PHP Login System Reloaded

Update: There’s a new version of this Login Script. Here’s a PHP Login System, based on the one developed by jpmaster77: PHP Login System with Admin Features Focusing only on […]

Update: There’s a new version of this Login Script.

Here’s a PHP Login System, based on the one developed by jpmaster77: PHP Login System with Admin Features
Focusing only on the core functionalities and aimed to improve certain parts of the code, I took out some functionalities and added some others:

Removed:

  • Admin features
  • Active guests, active users, banned users
  • Global variables
  • Links to other pages after the login

All these can be easily reintegrated if you want. I focused on the login and registration part, leaving out the content “inside”.

Added:

  • PHP 5 instead of PHP 4
  • mysqli extension
  • Send registration confirmation link to the email address
  • Reset password feature without sending password to the email. Instead a link is sent to reset the password
  • UTF8 support
  • InnoDB transactions for database operations
  • Registration and form validations made with AJAX
  • jQuery
  • Captcha image in registration form to avoid spam

Here are the most important settings for the installation of the login system.
Set database access in constants.php:

define("DB_SERVER", "localhost");	//type mysql server url
define("DB_USER", "XXXXXXX");		//type mysql user
define("DB_PASS", "XXXXXXX");		//type mysql password
define("DB_NAME", "XXXXXXX");		//type mysql database name

Further, you have to set the right location of the following files for the mail sending functions:

define("RESETPASSWORDLINK","http://www.tympanus.net/loginsystem/resetpassword.php");
define("CONFIRMACCOUNTLINK","http://www.tympanus.net/loginsystem/php/confirm.php");

The only table that you have to create in your MySQL database is the following:

CREATE TABLE users(
pk_user int unsigned not null auto_increment,
email 	varchar(120) not null,
flname varchar(100) not null,
password varchar(64) not null,
usr_signup_date timestamp not null default CURRENT_TIMESTAMP,
usr_userid varchar(32),
# for the account confirmation:
usr_confirm_hash varchar(255) not null,
# after confirming its set to 1:
usr_is_confirmed tinyint(1) not null default 0,
# when the user resets password (forgot password):
usr_resetpassword_hash varchar(255) not null,
unique index(email),
primary key(pk_user)
)type=innodb DEFAULT CHARACTER SET utf8	COLLATE utf8_general_ci;

I will soon post a new version, as I am currently improving some points.

See a demo here: PHP Login System Demo

You can download the source code here: PHP Login System ZIP

Tagged with:

chadking

Chadking is an absolute geek that rarely leaves the comfort of his 3-screen desk. He is a self taught programmer and is addicted to all possible legal drugs.

Stay up to date with the latest web design and development news and relevant updates from Codrops.

Feedback 71

Comments are closed.
  1. Hello,
    This is great! Very nice work! Thank you!
    I noticed that when resetting the password, the new password is converted to lowercase. (See line 228 and 229 in core.php).
    What points are you improving for the next version?
    Greetings!

    • Hi Roberte, thank you very much and you are very welcome!
      You were right, I already corrected that bug, and I updated the new version.
      For the next version, I’m currently reading about some php security issues which I would want to apply here. Also I want to do the following:

      1. Add more field types for the registration form
      2. Add back an improved version of the account editing for the user after logging in
      3. Improve the error handling
      4. Try to integrate some log functionality
      5. Try to improve some issues like the jquery code which I just started to use recently
      6. Additionally I’am currently implementing a simple script where the user registers and gets all his email contacts using the PHP library of OpenInviter.

      If you have any other ideas, please give me some feedback.

    • Hi,
      I´m not sure what you want to do, do you want all users to be redirected to one specific url, or do you want that according to the user that logs in one of several urls can be set? If you want only one then you should put something like header("Location: url to be redirected"); instead of header("Location: ".$this->referrer); in the processLogin function of core.php. If you have some criteria then I would suggest that you define the urls in the database, make some relation with the users, and then in that same function you could get the url for that User and redirect him.

  2. Hi chadking
    lemi give u thumbs up for ur time and effort! but i got a big problem.
    from JP login system; which should be the start-up page, coz it turns out that all the pages(files) from my server, i click on, brings errors, and these errors seem to be scripts from page for instant. if i click on main.php it brings something like this: and this is the same with the rest.

    logged_in){ echo ”
    Logged In
    “; echo “Welcome $session->username, you are logged in.

    ” .”[username\”>My Account] ” .”[Edit Account] “; if($session->isAdmin()){ echo “[Admin Center] “; } echo “[Logout]”; } else{ ?>
    Login
    num_errors > 0){ echo “”.$form->num_errors.” error(s) found”; } ?>
    Username: “> error(“user”); ?>
    Password: “> error(“pass”); ?>
    value(“remember”) != “”){ echo “checked”; } ?>> Remember me next time

    [Forgot Password?]

    Not registered? Sign-Up!

    “; echo “Member Total: “.$database->getNumMembers().”
    “; echo “There are $database->num_active_users registered members and “; echo “$database->num_active_guests guests viewing the site.

    “; include(“include/view_active.php”); ?>

    surprisingly i haven’t changed anything, i just used the folder he gave as an attachment.so am wondering if there is a place to begin from so that it follows the right processs.

    Back to your script;

    with the table, do i create the table you gave along with other tables in JPs system or I a just going to have completely one table here (users)?

    pls let me know if i am supposed to modify anything.

    thank you.

    • Hi gabriella, thank you.
      This script dosnt have any dependencies of the JP login system. So you dont need to modify anything, and for the database you just need that table. Just dont forget to change the constants.php like I explain in the post.
      About the problem you have with the JP script it seems that your php code is being displayed in the browser, which seems to me some kind of problem with your apache or php installation. Maybe you can take a look here or here.
      greetings.

  3. Thank you chadkid for the quick response.
    To the solution u gave me i mean two links. one was asking for php5ts.dll moved to system32 which is okay. and php.ini moved to windows. in mycase, instead of php.ini, i got php.ini-dist and php.ini-recommended. so should i move both of the .ini files?

    another solution was using the standard .php that is changing file extension to a .php. files. Now so far i have seen/been working with all files saved with a .php extension or which extension do they mean?

    Best regards.

  4. Hi chadking,

    Thanks for the fast response. Redirect with htaccess? What is the code you used?

    Greets

    • Hi,
      In my case I did in htaccess:
      RewriteCond %{HTTP_HOST} ^tympanus.net$ RewriteRule ^loginsystem\/public_html\/index\.php$ "http\:\/\/www\.tympanus\.net\/loginsystem\/public_html\/index\.php" [R=301,L]
      hope it helps,
      greetings

  5. Hi chadking.

    i finally got the solution to my problem it actually had nothing to sever settings. some servers dont accept the short form in php opener (

    define(“RESETPASSWORDLINK”,”http://www.tympanus.net/loginsystem/resetpassword.php”); to

    define(“RESETPASSWORDLINK”,”http://localhost/loginsystem/resetpassword.php”); ???

  6. Hi,

    Thank you very much for making this great script. I have a few requests if you dont mind. Is it possible to shorten the link that you recieve when you are emailed? At the moment the link is massive!

    Is it possible to re-implement the admincp, and the links when you are in your usercp dont do anything (like edit details). When you register it would be nice to have to type in your email and password twice, and then have it check to see if its the same.

    Thank you again for this script, I look forward to an update.

    • Hi! Thanks,

      I will soon update the login script, probably next week… I was wondering of adding features like the ones I described in one of the comments here. I will also do what James suggests. if any of you guys have any other ideas or suggestions for the script, or for something further please let me know.
      Greetings

  7. Thank you for your reply. Im happy to donate too if you can release the update, thanks again for improving an already brilliant script.

  8. I dont know much about php but it would be good if it redirected to a members folder after login if successfull, and also it would be good if we didnt need the htaccess rewrite, not sure if thats possible.

  9. hello sir, chadking,
    im student. i just download your script and go through that. nice work sir :).
    i just want to knw sir is this work in localhost(WAMP) server? if it is what are the chanres i’ll want to make 🙂
    have nice time wit your workings sir

    • 🙂 call me chad!
      I tried with xampp and it works. You need to modify the constants.php file. You should have something like this:

      define("DB_SERVER", "localhost"); define("DB_USER", "root"); //probably root if you didnt configure define("DB_PASS", ""); //probably empty if you didnt configure define("DB_NAME", "XXXXXXX"); //your local mysql database name ... define("RESETPASSWORDLINK","http://localhost/loginsystem/resetpassword.php"); define("CONFIRMACCOUNTLINK","http://localhost/loginsystem/php/confirm.php");

      However (and with xampp), for sending the emails to confirm the account or reset the password:

      XAMPP doesn’t include a mail server. If you have access to an SMTP server that is wide open (as can be the case in some intranets) you can use SSMTP which is a simple and lightweight solution. Otherwise you need to install Postfix or something similar to provide proper support for outbound mail from php. The tricky part is configuring the local SMTP service to properly communicate with your “real” SMTP host out there somewhere.

      greetings

  10. in addition sir, i change constants.php as you sad.
    define(“DB_SERVER”, “localhost”); //my server url
    define(“DB_USER”, “root”); //my mysql user
    define(“DB_PASS”, “”); //no mysql password
    define(“DB_NAME”, “daka”); //my mysql database name

    after that, im also get the error

    logged_in){ echo ”
    Logged In
    “; echo “Welcome $session->username, you are logged in.

    ” .”[username\”>My Account] ” .”[Edit Account] “; if($session->isAdmin()){ echo “[Admin Center] “; } echo “[Logout]“; } else{ ?>
    Login
    num_errors > 0){ echo “”.$form->num_errors.” error(s) found”; } ?>
    Username: “> error(”user”); ?>
    Password: “> error(”pass”); ?>
    value(”remember”) != “”){ echo “checked”; } ?>> Remember me next time

    [Forgot Password?]

    Not registered? Sign-Up!

    “; echo “Member Total: “.$database->getNumMembers().”
    “; echo “There are $database->num_active_users registered members and “; echo “$database->num_active_guests guests viewing the site.

    “; include(”include/view_active.php”); ?>

    • Hi again,
      I think thats the same problem reported here before, you need to replace the <? for <?php in the beggining of the php files.
      greetings

  11. thanx a lot chad…… i’ll neverforget this help… im goin back to workings..i hope this tym it might be work
    🙂

  12. i would like to see admin features implemented again. thanks

    also, try to remove all jquery and make it simple and minimal

  13. Hi Chad,
    Please keep the jQuery, it is great!
    You did a great job with the functionalities you removed, and the ones you added. It is very nice to have a script stripped down to the most fundamental features.
    I agree with James about having to type in email and password twice, and then check to see if they match.
    I look forward to seeing the next update.
    Thanks again!

  14. dear sir chadking,
    i would like to further develop this login script for my assignment. can i have your assistance for this..

    • Hi,
      if you have concrete questions or doubts about the login script, sure, I can help you.

      P.S. Don’t get caught 😀

  15. dear sir, i am having problems inplementing this because after the initial config. the public page displays all the variables, and when i click the login button it shows a ton of code

    • Hi,
      you need to replace the <? for <?php in the beggining of the php files. if you want just download the source again because I just corrected that.
      greetings

  16. dear sir,

    i am stil lencountering that error. there were some tagg where you havent added the php part

  17. Dear sir,
    I fixed the problem there are lot of <? in da index or login page. which needs to be replaced plus i have missed some of the <? tags . now the real fight begins to add features for this:D

  18. how to i configure the mailer settings for smtp and can u use the phpmailer for this. what would be the best option

  19. Hi,
    I’m not sure if I can help you with that. i didnt do much in my local machine. I tried with xampp once and I remember that no mail server is configured or it doesnt actually include one. I guess you have to try to find out how to install one if you want to run this system locally. Maybe somebody that posted here can give us a tip!?
    greetings

  20. oh and one more thing sir..can u give me some good tips to learn jqquery. because i am at a beginner level, when it comes to jquery

  21. This is such great timing for me. I have a project that could really use this and I stumbled onto your site after checking out the original login script. I’m wondering three things that maybe you would be able to help with.

    First, how do I add back in the edit account feature.

    Second, is there a way to mass-register a list of users and then send them an email with their username and password?

    Third, I need to use the My Account link to load a user-specific HTML page.

    I would love any help you could give me and if it’s complicated I would be interested in hiring you to work on it with me. If you are interested please shoot me an email.

    Thanks for the great script!

  22. hello again Mr chad,
    thanx for your helpful and valuble helps 🙂
    if u free enough to answer i may want to know how can i add more features to like
    First name
    Last name
    address
    ….etc
    to our registation form i already add those feialds to data base i just want to knw how can i link those with my web site. 🙂

    greetings!!!!! 😉

    • Hi,
      In the next version, I will put more fields in the registration form. I will update the script this week. Anyway if you wish to do that by yourself, here’s the list of steps you should do:

      1. register/index.php
      add all fields in the html form that you want. Check how the email is done.
      2. php/core.php
      you have to change the functions “processRegisterx” and “__register” to include these new fields, and to make the validations if you wish so.
      3. php/dbcontroller.php
      you have to change the function “dbregister” to include these new fields.

      greetings

  23. I tried using the source code on my server but it seems that the captcha isnt working it just prints the link but no image any ide how to fix it

    btw: a great script got even better

    • Hi Rick,
      do you have the same directory structure like in the downloaded file? Did you change something or removed perhaps some folder? Can you check with firebug the src attribute of the picture? Should be something like “../images/captcha/image.jpg?1253140450”!?
      greetings

  24. Pingback: PHP Login System Reloaded v1.1 | Codrops

  25. Hi Chad.

    Is there a way that we configure our system to confirm registration locally ie if one is working on a localhost and i av not hosted my site to an external domain ie with a .com, .net etc?
    this is because i av realized that the registration process does not accept an address like… me@localhost it gives a reply as invalid address.

    find something since i need to be confirmed locally coz my mailsever is local therefore cannot send to an external domain.

    another thing, is there away i can delete data from table eg. the registration info name,email and password?

    answer to SMTP setup
    ; Setup for Windows systems
    SMTP = smtp.my.isp.net or localhost
    sendmail_from = me@myserver.com or @localhost

    Setup for Linux systems
    sendmail_path = /usr/sbin/sendmail -t
    sendmail_from = me@myserver.com

    find php.ini and make the changes.

    Thank you.

  26. dear sir, chad

    I am having dificulty finding a “forum” script..with the admin power to edit the forum. and members to post. can u help me to find one.

    thnk u!

  27. Hi,
    As far as I understood you want that the User is redirected to the retricted.php after the login? In that case you could do something like

    I use if(!$session->logged_in)
    {
    header(”Location: login/main.php”) <= Login script } else header(”Location: xxx/restricted.php”); Is it this that you want?

  28. Hi,

    No.

    Using JP script, when user is authenticated successfully, he will be remained in his user profile (edit, logout, etc).

    The flow I would like to have is:
    when accessing url a (if not logged in) -> login -> back to url a
    when accessing url b (if not logged in) -> login -> back to url b

    hope this is clear.

    Rgds,
    Francis

    • Hi,

      I would use SESSION variables to store the url that the User wanted to go. So, if the User types xxxx/restricted.php you do:

      if isLoggedIn{ show page... } else{ $_SESSION['page'] = $_SERVER['PHP_SELF']; header("Location: public_html/index.php");//this goes back to login }

      then after the User is logged in (in my script he goes back to public_html/index.php) you check:

      if isLoggedIn{ if isset $_SESSION['page'] then header("Location:".$_SESSION['page']); else show the user profile page } else{ show the login form }

      greetings

  29. hi

    I try to use this script (only the php actions) on my site.

    root->-index.html
    ->/login (your script)

    I can put the forms in my site, but when i press login, he redirect to the register page, and I cant login.
    is it also possible to register without mail, but with a master password? (so I need to give a pass before they can register?)
    thanks, any info is welkom

  30. HI! The script is incredible.
    The only problem i have is to make captcha part working at the registration form!
    Is anybody have any idea what might be wrong? I would kindly appreciate any help!

  31. Hello. I just started configure this script pack, hope it will work perfect!
    @ Elena, you should define your problem and i’m sure they will help you out:)

    Free unlimited host offer active at dawnforged.com be quick!

  32. guys, why not using the updated version of this script? The captcha there is much better!
    cheers

  33. who can help me to put his login script into my website?:(it.s really good,but i don.t now how i can install him!if anibody can help me,add me to yahoo. dddimoncic ths a lot!

  34. What i actualy mean is that, submited values that came from form textbox and so on, I want to use to get submited forms data to email address without having a database.

    I need guild on it pls

    Expecting…

  35. hello,
    seem to get a jquery problem, when hitting register button, the green ajax status bar keeps flashing infinitely although the registration data is being recorded to sql tables correctly, but the green status bar just does not disappear and keeps flashing…hope that’s not too confusing…i wonder what could be the cause of the problem. thanks!

  36. I have created another field in the users database called ‘userid1’ and set it to autoincrument.

    I would like to make this available to when the session starts so that I can track my users.

    how can I do that so it is available for me to see like their user name.

    cheers and thanks for your great work

  37. Helo. I have a problem. In the registration and “password forget” if i click to the “Register” or “Send” button, nothing happen. Only the ajax loader image plays again and again. Not show an error or go a next page. Why. Here my registration button part:

    Back
    Registration

    Please help 🙂