Almost every mobile, desktop, and web application requires that users are authenticated before accessing services. When creating the login page, some developers focus more on the design and visual elements but forget implementing security measures.

Đang xem: Admin And User Login In Php And Mysql

A login system should avoid security breaches such as SQL injections or session hijacking. This can be achieved by using prepared statements, proper input validation, session management, password hashing, and other security practices when creating a login page.

In this article, you will learn how to create a secure PHP login page that can be used in any application.

Let’s break down the process of building a secure login page in PHP in a few simple, easy-to-follow steps.

Create a Login Form

The first step is creating an HTML login form that will accept login credentials from the user. You can use the code snippet below and place it in a new file named login.php

*

*

Style the Form

Next, we apply some additional CSS styling for headings and error messages. You can use the code snippet below as a basis for styling your form and the input fields.

*

*

Create User Table

The next step is creating a database that will store information for all registered users. Here, you will need access to MySQL using a database management application such as phpMyAdmin.

All you need to create is an accounts table with four columns for holding the user ID, username, email, and password.

You can use the following SQL statement to generate this table:

*

Connect to the Database

Once you’re done creating the user table, you need to create a PHP configuration script for connecting to the MySQL database.

To do so, place the following code in a new file named config.php

Here, you must replace the connection parameters with yours before testing the server connection.

Replace the database name “logintest” with your database name and username “root” with you database username. You must also specify the database password if any.

Implement the Login Functionality

Once you connect to the database successfully, you can now implement the authentication logic.

Here, start by checking whether the user supplied input in the log in form using the isset() method.

This returns an error if a user clicks the login button without filling the required fields.

Next, we add the code snippet to check whether the login credentials supplied by the user match those in our database.

Xem thêm:

Add this code at the top of the login.php file.

The password_verify function is also used for comparing email and password provided against those in the database. This helps prevent timing attacks during log in.

If the username and password combination do not match, the system returns an error.

Note how the PHP prepared statement in the above code is used to prevent SQL injection.

Create a Welcome Page

Next, use the code snippet below to create a welcome page where users are redirected after a successful login. You can name the file welcome.php

In the code sample above, the html specialchars() function is used to escape data before displaying it on the browser. This sanitizes input from the user that may contain malicious data intended to launch attacks.

All special characters are escaped to ensure the browser does not execute malicious scripts.

Add a Logout Script

Finally, we create a script that allows the user to sign out of the application. The logout script should destroy a live session and redirect users to the login page.

You can add the code below to a separate file and name it logout.php

At this point, you can test your login page in a browser and see how everything works.

You can also consider implementing additional logic that allows users to verify their email addresses, reset passwords, and more.

Level Up Coding

Coding tutorials and news.

Follow
207

3

207 claps

207 claps

3 responses

Written by

Sean Higgins

Follow

Entrepreneur (Or at least wanna be), Devops, Engineer, Gamer, Quora & Chill

Follow

Level Up Coding

Follow

Coding tutorials and news. The developer homepage darkedeneurope.com.com

Follow

Written by

Sean Higgins

Follow

Entrepreneur (Or at least wanna be), Devops, Engineer, Gamer, Quora & Chill

Level Up Coding

Follow

Coding tutorials and news. The developer homepage darkedeneurope.com.com

More From Medium

Here’s How It Really Feels to Own an Entire Bitcoin

Jessica Wildfire in Level Up Coding

The Types of Programmers I Don’t Want to Work with Again

keypressingmonkey in Level Up Coding

This is Why Software Developers Fail to Succeed in Their Career

Lokajit Tikayatray in Level Up Coding

A Beginner’s Guide to Cardano

Yitaek Hwang in Level Up Coding

I’m sending my M1 Apple back. It’s not ready yet.

Tom Clark in Level Up Coding

Measuring Developer Productivity | How to get it right?

Galaxy Weblinks in Level Up Coding

5 Things Great Developers Do Really Well

Manish Jain in Level Up Coding

Learn more.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Make Medium yours.

Xem thêm: Phần Mềm Ubusb – Phần Mềm Test Usb Boot, Đĩa Boot Và File Iso

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

Share your thinking.

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *