}
Redirecting After Login
Upon successful login, you can set session variables to store user information and redirect the user to the homepage or any other desired page. For example:
// Store user information in session
$_SESSION['user_id'] = $row['id'];
$_SESSION['username'] = $row['username'];
// Redirect to homepage
header("Location: homepage.php");
exit();
Conclusion
Creating a PHP login page with MySQL is an essential skill for any web developer. By following the steps outlined in this article, you can build a secure login system that allows users to authenticate and access the protected areas of your website. Remember to validate user input, hash passwords, and implement session management to ensure the highest level of security.
For a practical example of a PHP login page, you can check out our demo login page and see the concepts discussed in this article in action.
