How to Create a PHP Login System for Your Website

Are you looking to integrate a login system in PHP? In this article, I show you how to do a basic login flow into PHP. We will create a login form, validate the credentials, and redirect the user on the account page. I would also add a code to log out the user. Additionally, we will display the error messages if the wrong credentials are entered.

For the sake of the tutorial, I assume you are using ‘md5’ hash for storing the password. I would write the code considering the md5 hash of a string. You may be using another algorithm. In that case, you need to change the query as per your algorithm.

In order to integrate the login flow, we need a database table that stores the user details. Against this table, we validate whether the user entered the correct credentials or not. If the user credentials are correct then only they should have access to the secured pages.

In my case, I have created a ‘users’ table and added some dummy entries. I also added a ‘status’ column which will be used to find out if an account is active or not. This column has ENUM data type with values 0 and 1.

  • 1 : Account is active
  • 0 : Account is not active

users

Create a Login Form

For getting started, let’s create a login form where users can enter their credentials. I am using a Bootstrap framework to build a login form. My index.php file contains the below code.

<!DOCTYPE html>
<html>
    <head>
        <title>Login Form</title>
        <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" />
    </head>
    <body>
        <div class="container">
            <div class="row">
                <div class="col-md-6">
                    <h3>Login Form</h3>
                    <?php if(!empty($error_message)) { ?>
                        <div class="alert alert-danger"><?php echo $error_message; ?></div>
                    <?php } ?>
                    <form method="post">
                        <div class="form-group">
                            <label for="exampleInputEmail1">Email address</label>
                            <input type="email" class="form-control" id="exampleInputEmail1" name="email" placeholder="Email" required />
                        </div>
                        <div class="form-group">
                            <label for="exampleInputPassword1">Password</label>
                            <input type="password" class="form-control" id="exampleInputPassword1" name="password" placeholder="Password" required />
                        </div>
                        <button type="submit" name="submit" class="btn btn-primary">Submit</button>
                    </form>
                </div>
            </div>
        </div>
    </body>
</html>

The above code will display the login form as shown in the below screenshot.

PHP Login System

I have added the variable $error_message in code which will print the login errors.

PHP Code to Validate Users Credentials

You are ready with the login form and database table. Next, on the submission of a form, we have to write PHP code which checks the user’s credentials against the database records. If the details are correct log the user into the system and redirect to myaccount.php page.

Create a config.php file and add a code for the database connection.

<?php
$conn = new mysqli('DB_HOST', 'DB_USER', 'DB_PASSWORD', 'DB_NAME');

if ($conn->connect_errno) {
    echo "Error: " . $conn->connect_error;
}
?>

Replace the placeholders with the actual values.

Now, in the index.php file before the start of html tag add the below code.

<?php
session_start();
 
require_once('config.php');
 
//if user is logged in redirect to myaccount page
if (isset($_SESSION['id'])) {
    header('Location: myaccount.php');
}
 
$error_message = '';
if (isset($_POST['submit'])) {

    extract($_POST);

    if (!empty($email) && !empty($password)) {
        $sql = "SELECT id, status FROM users WHERE email = '".$conn->real_escape_string($email)."' AND password = '".md5($conn->real_escape_string($password))."'";
        $result = $conn->query($sql);
 
        if ($result->num_rows > 0) {
            $row = $result->fetch_assoc();
            if($row['status']) {
                $_SESSION['id'] = $row['id'];
                header('Location: myaccount.php');
            } else {
                $error_message = 'Your account is not active yet.';
            }
        } else {
            $error_message = 'Incorrect email or password.';
        }
    } else {
        $error_message = 'Please enter email and password.';
    }
}
?>

Here in the code, while checking the password I used the PHP method md5 assuming you stored the password by using this algorithm.

Logout Code

The next part is adding code for logging out the user. For this, create myaccount.php file. One more thing needed to handle which is only logged in users should access this page.

myaccount.php

<?php
session_start();

if (isset($_GET['action']) && ('logout' == $_GET['action'])) {
    unset($_SESSION['id']);
}

if (isset($_SESSION['id'])) {
    ?>
    <h3>Welcome User ! <a href="?action=logout">Logout</a></h3>
    <?php
} else { //redirect to login page
    header('Location: index.php');
}
?>

Using PHP session we are figuring out whether to give access to this page or not. If the session is not set then redirect the user to the login page.

I hope you understand the basics of building a login system in PHP. Please share your thoughts and suggestions in the comment section below.

Related Articles

If you liked this article, then please subscribe to our YouTube Channel for video tutorials.

8 thoughts on “How to Create a PHP Login System for Your Website

  1. Hello,
    Thank you so much for your useful videos and tutorials. However I have a question. How do I connect the three “.php” files into one HTML ? I am having trouble with this.
    Thank you very much for your help

  2. Really like and appreciate your work. I am trying to incorporate your code into a web site I’m creating, but having some problems. I keep throwing the “incorrect username or password” error message even if I use a valid username and password in my database. I’m almost an intermediate using mysql, php, html and css, but was wondering if you might be able to take a look at my code?

  3. Hello Sir,
    i know only html & css, but not idea about php. Can you help by mention where to put my site detail in your login system & how.

Leave a Reply

Your email address will not be published. Required fields are marked *