1. Database Setup (MySQL)
First, create a database and a table to store the users' data. This table will have fields for storing a user's ID, username, password, and email.
SQL for Creating the Database and User Table:
CREATE DATABASE user_system;
USE user_system;
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL UNIQUE,
email VARCHAR(100) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL
);
2. Signup Page (signup.php)
The signup form will capture the user's input (username, email, and password) and store it in the database after validation.
signup.php:
<?php
// Database configuration
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "user_system";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// Handling form submission
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = $_POST['username'];
$email = $_POST['email'];
$password = password_hash($_POST['password'], PASSWORD_BCRYPT); // Encrypting password
// Check if the username or email is already taken
$checkUserQuery = "SELECT * FROM users WHERE username = ? OR email = ?";
$stmt = $conn->prepare($checkUserQuery);
$stmt->bind_param("ss", $username, $email);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
echo "Username or email already exists!";
} else {
// Insert the user data into the database
$sql = "INSERT INTO users (username, email, password) VALUES (?, ?, ?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param("sss", $username, $email, $password);
if ($stmt->execute()) {
echo "Signup successful!";
} else {
echo "Error: " . $stmt->error;
}
}
$stmt->close();
}
$conn->close();
?>
<!-- HTML form for signup -->
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Signup</title>
</head>
<body>
<h2>Signup</h2>
<form action="signup.php" method="post">
<label for="username">Username:</label>
<input type="text" id="username" name="username" required><br><br>
<label for="email">Email:</label>
<input type="email" id="email" name="email" required><br><br>
<label for="password">Password:</label>
<input type="password" id="password" name="password" required><br><br>
<input type="submit" value="Signup">
</form>
</body>
</html>
3. Login Page (login.php)
The login form will allow users to log in by verifying their username and password against the database.
login.php:
<?php
// Database configuration
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "user_system";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// Handling form submission
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = $_POST['username'];
$password = $_POST['password'];
// Retrieve user information from the database
$sql = "SELECT * FROM users WHERE username = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows == 1) {
$user = $result->fetch_assoc();
// Verify the password
if (password_verify($password, $user['password'])) {
echo "Login successful!";
// You can set session variables here if needed
session_start();
$_SESSION['username'] = $username;
// Redirect the user to a dashboard or homepage
} else {
echo "Incorrect password!";
}
} else {
echo "No user found with this username!";
}
$stmt->close();
}
$conn->close();
?>
<!-- HTML form for login -->
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login</title>
</head>
<body>
<h2>Login</h2>
<form action="login.php" method="post">
<label for="username">Username:</label>
<input type="text" id="username" name="username" required><br><br>
<label for="password">Password:</label>
<input type="password" id="password" name="password" required><br><br>
<input type="submit" value="Login">
</form>
</body>
</html>
4. Security Considerations
1. Password Hashing: The password_hash() and password_verify() functions ensure secure password storage and comparison by hashing passwords before saving them in the database. Never store plain-text passwords.
2. SQL Injection Protection: Using prepared statements ($stmt->bind_param()) in the SQL queries prevents SQL injection attacks.
3. Sessions: In the login process, you can set up PHP sessions to manage the user's logged-in state (as shown briefly in the login script). You can also add session timeout mechanisms and secure session management.
5. File Structure
Your folder structure should look like this:
/project-root
├── signup.php
├── login.php
├── /assets (optional for CSS/JS files)
└── /config (optional for configuration)
6. Running the Project
1. Local Development: You can use a local development environment like XAMPP or WAMP to run PHP and MySQL on your computer.
Place your project folder in the htdocs directory (for XAMPP) or the equivalent directory for your environment.
Access your project by navigating to http://localhost/project-root/signup.php and http://localhost/project-root/login.php.
2. Hosting the Project: If you're using a live server, make sure you configure your database credentials in the PHP files correctly ($servername, $username, $password, and $dbname). Upload the files via FTP or your server's dashboard.
7. Conclusion
You now have a basic login and signup system using PHP and MySQL. This setup can be extended by adding features such as email verification, password reset functionality, and role-based access control. Always ensure to secure your application by following best practices, such as using SSL for secure connections and sanitizing user inputs.
