PHP MySQL Login System – A Super Simple Tutorial

Hello everyone,
In this post we are going to create a very simple PHP MySQL login system. At the beginning, we will show a registration form to users and store user given data into MySQL database. Then we will create a login page where we take username and password and let users logged in if username & password combination is correct.

Skills you need

Basic knowledge on PHP, MySQL and HTML
In the registration form, we will not sensitize and validate user provided data to keep it as simple as possible. If you don’t know anything about PHP serer-side form validation, I strongly suggest you to check this post below.

• How to Validate Form with PHP – Server Side Validation

At first, we need to create MySQL database, lets create name it to “php_mysql_login_system” (or of course you can use an existing one). After that,  create a table within the database and name it “users” as all registered users’ information will be stored here. Use the following SQL query below to create the table.

MySQL

CREATE TABLE IF NOT EXISTS `users` ( `id` int(11) NOT NULL AUTO_INCREMENT, `username` varchar(255) NOT NULL, `password` varchar(255) NOT NULL, `first_name` varchar(255) NOT NULL, `last_name` varchar(255) NOT NULL, `email` varchar(255) NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `username` (`username`), UNIQUE KEY `email` (`email`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

1 2 3 4 5 6 7 8 9 10 11

CREATE TABLE IF NOT EXISTS `users` (   `id` int(11) NOT NULL AUTO_INCREMENT,   `username` varchar(255) NOT NULL,   `password` varchar(255) NOT NULL,   `first_name` varchar(255) NOT NULL,   `last_name` varchar(255) NOT NULL,   `email` varchar(255) NOT NULL,   PRIMARY KEY (`id`),   UNIQUE KEY `username` (`username`),   UNIQUE KEY `email` (`email`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

You can also take help of phpMyAdmin – GUI MySQL DBMS, to create the table if you’re a lazy dev too.
We will use MySQLi (MySQL Improved) to do all database operations from PHP.

The Registration Form

db_const.php

PHP

<?php # mysql db constants DB_HOST, DB_USER, DB_PASS, DB_NAME const DB_HOST = 'SERVER'; const DB_USER = 'USER'; const DB_PASS = 'PASSWORD'; const DB_NAME = 'php_mysql_login_system'; ?>

1 2 3 4 5 6 7

<?php # mysql db constants DB_HOST, DB_USER, DB_PASS, DB_NAME const DB_HOST = 'SERVER'; const DB_USER = 'USER'; const DB_PASS = 'PASSWORD'; const DB_NAME = 'php_mysql_login_system'; ?>

register.php

XHTML

<html> <head> <title>User registration form- PHP MySQL Ligin System | W3Epic.com</title> </head> <body> <h1> User registration form- PHP MySQL Ligin System | W3Epic.com</h1> <?php require_once("db_const.php"); if (!isset($_POST['submit'])) { ?> <!-- The HTML registration form --> <form action="<?=$_SERVER['PHP_SELF']?> " method="post"> Username: <input type="text" name="username" /><br /> Password: <input type="password" name="password" /><br /> First name: <input type="text" name="first_name" /><br /> Last name: <input type="text" name="last_name" /><br /> Email: <input type="type" name="email" /><br /> <input type="submit" name="submit" value="Register" /> </form> <?php } else { ## connect mysql server $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME); # check connection if ($mysqli->connect_errno) { echo "<p> MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p> "; exit(); } ## query database # prepare data for insertion $username = $_POST['username']; $password = $_POST['password']; $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $email = $_POST['email']; # check if username and email exist else insert $exists = 0; $result = $mysqli->query("SELECT username from users WHERE username = '{$username}' LIMIT 1"); if ($result->num_rows == 1) { $exists = 1; $result = $mysqli->query("SELECT email from users WHERE email = '{$email}' LIMIT 1"); if ($result->num_rows == 1) $exists = 2; } else { $result = $mysqli->query("SELECT email from users WHERE email = '{$email}' LIMIT 1"); if ($result->num_rows == 1) $exists = 3; } if ($exists == 1) echo "<p> Username already exists!</p> "; else if ($exists == 2) echo "<p> Username and Email already exists!</p> "; else if ($exists == 3) echo "<p> Email already exists!</p> "; else { # insert data into mysql database $sql = "INSERT INTO `users` (`id`, `username`, `password`, `first_name`, `last_name`, `email`) VALUES (NULL, '{$username}', '{$password}', '{$first_name}', '{$last_name}', '{$email}')"; if ($mysqli->query($sql)) { //echo "New Record has id ".$mysqli->insert_id; echo "<p> Registred successfully!</p> "; } else { echo "<p> MySQL error no {$mysqli->errno} : {$mysqli->error}</p> "; exit(); } } } ?> </body> </html>

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68

<html> <head> <title>User registration form- PHP MySQL Ligin System | W3Epic.com</title> </head> <body> <h1>User registration form- PHP MySQL Ligin System | W3Epic.com</h1> <?php require_once("db_const.php"); if (!isset($_POST['submit'])) { ?> <!-- The HTML registration form --> <form action="<?=$_SERVER['PHP_SELF']?>" method="post"> Username: <input type="text" name="username" /><br /> Password: <input type="password" name="password" /><br /> First name: <input type="text" name="first_name" /><br /> Last name: <input type="text" name="last_name" /><br /> Email: <input type="type" name="email" /><br />   <input type="submit" name="submit" value="Register" /> </form> <?php } else { ## connect mysql server $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME); # check connection if ($mysqli->connect_errno) { echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>"; exit(); } ## query database # prepare data for insertion $username = $_POST['username']; $password = $_POST['password']; $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $email = $_POST['email'];   # check if username and email exist else insert $exists = 0; $result = $mysqli->query("SELECT username from users WHERE username = '{$username}' LIMIT 1"); if ($result->num_rows == 1) { $exists = 1; $result = $mysqli->query("SELECT email from users WHERE email = '{$email}' LIMIT 1"); if ($result->num_rows == 1) $exists = 2; } else { $result = $mysqli->query("SELECT email from users WHERE email = '{$email}' LIMIT 1"); if ($result->num_rows == 1) $exists = 3; }   if ($exists == 1) echo "<p>Username already exists!</p>"; else if ($exists == 2) echo "<p>Username and Email already exists!</p>"; else if ($exists == 3) echo "<p>Email already exists!</p>"; else { # insert data into mysql database $sql = "INSERT  INTO `users` (`id`, `username`, `password`, `first_name`, `last_name`, `email`) VALUES (NULL, '{$username}', '{$password}', '{$first_name}', '{$last_name}', '{$email}')";   if ($mysqli->query($sql)) { //echo "New Record has id ".$mysqli->insert_id; echo "<p>Registred successfully!</p>"; } else { echo "<p>MySQL error no {$mysqli->errno} : {$mysqli->error}</p>"; exit(); } } } ?> </body> </html>

The Login Form

login.php

XHTML

<html> <head> <title>User Login Form - PHP MySQL Ligin System | W3Epic.com</title> </head> <body> <h1> User Login Form - PHP MySQL Ligin System | W3Epic.com</h1> <?php if (!isset($_POST['submit'])){ ?> <!-- The HTML login form --> <form action="<?=$_SERVER['PHP_SELF']?> " method="post"> Username: <input type="text" name="username" /><br /> Password: <input type="password" name="password" /><br /> <input type="submit" name="submit" value="Login" /> </form> <?php } else { require_once("db_const.php"); $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME); # check connection if ($mysqli->connect_errno) { echo "<p> MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p> "; exit(); } $username = $_POST['username']; $password = $_POST['password']; $sql = "SELECT * from users WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1"; $result = $mysqli->query($sql); if (!$result->num_rows == 1) { echo "<p> Invalid username/password combination</p> "; } else { echo "<p> Logged in successfully</p> "; // do stuffs } } ?> </body> </html>

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41

<html> <head> <title>User Login Form - PHP MySQL Ligin System | W3Epic.com</title> </head> <body> <h1>User Login Form - PHP MySQL Ligin System | W3Epic.com</h1> <?php if (!isset($_POST['submit'])){ ?> <!-- The HTML login form --> <form action="<?=$_SERVER['PHP_SELF']?>" method="post"> Username: <input type="text" name="username" /><br /> Password: <input type="password" name="password" /><br />   <input type="submit" name="submit" value="Login" /> </form> <?php } else { require_once("db_const.php"); $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME); # check connection if ($mysqli->connect_errno) { echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>"; exit(); }   $username = $_POST['username']; $password = $_POST['password'];   $sql = "SELECT * from users WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1"; $result = $mysqli->query($sql); if (!$result->num_rows == 1) { echo "<p>Invalid username/password combination</p>"; } else { echo "<p>Logged in successfully</p>"; // do stuffs } } ?> </body> </html>

Explanation: how this PHP MySQL login system work

At the beginning we created a simple registration form and stored some user information to MySQL database. Assume that each user has a unique username and email address (though we have not validated the registration form).
In the login form, we take a username and password combination from users. Then we query MySQL database with user given username and password combination. After that, if the combination is matched with any of users row, then we let the user logged in, otherwise show error to the user.
Hope this article helped you. If you need further help, please comment below.
Thank you!