From our sponsor: Ready to show your plugin skills? Enter the Penpot Plugins Contest (Nov 15-Dec 15) to win cash prizes!
Update: There’s a new version of this Login Script.
Here’s a PHP Login System, based on the one developed by jpmaster77: PHP Login System with Admin Features
Focusing only on the core functionalities and aimed to improve certain parts of the code, I took out some functionalities and added some others:
Removed:
- Admin features
- Active guests, active users, banned users
- Global variables
- Links to other pages after the login
All these can be easily reintegrated if you want. I focused on the login and registration part, leaving out the content “inside”.
Added:
- PHP 5 instead of PHP 4
- mysqli extension
- Send registration confirmation link to the email address
- Reset password feature without sending password to the email. Instead a link is sent to reset the password
- UTF8 support
- InnoDB transactions for database operations
- Registration and form validations made with AJAX
- jQuery
- Captcha image in registration form to avoid spam
Here are the most important settings for the installation of the login system.
Set database access in constants.php:
define("DB_SERVER", "localhost"); //type mysql server url define("DB_USER", "XXXXXXX"); //type mysql user define("DB_PASS", "XXXXXXX"); //type mysql password define("DB_NAME", "XXXXXXX"); //type mysql database name
Further, you have to set the right location of the following files for the mail sending functions:
define("RESETPASSWORDLINK","http://www.tympanus.net/loginsystem/resetpassword.php"); define("CONFIRMACCOUNTLINK","http://www.tympanus.net/loginsystem/php/confirm.php");
The only table that you have to create in your MySQL database is the following:
CREATE TABLE users( pk_user int unsigned not null auto_increment, email varchar(120) not null, flname varchar(100) not null, password varchar(64) not null, usr_signup_date timestamp not null default CURRENT_TIMESTAMP, usr_userid varchar(32), # for the account confirmation: usr_confirm_hash varchar(255) not null, # after confirming its set to 1: usr_is_confirmed tinyint(1) not null default 0, # when the user resets password (forgot password): usr_resetpassword_hash varchar(255) not null, unique index(email), primary key(pk_user) )type=innodb DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
I will soon post a new version, as I am currently improving some points.
See a demo here: PHP Login System Demo
You can download the source code here: PHP Login System ZIP
Tiny break: 📬 Want to stay up to date with frontend and trends in web design? Subscribe and get our Collective newsletter twice a tweek.
Hello,
This is great! Very nice work! Thank you!
I noticed that when resetting the password, the new password is converted to lowercase. (See line 228 and 229 in core.php).
What points are you improving for the next version?
Greetings!
Hi Roberte, thank you very much and you are very welcome!
You were right, I already corrected that bug, and I updated the new version.
For the next version, I’m currently reading about some php security issues which I would want to apply here. Also I want to do the following:
1. Add more field types for the registration form
2. Add back an improved version of the account editing for the user after logging in
3. Improve the error handling
4. Try to integrate some log functionality
5. Try to improve some issues like the jquery code which I just started to use recently
6. Additionally I’am currently implementing a simple script where the user registers and gets all his email contacts using the PHP library of OpenInviter.
If you have any other ideas, please give me some feedback.
hello,
also, i`d like to redirect users to a specific url after logging in. how to do that?
Hi,
I´m not sure what you want to do, do you want all users to be redirected to one specific url, or do you want that according to the user that logs in one of several urls can be set? If you want only one then you should put something like
header("Location: url to be redirected");
instead ofheader("Location: ".$this->referrer);
in the processLogin function of core.php. If you have some criteria then I would suggest that you define the urls in the database, make some relation with the users, and then in that same function you could get the url for that User and redirect him.Hi chadking
lemi give u thumbs up for ur time and effort! but i got a big problem.
from JP login system; which should be the start-up page, coz it turns out that all the pages(files) from my server, i click on, brings errors, and these errors seem to be scripts from page for instant. if i click on main.php it brings something like this: and this is the same with the rest.
logged_in){ echo ”
Logged In
“; echo “Welcome $session->username, you are logged in.
” .”[username\”>My Account] ” .”[Edit Account] “; if($session->isAdmin()){ echo “[Admin Center] “; } echo “[Logout]”; } else{ ?>
Login
num_errors > 0){ echo “”.$form->num_errors.” error(s) found”; } ?>
Username: “> error(“user”); ?>
Password: “> error(“pass”); ?>
value(“remember”) != “”){ echo “checked”; } ?>> Remember me next time
[Forgot Password?]
Not registered? Sign-Up!
“; echo “Member Total: “.$database->getNumMembers().”
“; echo “There are $database->num_active_users registered members and “; echo “$database->num_active_guests guests viewing the site.
“; include(“include/view_active.php”); ?>
surprisingly i haven’t changed anything, i just used the folder he gave as an attachment.so am wondering if there is a place to begin from so that it follows the right processs.
Back to your script;
with the table, do i create the table you gave along with other tables in JPs system or I a just going to have completely one table here (users)?
pls let me know if i am supposed to modify anything.
thank you.
Hi gabriella, thank you.
This script dosnt have any dependencies of the JP login system. So you dont need to modify anything, and for the database you just need that table. Just dont forget to change the constants.php like I explain in the post.
About the problem you have with the JP script it seems that your php code is being displayed in the browser, which seems to me some kind of problem with your apache or php installation. Maybe you can take a look here or here.
greetings.
Thank you chadkid for the quick response.
To the solution u gave me i mean two links. one was asking for php5ts.dll moved to system32 which is okay. and php.ini moved to windows. in mycase, instead of php.ini, i got php.ini-dist and php.ini-recommended. so should i move both of the .ini files?
another solution was using the standard .php that is changing file extension to a .php. files. Now so far i have seen/been working with all files saved with a .php extension or which extension do they mean?
Best regards.
Very very nice! I keep having one “problem” after login in. If i login at for example a page that looks like this http://www.example.com/login.php and then visit the site http://example.com/login.php (without www) I have to login again and vice versa (if i visit site with www after logging in without www). Do you have any idea how to fix this?
Thanks
Hi MikD,
In detail I dont know exactly the cause of it, I need to make some research. Anyway, the way you can solve that is redirecting (with a redirect rule) your http://example.com/… to http://www.example.com/… . I just did that here and it works now, so if you type http://tympanus.net/loginsystem/public_html/index.php it will redirect you to http://www.tympanus.net/loginsystem/public_html/index.php.
Greetings
Hi chadking,
Thanks for the fast response. Redirect with htaccess? What is the code you used?
Greets
Hi,
In my case I did in htaccess:
RewriteCond %{HTTP_HOST} ^tympanus.net$ RewriteRule ^loginsystem\/public_html\/index\.php$ "http\:\/\/www\.tympanus\.net\/loginsystem\/public_html\/index\.php" [R=301,L]
hope it helps,
greetings
Thanks 🙂
Hi chadking.
i finally got the solution to my problem it actually had nothing to sever settings. some servers dont accept the short form in php opener (
define(“RESETPASSWORDLINK”,”http://www.tympanus.net/loginsystem/resetpassword.php”); to
define(“RESETPASSWORDLINK”,”http://localhost/loginsystem/resetpassword.php”); ???
Hi,
Thank you very much for making this great script. I have a few requests if you dont mind. Is it possible to shorten the link that you recieve when you are emailed? At the moment the link is massive!
Is it possible to re-implement the admincp, and the links when you are in your usercp dont do anything (like edit details). When you register it would be nice to have to type in your email and password twice, and then have it check to see if its the same.
Thank you again for this script, I look forward to an update.
I agree with James. Id be happy to donate for something like this!
Hi! Thanks,
I will soon update the login script, probably next week… I was wondering of adding features like the ones I described in one of the comments here. I will also do what James suggests. if any of you guys have any other ideas or suggestions for the script, or for something further please let me know.
Greetings
Thank you for your reply. Im happy to donate too if you can release the update, thanks again for improving an already brilliant script.
I dont know much about php but it would be good if it redirected to a members folder after login if successfull, and also it would be good if we didnt need the htaccess rewrite, not sure if thats possible.
hello sir, chadking,
im student. i just download your script and go through that. nice work sir :).
i just want to knw sir is this work in localhost(WAMP) server? if it is what are the chanres i’ll want to make 🙂
have nice time wit your workings sir
🙂 call me chad!
I tried with xampp and it works. You need to modify the constants.php file. You should have something like this:
define("DB_SERVER", "localhost"); define("DB_USER", "root"); //probably root if you didnt configure define("DB_PASS", ""); //probably empty if you didnt configure define("DB_NAME", "XXXXXXX"); //your local mysql database name ... define("RESETPASSWORDLINK","http://localhost/loginsystem/resetpassword.php"); define("CONFIRMACCOUNTLINK","http://localhost/loginsystem/php/confirm.php");
However (and with xampp), for sending the emails to confirm the account or reset the password:
greetings
in addition sir, i change constants.php as you sad.
define(“DB_SERVER”, “localhost”); //my server url
define(“DB_USER”, “root”); //my mysql user
define(“DB_PASS”, “”); //no mysql password
define(“DB_NAME”, “daka”); //my mysql database name
after that, im also get the error
logged_in){ echo ”
Logged In
“; echo “Welcome $session->username, you are logged in.
” .”[username\”>My Account] ” .”[Edit Account] “; if($session->isAdmin()){ echo “[Admin Center] “; } echo “[Logout]“; } else{ ?>
Login
num_errors > 0){ echo “”.$form->num_errors.” error(s) found”; } ?>
Username: “> error(”user”); ?>
Password: “> error(”pass”); ?>
value(”remember”) != “”){ echo “checked”; } ?>> Remember me next time
[Forgot Password?]
Not registered? Sign-Up!
“; echo “Member Total: “.$database->getNumMembers().”
“; echo “There are $database->num_active_users registered members and “; echo “$database->num_active_guests guests viewing the site.
“; include(”include/view_active.php”); ?>
Hi again,
I think thats the same problem reported here before, you need to replace the <? for <?php in the beggining of the php files.
greetings
thanx a lot chad…… i’ll neverforget this help… im goin back to workings..i hope this tym it might be work
🙂
i would like to see admin features implemented again. thanks
also, try to remove all jquery and make it simple and minimal
and why would you want me to remove the jQuery part??
greetings
Hi Chad,
Please keep the jQuery, it is great!
You did a great job with the functionalities you removed, and the ones you added. It is very nice to have a script stripped down to the most fundamental features.
I agree with James about having to type in email and password twice, and then check to see if they match.
I look forward to seeing the next update.
Thanks again!
dear sir chadking,
i would like to further develop this login script for my assignment. can i have your assistance for this..
Hi,
if you have concrete questions or doubts about the login script, sure, I can help you.
P.S. Don’t get caught 😀
thank you sir. i shall do. will do sir:D.
dear sir, i am having problems inplementing this because after the initial config. the public page displays all the variables, and when i click the login button it shows a ton of code
Hi,
you need to replace the <? for <?php in the beggining of the php files. if you want just download the source again because I just corrected that.
greetings
thank you very much. i shall try that now. i actually did that only for the index files.
dear sir,
i am stil lencountering that error. there were some tagg where you havent added the php part
Dear sir,
I fixed the problem there are lot of <? in da index or login page. which needs to be replaced plus i have missed some of the <? tags . now the real fight begins to add features for this:D
how to i configure the mailer settings for smtp and can u use the phpmailer for this. what would be the best option
Hi,
I’m not sure if I can help you with that. i didnt do much in my local machine. I tried with xampp once and I remember that no mail server is configured or it doesnt actually include one. I guess you have to try to find out how to install one if you want to run this system locally. Maybe somebody that posted here can give us a tip!?
greetings
oh and one more thing sir..can u give me some good tips to learn jqquery. because i am at a beginner level, when it comes to jquery
Hi,
well you can start by reading this : http://docs.jquery.com/Tutorials
From there you will find some other good resources on the web,
greetings
This is such great timing for me. I have a project that could really use this and I stumbled onto your site after checking out the original login script. I’m wondering three things that maybe you would be able to help with.
First, how do I add back in the edit account feature.
Second, is there a way to mass-register a list of users and then send them an email with their username and password?
Third, I need to use the My Account link to load a user-specific HTML page.
I would love any help you could give me and if it’s complicated I would be interested in hiring you to work on it with me. If you are interested please shoot me an email.
Thanks for the great script!
hello again Mr chad,
thanx for your helpful and valuble helps 🙂
if u free enough to answer i may want to know how can i add more features to like
First name
Last name
address
….etc
to our registation form i already add those feialds to data base i just want to knw how can i link those with my web site. 🙂
greetings!!!!! 😉
Hi,
In the next version, I will put more fields in the registration form. I will update the script this week. Anyway if you wish to do that by yourself, here’s the list of steps you should do:
1. register/index.php
add all fields in the html form that you want. Check how the email is done.
2. php/core.php
you have to change the functions “processRegisterx” and “__register” to include these new fields, and to make the validations if you wish so.
3. php/dbcontroller.php
you have to change the function “dbregister” to include these new fields.
greetings
Thanks very much for that nice blog post.
Any update on this? 😀
Hi!,
sooon 🙂
I tried using the source code on my server but it seems that the captcha isnt working it just prints the link but no image any ide how to fix it
btw: a great script got even better
Hi Rick,
do you have the same directory structure like in the downloaded file? Did you change something or removed perhaps some folder? Can you check with firebug the src attribute of the picture? Should be something like “../images/captcha/image.jpg?1253140450”!?
greetings
Hi,
there’s an updated version here
greetings
Pingback: PHP Login System Reloaded v1.1 | Codrops
Hi Chad.
Is there a way that we configure our system to confirm registration locally ie if one is working on a localhost and i av not hosted my site to an external domain ie with a .com, .net etc?
this is because i av realized that the registration process does not accept an address like… me@localhost it gives a reply as invalid address.
find something since i need to be confirmed locally coz my mailsever is local therefore cannot send to an external domain.
another thing, is there away i can delete data from table eg. the registration info name,email and password?
answer to SMTP setup
; Setup for Windows systems
SMTP = smtp.my.isp.net or localhost
sendmail_from = me@myserver.com or @localhost
Setup for Linux systems
sendmail_path = /usr/sbin/sendmail -t
sendmail_from = me@myserver.com
find php.ini and make the changes.
Thank you.
dear sir, chad
I am having dificulty finding a “forum” script..with the admin power to edit the forum. and members to post. can u help me to find one.
thnk u!
Hello! Sorry klooper for my english jer, buti very nice re say gJ$)Kd!!!.
Hi,
Please help me in solving this.
I would like user to login before able to access say http://xxx/restricted.php.
I use if(!$session->logged_in)
{
header(“Location: login/main.php”) <= Login script
}
else
/* allow access here */
However, after user logged in, I would like it to return to http://xxx/restricted.php instead of showing user management.
In addition, return url is not fixed to http://xxx/restricted.php.
Thanks in advance.
Rgds,
Francis
Hi,
As far as I understood you want that the User is redirected to the retricted.php after the login? In that case you could do something like
I use if(!$session->logged_in)
{
header(”Location: login/main.php”) <= Login script } else header(”Location: xxx/restricted.php”); Is it this that you want?
Hi,
No.
Using JP script, when user is authenticated successfully, he will be remained in his user profile (edit, logout, etc).
The flow I would like to have is:
when accessing url a (if not logged in) -> login -> back to url a
when accessing url b (if not logged in) -> login -> back to url b
hope this is clear.
Rgds,
Francis
Hi,
I would use SESSION variables to store the url that the User wanted to go. So, if the User types xxxx/restricted.php you do:
if isLoggedIn{ show page... } else{ $_SESSION['page'] = $_SERVER['PHP_SELF']; header("Location: public_html/index.php");//this goes back to login }
then after the User is logged in (in my script he goes back to public_html/index.php) you check:
if isLoggedIn{ if isset $_SESSION['page'] then header("Location:".$_SESSION['page']); else show the user profile page } else{ show the login form }
greetings
It works. Thanks a lot.
hi
I try to use this script (only the php actions) on my site.
root->-index.html
->/login (your script)
I can put the forms in my site, but when i press login, he redirect to the register page, and I cant login.
is it also possible to register without mail, but with a master password? (so I need to give a pass before they can register?)
thanks, any info is welkom
HI! The script is incredible.
The only problem i have is to make captcha part working at the registration form!
Is anybody have any idea what might be wrong? I would kindly appreciate any help!
Hello. I just started configure this script pack, hope it will work perfect!
@ Elena, you should define your problem and i’m sure they will help you out:)
Free unlimited host offer active at dawnforged.com be quick!
guys, why not using the updated version of this script? The captcha there is much better!
cheers
who can help me to put his login script into my website?:(it.s really good,but i don.t now how i can install him!if anibody can help me,add me to yahoo. dddimoncic ths a lot!
Hi! It’s possible for one to submit for values to email address?
If it’s possible let me know. my email is dkess15@gmail.com. I’m just learing php.
THanks
What i actualy mean is that, submited values that came from form textbox and so on, I want to use to get submited forms data to email address without having a database.
I need guild on it pls
Expecting…
hello,
seem to get a jquery problem, when hitting register button, the green ajax status bar keeps flashing infinitely although the registration data is being recorded to sql tables correctly, but the green status bar just does not disappear and keeps flashing…hope that’s not too confusing…i wonder what could be the cause of the problem. thanks!
I have created another field in the users database called ‘userid1’ and set it to autoincrument.
I would like to make this available to when the session starts so that I can track my users.
how can I do that so it is available for me to see like their user name.
cheers and thanks for your great work
Helo. I have a problem. In the registration and “password forget” if i click to the “Register” or “Send” button, nothing happen. Only the ajax loader image plays again and again. Not show an error or go a next page. Why. Here my registration button part:
Back
Registration
Please help 🙂