Database Creation (database.sql)
CREATE DATABASE login_database;
USE login_database;
CREATE TABLE `tbl_admin` (
`id` INT AUTO_INCREMENT PRIMARY KEY,
`admin_user_name` VARCHAR(100) NOT NULL UNIQUE,
`admin_password` VARCHAR(255) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
-- Insert an admin account (hashed password for security)
INSERT INTO `tbl_admin` (`admin_user_name`, `admin_password`) VALUES
('admin', '$2y$10$D74Zy1qMkATvmGRoVeq7hed4ajWof2aqDGnEaD3yPHABA.p.e7f4u');
Database Connection (database_connection.php)
<?php
$host = "localhost";
$dbname = "login_database";
$username = "root";
$password = "";
// Create connection
try {
$connect = new PDO("mysql:host=$host;dbname=$dbname;charset=utf8mb4", $username, $password);
$connect->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
die("Database connection failed: " . $e->getMessage());
}
$base_url = "http://localhost/Login_Using_PHP/";
?>
Admin Login Page (login.php)
<?php
session_start();
if (isset($_SESSION["id"])) {
header("Location: index.php");
exit;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Admin Login</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js"></script>
</head>
<body style="background-image: url('background.png'); background-size: cover;">
<div class="container">
<div class="row justify-content-center mt-5">
<div class="col-md-4">
<div class="card">
<div class="card-header text-center">Admin Login</div>
<div class="card-body">
<form method="post" id="admin_login_form">
<div class="form-group">
<label>Username</label>
<input type="text" name="admin_user_name" id="admin_user_name" class="form-control">
<span id="error_admin_user_name" class="text-danger"></span>
</div>
<div class="form-group">
<label>Password</label>
<input type="password" name="admin_password" id="admin_password" class="form-control">
<span id="error_admin_password" class="text-danger"></span>
</div>
<div class="form-group">
<input type="submit" name="admin_login" id="admin_login" class="btn btn-info btn-block" value="Login">
</div>
</form>
<div id="login_message" class="text-danger text-center"></div>
</div>
</div>
</div>
</div>
</div>
<script>
$(document).ready(function(){
$('#admin_login_form').on('submit', function(event){
event.preventDefault();
$.ajax({
url: "check_admin_login.php",
method: "POST",
data: $(this).serialize(),
dataType: "json",
beforeSend: function(){
$('#admin_login').val('Validating...');
$('#admin_login').attr('disabled', 'disabled');
},
success: function(data) {
if (data.success) {
window.location.href = "index.php";
} else {
$('#login_message').text(data.error_message);
$('#admin_login').val('Login');
$('#admin_login').removeAttr('disabled');
}
}
});
});
});
</script>
</body>
</html>
Check Admin Login (check_admin_login.php)
<?php
session_start();
include('database_connection.php');
$response = ['success' => false, 'error_message' => ''];
if (!empty($_POST["admin_user_name"]) && !empty($_POST["admin_password"])) {
$admin_user_name = $_POST["admin_user_name"];
$admin_password = $_POST["admin_password"];
$query = "SELECT * FROM tbl_admin WHERE admin_user_name = :admin_user_name";
$statement = $connect->prepare($query);
$statement->execute(['admin_user_name' => $admin_user_name]);
if ($statement->rowCount() > 0) {
$row = $statement->fetch(PDO::FETCH_ASSOC);
if (password_verify($admin_password, $row["admin_password"])) {
$_SESSION["id"] = $row["id"];
$_SESSION["admin_user_name"] = $row["admin_user_name"];
$response['success'] = true;
} else {
$response['error_message'] = "Incorrect password.";
}
} else {
$response['error_message'] = "Username not found.";
}
} else {
$response['error_message'] = "All fields are required.";
}
echo json_encode($response);
?>
Dashboard (index.php)
<?php
session_start();
if (!isset($_SESSION["id"])) {
header("Location: login.php");
exit;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Admin Dashboard</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css">
</head>
<body>
<div class="container text-center mt-5">
<h2>Welcome, <?php echo htmlspecialchars($_SESSION["admin_user_name"]); ?>!</h2>
<a href="logout.php" class="btn btn-danger">Logout</a>
</div>
</body>
</html>
Logout (logout.php)
<?php
session_start();
session_destroy();
header("Location: login.php");
exit;
?>
Security Improvements:
✔ Password Hashing: Uses password_hash() and password_verify() for secure password storage.
✔ Prepared Statements: Prevents SQL injection attacks.
✔ Session Security: Only logged-in users can access the dashboard.
✔ AJAX Login Handling: Provides smooth validation and feedback without page reloads.
This is a secure, optimized, and fully functional login system for an admin panel. Let me know if you need modifications or enhancements!
