Step 1: Database Setup (config.php)
Create a MySQL database and a users table. Then, create a config.php file to handle the database connection.
config.php
<?php
// Database connection
$host = "localhost"; // Change if needed
$user = "root"; // Your DB username
$pass = ""; // Your DB password
$db_name = "auth_system"; // Your DB name
$con = mysqli_connect($host, $user, $pass, $db_name);
// Check connection
if (!$con) {
die("Connection failed: " . mysqli_connect_error());
}
?>
Create MySQL Table
Run this SQL query in your database:
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
email VARCHAR(255) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
Step 2: Registration Backend (php_register.php)
Handles form submission and stores user data securely.
php_register.php
<?php
require_once "config.php";
$email = $password = $confirm_password = "";
$email_err = $password_err = $confirm_password_err = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Validate email
if (empty(trim($_POST["email"]))) {
$email_err = "Please enter an email.";
} else {
$sql = "SELECT id FROM users WHERE email = ?";
if ($stmt = mysqli_prepare($con, $sql)) {
mysqli_stmt_bind_param($stmt, "s", $param_email);
$param_email = trim($_POST["email"]);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
if (mysqli_stmt_num_rows($stmt) > 0) {
$email_err = "This email is already taken.";
} else {
$email = trim($_POST["email"]);
}
mysqli_stmt_close($stmt);
}
}
// Validate password
if (empty(trim($_POST["password"]))) {
$password_err = "Please enter a password.";
} elseif (strlen(trim($_POST["password"])) < 6) {
$password_err = "Password must have at least 6 characters.";
} else {
$password = trim($_POST["password"]);
}
// Validate confirm password
if (empty(trim($_POST["confirm_password"]))) {
$confirm_password_err = "Please confirm password.";
} else {
$confirm_password = trim($_POST["confirm_password"]);
if ($password != $confirm_password) {
$confirm_password_err = "Password did not match.";
}
}
// Insert user into database
if (empty($email_err) && empty($password_err) && empty($confirm_password_err)) {
$sql = "INSERT INTO users (email, password) VALUES (?, ?)";
if ($stmt = mysqli_prepare($con, $sql)) {
$param_password = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "ss", $email, $param_password);
if (mysqli_stmt_execute($stmt)) {
header("location: login.php");
} else {
echo "Something went wrong. Please try again.";
}
mysqli_stmt_close($stmt);
}
}
mysqli_close($con);
}
?>
Step 3: Registration Form (register.php)
register.php
<?php require_once "php_register.php"; ?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Register</title>
</head>
<body>
<h2>Sign Up</h2>
<form action="<?= htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<label>Email</label>
<input type="email" name="email" value="<?= $email; ?>">
<span><?= $email_err; ?></span>
<label>Password</label>
<input type="password" name="password">
<span><?= $password_err; ?></span>
<label>Confirm Password</label>
<input type="password" name="confirm_password">
<span><?= $confirm_password_err; ?></span>
<button type="submit">Register</button>
</form>
<p>Already have an account? <a href="login.php">Login here</a>.</p>
</body>
</html>
Step 4: Login Backend (php_login.php)
php_login.php
<?php
session_start();
require_once "config.php";
$email = $password = "";
$email_err = $password_err = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty(trim($_POST["email"]))) {
$email_err = "Please enter email.";
} else {
$email = trim($_POST["email"]);
}
if (empty(trim($_POST["password"]))) {
$password_err = "Please enter password.";
} else {
$password = trim($_POST["password"]);
}
if (empty($email_err) && empty($password_err)) {
$sql = "SELECT id, email, password FROM users WHERE email = ?";
if ($stmt = mysqli_prepare($con, $sql)) {
mysqli_stmt_bind_param($stmt, "s", $param_email);
$param_email = $email;
if (mysqli_stmt_execute($stmt)) {
mysqli_stmt_store_result($stmt);
if (mysqli_stmt_num_rows($stmt) == 1) {
mysqli_stmt_bind_result($stmt, $id, $email, $hashed_password);
if (mysqli_stmt_fetch($stmt)) {
if (password_verify($password, $hashed_password)) {
session_regenerate_id(true);
$_SESSION["loggedin"] = true;
$_SESSION["id"] = $id;
$_SESSION["email"] = $email;
header("location: welcome.php");
} else {
$password_err = "Invalid password.";
}
}
} else {
$email_err = "No account found.";
}
}
mysqli_stmt_close($stmt);
}
}
mysqli_close($con);
}
?>
Step 5: Login Form (login.php)
<?php require_once "php_login.php"; ?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Login</title>
</head>
<body>
<h2>Login</h2>
<form action="<?= htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<label>Email</label>
<input type="email" name="email" value="<?= $email; ?>">
<span><?= $email_err; ?></span>
<label>Password</label>
<input type="password" name="password">
<span><?= $password_err; ?></span>
<button type="submit">Login</button>
</form>
<p>Don't have an account? <a href="register.php">Sign up</a>.</p>
</body>
</html>
Step 6: Welcome Page (welcome.php)
<?php
session_start();
if (!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true) {
header("location: login.php");
exit;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Welcome</title>
</head>
<body>
<h2>Welcome, <?= htmlspecialchars($_SESSION["email"]); ?>!</h2>
<a href="logout.php">Logout</a>
</body>
</html>
Step 7: Logout (logout.php)
<?php
session_start();
$_SESSION = array();
session_destroy();
header("location: login.php");
exit;
?>
Your authentication system is ready!
Let me know if you need improvements like password reset, email verification, or "Remember Me" login.
Click to Download Admin Template
