PHP Login System Reloaded v1.1

Here’s an updated version of the PHP Login System. You can check the old version here. The following was added: 1. Registration fields: email confirmation password confirmation country recaptcha Email […]

From our sponsor: Try Mailchimp today.

PHP Login System

Here’s an updated version of the PHP Login System. You can check the old version here.

The following was added:

1. Registration fields:

  • email confirmation
  • password confirmation
  • country
  • recaptcha

Email confirmation and password confirmation are configurable fields. By default they are shown, but if you wish to remove one or both of them you have to set it in the file constants.php:


2. Table fields:

  • the user ip,
  • number of logins of a user,
  • flag is_admin
  • flag is_blocked
  • new table – Country table

3. dbcontroller class sanitizes user input data

4. Edit Account Area

5. Admin Area – incomplete (for next version)

For now just the list of users is shown and a world map indicating where the users come from.Β  You can delete Users and set them as Admins. If there are no users to list, no map is shown. Also the User seeing the panel is not shown.
Note that in the demo you will not be able to see the admin part – for admin reasons πŸ™‚

6. New CSS

7. Some other small details in the php code.

For the next version I am planning to :

  • add all admin functions
  • improve and improve ….

To use the recaptcha you need to get a public/private key here . Then you need to define them in constants.php:


In order to use the demo for those who have registered in the previous version’s demo, you need to register again (in the demo login system), since I had to set up another database for it.

Hope you like it. Any suggestions or improvements are welcome!


Download the source code here

Tagged with:


Chadking is an absolute geek that rarely leaves the comfort of his 3-screen desk. He is a self taught programmer and is addicted to all possible legal drugs.

Stay up to date with the latest web design and development news and relevant updates from Codrops.

Feedback 287

Comments are closed.
  1. Pingback: PHP Login System Reloaded | Codrops

  2. Chad hi again.

    the demo here shows very good improvements to the system, i love it. though i was unable to see the number of users logged in at the moment.

    How about in the next version you av something like a homepage where after a user been logged in, has a place to begin from. and a user profile, forum and how you can deny a logged in user access to other pages. for example we can demonstrate this by admin where they cant login unless is admin.

    thanks and keep up the good work.

  3. Awesome work! Thank you for releasing an updated version, ive just installed it and it seems to be working perfectly.

  4. love it! this is such a huge improvement on the old script.

    something that might be good is give the user 5 oppertunities to register / login successfully and then block their IP for 15 mins. this is to stop spam bot registrations trying to brute force the capcha.

    thanks again for an awesome script

    • Hi,
      which php version do you have?
      Is that the link where you have deployed the script? I dont see the login page…
      Maybe if you could have it there, I could take a look..!?

    • ok I see,
      you mean

      As far as I see you have another problem in the main index (public_index.php), this is because you have “<?" instead of "<?php" somewhere in that file. Some engines suport both others not. I thought I corrected that but I must have missed one! If you download the updated version you will have that fixed already (I hope).

      For the captcha image, can you try to rename the file image.jpg (under images/captcha/) to image.php ?

      Please let me know if it worked.


  5. Fantastic script πŸ™‚ i DL this because my PHP mysql ability is nowhere near this, i do have an issue with the registration link….

    i get this:

    Parse error: parse error in C:\wamp\www\login2\register\index.php on line 104

    any ideas?

    Sorry about this, i figure the best way to fix is to ask πŸ™‚

    • Hi,
      thats a “}” in that line right?
      I saw that I forgot again in line 28 of that same file to replace “<?" for "<?php". Maybe that can be the problem!? pls let me know!

  6. Thanks for the excellent script!! πŸ™‚

    The change of image.jpg to image.php worked just file.


  7. On a specific note, im trying to create a website fo rmy local aikido club, any way you can advise me to add a few details onto the personal info page?

  8. Chadking greetings.

    i was wondering if we could have 2 levels of administrators. where one (level 9) is the owner of the site who can manage other administrators and the other users while the other (level 7) is only able to manage the registered users (level 1) or guests. can we also create users profiles with fotos loaded?

    simply helping you help me. greetings.

  9. Also Id love the option for a normal memeber and then a “special” member. It would be fantastic to have an option to upgrade from a normal member to a special member with a paypal payment but I might be pushing my luck with that. πŸ˜›

  10. hi

    Cant wait till the update.

    BTW, how do u make certain pages secure, ie u have to be logged on in order to see them ???
    Can u help me ?


    • Hi,
      the pages like edit account page are pages that you just can see if you are logged in. There’s always a check to see if the user is authenticated before the page is rendered. If he is not logged in then he is redirected to the main page. if($objCore->getSessionInfo()->isLoggedIn()){ //html to render } else header("Location: public_html/index.php");


  11. Thank you.

    How do i change the style of the login box. I was trying to get a black background to fit in with my site?
    I went to the css style sheet, changed the background color for each part but it didnt seem to work, it just stayed the same?
    I’ve messed around with the style sheet but I just cant get anywhere?

    Thanks so much.


    • Hi,
      You need to change the background-color of
      form.login , form.register, form.editaccount, .forgotpw, .adminpanel{
      margin:0 auto;
      border:1px solid #ccc;
      -moz-border-radius: 20px;
      text-align: left;


    • ok, let’s check the following things:

      1. You didnt change the folder structure. The style.css is in the folder css.
      2. The public_index.php is in the root folder and has this line in the head:

      3. You didn’t change the class of the form (class=”login”)
      4. You cleaned your cache.

      Does any change to the style.css has effects?


  12. Hi

    I fixed it. Dreamweaver was not uploading properly to the testing server.

    Thanks so much.

    p.s cant

  13. Chad,

    I had the same problem John did where the captcha image wasn’t showing up. I also renamed it to image.php and it worked fine.

    I’d rather fix the real problem that use the workaround. Do know what the real issue is? I noticed that when I point my browser to image.jpg I get this error: “Permission denied (13) in ../images/captcha/image.jpg on line 3. Warning: session_start() [function.session-start]: Cannot send session cache limiter – headers already sent”

    Thanks for the great code and expert support!


  14. Hey Chad,
    Thanks for this updated script. Really appreciate it. I have one *small* request though.

    Would you be able to provide a few more lines of code I can add so I can register session variables (like putting the user’s full name in a session variable) so I can call on it once they log in?

    Thanks a lot!

  15. Hey Chad,

    I have a question:
    I would like to change email adress to the name when i login? How can I do that?

    Here is the code:
    echo “Welcome “.$objCore->getSessionInfo()->getUserInfo(’email’).”, you are logged in. ”


    • Hi,
      you need to call


      instead! But for that you need to change the line 230 of the file dbcontroller.php (function dbgetUserInfo) to this:

      $q = “SELECT pk_user,email,usr_userid,flname FROM users WHERE pk_user = ‘$username'”;

      I think this answers as well your question Chris?


  16. About the captcha image, I’m not sure what can be the problem! Maybe the permissions for the folder where that file is?? Anyway thats a php file so it should be actually renamed to image.php.

  17. Hey Chad,

    thank you for the guick answer, it is working!

    I have an other question:
    Do you think about the loginsystem make to multilanguage system?

    For example, I can change the language from english to anything else?


  18. So towards the top of the file, i put this out:

    $flname = $_SESSION[‘flname’];

    and i tried echoing out $flname.. but nothing shows up.. i would debug this further.. but i don’t think i really get the concept of the objcore->getsessioninfo->getuserinfo code.. im used to coding in the old php format…

    if you could explain briefly what the code is doing.. and how i would extract info from the code… it would be hugelyyyy helpful as i could then debug/figure out future problems on my own (through trial and error)…

    but if you don’t have the time.. could you simply fix the code so i would be able to output/echo flname?

    thanks a lot chad

    • Hi,
      you need to insert this line:
      β€œWelcome β€œ.$objCore->getSessionInfo()->getUserInfo(’flname’).”
      instead of
      β€œWelcome β€œ.$objCore->getSessionInfo()->getUserInfo(’email’).”

      But before you should get that value from the table:

      line 230 of the file dbcontroller.php (function dbgetUserInfo):

      $q = “SELECT pk_user,email,usr_userid,flname FROM users WHERE pk_user = ‘$username'”;

      that value is not stored in SESSION variables, but in the php sessioninfo object!


  19. Hey Chad,

    I am still having a problem with the CAPTCHA. I changed the image.jpg to image.php but still get that same error.

    Other than the file change, do I need to change anything else?



    • James,
      What exactly is the error message that you see?
      Anyway, I will soon post some update where I replaced that image captcha script for a better one. There will be no image.jpg/php file anymore.

  20. My frustration in integrating this into my website is that the css that comes with this conflicts with my existing css. Is there a good way to handle this problem?


    • Hi,
      well, the only advice I could give you is that you either use the included css as a starting point or you remove it completly and do one by yourself.
      If you had already some project where you integrated this login script, then it would be better to remove the css I provided. Just start taking out piece by piece from it and see where the conflits is :S

  21. Chad,
    Thanks for the reply. I’ll just wait for the new script. No sense of trying to fix something that is gonna change.



  22. will it be hard to just replace the new captcha with the one currently up?

    anyways.. dont’ reallly have a question. just wanted to say thanks for everything you’re doing for all of us. im sure it a pretty thankless job…

    so a big thanks!

  23. anyone with any coding experience help me please?

    I made a website for my F1 simracing a while back, anyway the linking i used is no longer working.

    i use this link:

    echo “”. $shownews .”…….Read More“;

    the url address has the id in it ie: news.php?id=13

    and the news page has the following in it:

    $kysely = mysql_query(“select * FROM igpcnews WHERE id=’$nid'”,$yhteys);

    but i always get

    Notice: Undefined variable: nid in C:\wamp\www\site\news.php on line 41

    This used to work a few years ago, im guessing the newer PHP dont work the same as the older because i dont know whats up with it.

    Can anyone help??

    Im sorry that this is not the right place to post this but i didnt know where else to post it

  24. the url address has the id in it ie: news.php?nid=13

    TYPO the url address is correct, it wont pick up the variable though πŸ™

  25. really sorry about this, if anyone has any link to somewhere where these questions are more appropriate please pass it on πŸ™‚

    Been years since i did any of this and i am trying to teach it all to myself again

  26. try :

    mysql_query(“select * FROM igpcnews WHERE id=’$val'”,$yhteys);

  27. excellent chad, that worked πŸ™‚

    thank you so much πŸ™‚

    Last time i used php i didnt need that, same with the $_POST ones too.

    I feel like ive gotta learn it all all over again :S

  28. Hi,
    I already included the new captcha (recaptcha) and the possibility for an admin to add others as admins and/or to remove Users from the system. I didn’t do a new version/post out of this because it was a small change (I didn’t have much time). Please read again this post cause I explain there how to integrate the captcha field.
    I will try to post a new version next week!

  29. First I would like to say this is a great script, and I have been able to make it work as is. I am a complete newb, so please excuse my lack of knowledge on this… but the existing folder structure has the index under public_html. If this is the case, does this make all of the other files/folders unaccessible through a web browser? Or do i need just to rename the public_html to …say a login directory and update all of the other scripts to point to the new login folder?
    The ‘so called” problem that I’m facing is that I want to add this script to existing page, and the whole public_html is messing me up. I apologize for such a basic question, but any help from the forum members would be much appreciated.

    • Hi Joe, thanks.
      I read something about security that suggests such a structure. Also the scripts/css/images should be inside of public_html/. I didnt do that, I still need to update that point.
      I cant remember the site from where I downloaded this document that I ‘m talking about so here’s the excerpt:
      “Normally, pages ending with .php will be handled forwarded to PHP by Apache and therefore the code will be hidden from the users. That the source code is hidden is one of the things that characterizes server-side scripting languages such as PHP. However, the PHP module or Apache might fail and the code might be displayed in plain unparsed text to the user. This is de nitely not good. First of all, if the source is visible then it is much easier to nd security issues in your application. Additionally, some scripts contain con guration les within the document root (the directory in which all les and sub-folders are publicly accessible from the outside world) and those will obviously not be parsed either thus presented to the user if they enter the lename into the URL. Personally I have experienced this before where I was on a small website and suddenly a miscon guration of some sort displayed the source code to me. The website used a widely used application and I happened to know where the con guration le was. Sure enough, I was able to view that as well and from that I gathered the root password for the server (bad security practice to use the same password for multiple purposes and it is also bad security practice to use the root MySQL user). Being a nice person I did not do anything with it, but other people might not be as nice as I am and if you have the root password for a server then you can essentially do anything with it. Another instance of this is the popular website Facebook which you have probably heard about in some way or another. What I explained before (server miscon guration resulting in leaked source code) also has also happened to Face-book. Even big companies with people paid to con gure the server apparently sometimes screws up and therefore it is necessary to take some security pre-cautions in order to prevent source leakage if something like that should ever happen (something Facebook apparently did not). It all has to do with how you layout your directory structure. So, all les within the document root can be retrieved by the user. Therefore we might as well move everything else out of there so people cannot directly access it. This means we might have index.php and some static les such as CSS, Javascript and images laying inside the document root. We can even take it further and do so the only thing that is in index.php is the following:
      <?php require '../public_index.php'; ?>
      That particular snippet is the only thing the user will ever be able to see should something happen. So we might have a directory structure that looks like this:

      public_html <-- document root /index.php /media /images /javascript /css config cache tmp public_index.php logs By laying out your files in this manner you will prevent that people will see things they are not supposed to see. It is easy to do so there is no reason why you would not." If you don't want to use that structure, then just move the index.php one folder up to the root, and delete the public_index.php. The boring part is that you need to change in almost all files the reference to index.php instead of public_html/index.php. Greetings

  30. Dear CHADKING,

    Just to let you know that you did a great job.
    Your code is very clean and clear.

    I was starting to modify your code to add some admin features, but I noticed that you’ll be adding a few of them soon. I prefer waiting for the new version rather than messing up with your original code.

    Can’t wait for next week to play around with v1.2.


    Thanks for the reply. That totally makes sense for security purposes. How are you handling the resetpassword and confirmation links in the constants.php file? …Are you just making a include statement to point back to those? Like I said I’m a newb and I’m sorry if these questions sound silly.


    Okay here I go again…. I think my problem is, unless I include this file structure as is, under my servers public_html, I can not run as intended…. I think the script refers the…. after I’m logged in, and go to log out I get The requested URL /php/corecontroller.php was not found on this server. I think I can make it work, but the files/folders will not be behing my servers public_html folder….. Am I just overlooking something simple?

    • Joe,
      The links in constants.php like any other variable there defined, can be used anywhere as long as you include the constants file. In this case it’s being included in dbcontroller.php.
      About the structure, I can’t tell you cause I didn’t try by myself to mount it like that. I will try that structure next time I deploy the script. Meanwhile, if you manage to do so, please post it here…

  33. Pingback: Tweets that mention PHP Login System Reloaded v1.1 | Codrops --

  34. Thanks for the terrific scripting chadking!! I got it up and working in only minutes. And two days later had it completely integrated with my site and other databases.

    I am not sure that i agree with your security solutions, however. Having virtually the entire site outside of docroot opens endless security concerns by opening the entire OS to possible attacks, while by-passing all of (in my and most cases) apache’s safety procedures. Although it may be ok to use such a layout on one’s own private server, i think most of us here are hosted on a virtual server with 0000000’s of sites running off a single host. A security breech could bring them all down.

    I have added the following lines to my .htaccess file:
    Options -Indexes
    DirectoryIndex /index.php
    ErrorDocument 404 /
    ErrorDocument 403 /
    Would you suggest others?

    Again, thanks for the great code!!!

  35. ::Correction::
    my .htaccess is :
    Options -Indexes
    DirectoryIndex /public_html/index.php
    ErrorDocument 404 /
    ErrorDocument 403 /

    I have all the code in docroot.

  36. Hi Chad,

    when are u posting the latest version of the login system?

    Thanks, eagerly waiting.